diff --git a/config.toml b/config.toml index 1e979d1..f97366c 100644 --- a/config.toml +++ b/config.toml @@ -5,7 +5,6 @@ theme = ["docsy"] # Language settings contentDir = "content/en" defaultContentLanguage = "en" -defaultContentLanguageInSubdir = false # Useful when translating. enableMissingTranslationPlaceholders = true @@ -14,7 +13,7 @@ enableRobotsTXT = true # Will give values to .Lastmod etc. enableGitInfo = true -disableKinds = ["taxonomy", "taxonomyTerm"] +disableKinds = ["taxonomy"] # Highlighting config pygmentsCodeFences = true @@ -28,14 +27,35 @@ resampleFilter = "CatmullRom" quality = 75 anchor = "smart" +defaultContentLanguage = "en" +defaultContentLanguageInSubdir = true [languages] -[languages.en] -title = "Eclipse SW360" -description = "Eclipse SW360 official website" -languageName = "English" -# Weight used for sorting. -weight = 1 + [languages.en] + languageName = "English" + weight = 1 + contentDir = "content/en" + + [languages.fr] + languageName = "Français" + weight = 2 + contentDir = "content/fr" + + [languages.ja] + languageName = "日本語" + weight = 3 + contentDir = "content/ja" + + [languages.vi] + languageName = "Tiếng Việt" + weight = 4 + contentDir = "content/vi" + + [languages.zh] + languageName = "中文" + weight = 5 + contentDir = "content/zh" + [markup] [markup.goldmark] diff --git a/content/en/_index.html b/content/en/_index.html index 9bd29d2..75ad03a 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -14,7 +14,7 @@

diff --git a/content/en/docs/Deployment/Legacy/Deploy-Natively-11.md b/content/en/docs/Deployment/Legacy/Deploy-Natively-11.md index 8cf1a56..b7088a0 100644 --- a/content/en/docs/Deployment/Legacy/Deploy-Natively-11.md +++ b/content/en/docs/Deployment/Legacy/Deploy-Natively-11.md @@ -8,7 +8,9 @@ description: ## Introduction -We are covering the update for ubuntu 18.04 LTS here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. The author of this guide also uses macosx and homebrew which also works fairly well. +We are covering the update for Ubuntu 18.04 LTS here because it is our main and agreed-upon base system for running SW360. While SW360 may run on a variety of other Linux distributions or operating systems such as macOS, we have agreed to use Ubuntu Long-Term Releases as a reference OS to avoid compatibility issues. The author of this guide also uses macOS with Homebrew, which works fairly well. + + Please note that during the time, the dependencies are updated and the version info might change. diff --git a/content/fr/_index.html b/content/fr/_index.html new file mode 100644 index 0000000..9bd29d2 --- /dev/null +++ b/content/fr/_index.html @@ -0,0 +1,69 @@ ++++ +title = "SW360" +linkTitle = "Eclipse SW360" ++++ + +{{}} +
+
+

+ {{< figure src="/sw360/img/logos/logo_full.svg" width="400">}} +

+ Software supply chain management done right ! +

+

+
+ +
+ +
+

+ SW360 is an open source software project licensed under the EPL-2.0 that + provides both a web application and a repository to collect, organize and + make available information about software components. It establishes a + central hub for software components in an organization. +

+
+ +
+ + Our Vision + +
+ +{{}} + + + +
+
+
+ {{% blocks/vision title="Central SW Component Database" %}} +360 degree coverage for SW development beside the ‚Coding‘ as the Central SW + component database +{{% /blocks/vision %}} + +{{% blocks/vision title="E2E Integration for Software Compliance" %}} +Having a stable, precise, transparent, controllable and easy extendable OSS toolchain for + long term running +{{% /blocks/vision %}} + +
+
+{{% blocks/vision title="Long Term Controlled OSS Toolchain" %}} +As automated + as possible, end-to-end compliance (Legal, Security/SBOM, Export Control) + tool-chain, seamlessly integrated in the SW development process (e.g. + DevOps) +{{% /blocks/vision %}} + +{{% blocks/vision title="Embracing New Technologies" %}} +Enable easy onboarding of + new technolgies and new tools (e.g. container, new kind of packages) +{{% /blocks/vision %}} +
+
+
diff --git a/content/fr/about/index.md b/content/fr/about/index.md new file mode 100644 index 0000000..5e6946a --- /dev/null +++ b/content/fr/about/index.md @@ -0,0 +1,40 @@ +--- +title: "À propos d'Eclipse SW360" +linkTitle: À propos +menu: + main: + weight: 10 + +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ + +
+
+ +Aujourd'hui, dans la plupart des cas, les logiciels ne sont pas créés à partir de zéro, mais plutôt assemblés à partir de divers composants logiciels tiers préemballés. Par conséquent, les organisations sont confrontées aux défis suivants : + +* Vérifier différents aspects de la conformité lors de l'utilisation de composants logiciels tiers : conformité des licences, contrôles ECC, évaluations de propriété intellectuelle, etc. +* Partager les connaissances sur les composants logiciels et leurs qualités. Par exemple, quels composants logiciels devraient être recommandés, lesquels devraient être abandonnés selon quels critères ? +* Fournir une vue d'ensemble des composants utilisés : une organisation et sa gestion de la chaîne d'approvisionnement doivent disposer d'informations sur les actifs intégrés dans quels produits ou solutions. + +Ces trois cas d'utilisation principaux ciblent différents rôles dans une organisation : responsables qualité, développeurs de logiciels, conseillers juridiques, architectes logiciels, responsables R&D, etc. Cependant, tous ces cas d'utilisation partagent un besoin commun d'un hub central qui gère les informations sur les composants logiciels. + +SW360 est un projet logiciel open source sous licence EPL-2.0 qui fournit à la fois une application web et un référentiel pour collecter, organiser et rendre disponibles les informations sur les composants logiciels. Il établit un hub central pour les composants logiciels dans une organisation. SW360 permet de : + +* suivre les composants utilisés par un projet/produit, +* évaluer les vulnérabilités de sécurité, +* maintenir les obligations de licence, +* appliquer des politiques, et +* générer des documents juridiques. + +Par exemple, SW360 peut déclencher un processus de vérification dans l'outil de conformité open source FOSSology et importer le rapport de vérification résultant. Les données sont soit stockées dans la base de données de SW360, soit importées à la volée depuis des sources externes. À l'avenir, nous prévoyons d'avoir des fédérations d'instances SW360 qui partagent des informations sélectionnées. Outre son interface utilisateur web, toutes les fonctionnalités de SW360 sont disponibles via une API qui permet une intégration dans les outils devops existants. +
+ +
+
\ No newline at end of file diff --git a/content/fr/docs/AdministrationGuide/User-Data-Model-Enumerations.md b/content/fr/docs/AdministrationGuide/User-Data-Model-Enumerations.md new file mode 100644 index 0000000..68267c2 --- /dev/null +++ b/content/fr/docs/AdministrationGuide/User-Data-Model-Enumerations.md @@ -0,0 +1,274 @@ +--- +linkTitle: "Enumerations" +title: "Enumerations" +description: "SW360 enumeration values for the internal thrift API" +Weight: 12 +--- + + +SW360 thrift API is comprised of the following methods: + +* attachments +* codescoop +* components +* cvesearch +* fossology +* importstatus +* licenseinfo +* licenses +* moderation +* projectimport +* projects +* schedule +* search +* sw360 +* users +* vendors +* vulnerabilities + +Reference: https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift + +## Attachments + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift + +### AttachmentType + +| Value | Description. | +|---|---| +| DOCUMENT | justa document | +| SOURCE | original course code | +| DESIGN | design document | +| REQUIREMENT | requirements document | +| CLEARING_REPORT | OSS licensing reporting | +| COMPONENT_LICENSE_INFO_XML | XML document with licenseing information - e.g. SPDX | +| COMPONENT_LICENSE_INFO_COMBINED | XML document with licensing information covering multiple componnts at once - e.g. SPDX | +| SCAN_RESULT_REPORT | Output what a scanner for licenses has found | +| SCAN_RESULT_REPORT_XML | Output what a scanner for licenses has found this time in XML | +| SOURCE_SELF | Self assembled source code distribution | +| BINARY | Binary of component from vendor | +| BINARY_SELF | Self built binary | +| DECISION_REPORT | documenting importing decisions for using this item | +| LEGAL_EVALUATION | Some legal evaluation created for this item | +| LICENSE_AGREEMENT | A ruling license agreement for this item, note that this could be for commercial software for example | +| SCREENSHOT | Screenshot, usually screenshot of the Website with licensing information | +| OTHER | anything that dos not match to the given above | + +### CheckStatus + +| Value | Description. | +|---|---| +| NOTCHECKED | Default value after upload. | +| ACCEPTED | Reviewed and confirmed attachment. | +| REJECTED | Document or attachment cannot be used. | + +## CodeScoop Thrift File + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift + +## Components + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift + +## cvesearch + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift + +| Value | Description | +|---|---| +| NEW | ... | +| UPDATED | New information for a notification message, so it is updated | +| OLD | ... | +| FAILED | ... | + +## Fossology + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift + +_No enumerations provided_ + +## Importstatus + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift + +_No enumerations provided_ + +## License Info + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift + +_No enumerations provided_ + +### LicenseInfoRequestStatus + +| Value | Description | +|---|---| +| SUCCESS | ... | +| NO_APPLICABLE_SOURCE | ... | +| FAILURE | ... | + +### OutputFormatVariant + +| Value | Description | +|---|---| +| REPORT | ... | +| DISCLOSURE | ... | + +## Licenses + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift + +_No enumerations provided_ + +## Moderation + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift + +### DocumentType + +| Value | Description | +|---|---| +| COMPONENT | ... | +| RELEASE | ... | +| PROJECT | ... | +| LICENSE | ... | +| USER | ... | + +## Project Import + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift + +_No enumerations provided_ + +## Projects + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift + +### Project State + +| Value | Description | +|---|---| +| ACTIVE | _well_ | +| PHASE_OUT | _well_ | +| UNKNOWN | _well_ | + +### Project Type + +| Value | Description | +|---|---| +| CUSTOMER | Project that delivers artifacts to customer outside organisation | +| INTERNAL | Project that provides artifacts or service for internal use | +| PRODUCT | Just that it is a product instead of a project | +| SERVICE | Project that provides services to customer outside organisation | +| INNER_SOURCE | Inner source project, meaning that everyone inside org can use it | + +### Project Relationship + +| Value | Description | +|---|---| +| UNKNOWN | _unknown_ | +| REFERRED | Sister project | +| CONTAINED | Sub project | +| DUPLICATE | _duplicate_ | + +### Project Clearing State + +| Value | Description | +|---|---| +| OPEN | not started | +| IN_PROGRESS | ... | +| CLOSED | ... | + +## Schedule + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift + +_No enumerations provided_ + +## Search + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift + +_No enumerations provided_ + +## General SW360 Thrift + +### Software Mainline States + +| Value | Description | +|---|---| +| OPEN | Not decided so far | +| MAINLINE | Organisation or person thinks that use of this software is recommended, which included multiple versions. | +| SPECIFIC | The software is not recommended in general, but for special use case or for this particular version it is acceptable. | +| PHASE_OUT | The software has issues, please consider removing it soon, if in use. | +| DENIED | Software which is not allowed for use. For example, software that does not have licensing. | + + +## General SW360 Thrift + +### Software Mainline States + +| Value | Description. | +|---|---| +| OPEN | Not decided so far | +| MAINLINE | Organisation or person thinks that use of this software is recommended, which included multiple versions. | +| SPECIFIC | The software is not recommended in general, but for special use case or for this particular version it is acceptable. | +| PHASE_OUT | The software has issues, please consider removing it soon, if in use. | +| DENIED | Software which is not allowed for use. For example, software that does not have licensing. | + +### Moderation States + +| Value | Description | +|---|---| +| PENDING | Not opened so far. | +| APPROVED | A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then. | +| REJECTED | A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request. | +| INPROGRESS | A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide. | + +### Visibility + +| Value | Description | +|---|---| +| PRIVATE | Only visible by creator (and admin which applies to all visibility levels). | +| ME_AND_MODERATORS | Visible by creator and moderators. | +| BUISNESSUNIT_AND_MODERATORS | All users of the same group and the moderators. | +| EVERYONE | Every user who is logged into the system. | + +### Verification State + +| Value | Description | +|---|---| +| NOT_CHECKED | No one has yet looked at this and verified it. | +| CHECKED | It is verified. | +| INCORRECT | It was decided that the verification should be rejected. | + +### Release Relationship + +| Value | Description | Clearing releav nt | +|---|---|---| +| CONTAINED | If you just do not know whether it is dynamically linked. | Yes | +| REFERRED | Referencing a stand alone used other part. | No | +| UNKNOWN | If you just do not know. | Yes | +| DYNAMICALLY_LINKED | Software dynamically linked - as the name says. | Yes | +| STATICALLY_LINKED | Software statically linked - as the name says. | Yes | +| SIDE_BY_SIDE | Not decided so far. | Yes | +| STANDALONE | Software is given as standalone delivery, ie. not technically connected. | Yes | +| INTERNAL_USE | Used for creating or building or ? the product or projects but not delivered. | Yes | +| OPTIONAL | Is not mandatory part of the installation. | Yes | +| TO_BE_REPLACED | Is there but should be moved out. | Yes | + +## Users + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift + +## Vendors + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift + +_No enumerations provided_ + +## Vulnerabilities + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift + +_No enumerations provided_ diff --git a/content/fr/docs/AdministrationGuide/User-Scheduling-CVE-Search-by-Admins.md b/content/fr/docs/AdministrationGuide/User-Scheduling-CVE-Search-by-Admins.md new file mode 100644 index 0000000..57ecb68 --- /dev/null +++ b/content/fr/docs/AdministrationGuide/User-Scheduling-CVE-Search-by-Admins.md @@ -0,0 +1,55 @@ +--- +linkTitle: "CVE-Search Scheduling" +title: "CVE-Search Scheduling" +description: "How to schedule the CVE-Search Service" +Weight: 12 +--- + + +SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service. + +In what follows the synchronization between SW360 and the external CVE provider is described. + +`CveSearch-updates` can either be scheduled automatically when launching the `schedule-service` (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an `SW360 admin`. +It is automatically scheduled with the start of the scheduling service, if in the `/resources/sw360.properties` file of the `schedule-service` in the backend, `cvesearchService` is mentioned in the `autostart`-property: + +`` +autostart = cvesearchService +`` + +According to the default settings, cveSearch is _not_ auto-started with the scheduling service. + +For manually scheduling the CVE search service, open the `Schedule Portlet` of the `Admin` menu. Note that the `Admin` menu is only visible to `SW360 admins`. + +![](./images/UCAdminScheduling/01_adminMenu.png) + +In the `Schedule Portlet` of the `Admin` menu, a user with `admin` rights can turn on or off automatic updates of the cve-search service manually. +In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the `Schedule CveSearch Updates`-button is inactive, whereas the `Cancel Scheduled CveSearch Updates`-button is active and vice versa: + +![](./images/UCAdminScheduling/scheduleAdminPortlet.png) + +The `offset` (first run of the update) and the `interval` between updates can also be adjusted in the `/resources/sw360.properties` file of the `src-schedule` service. +The corresponding properties are `schedule.cvesearch.firstOffset.seconds` and `schedule.cvesearch.interval.seconds`. +The `offset` has to be given in seconds since midnight and also the `interval` has to be entered in seconds. +The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds). + + + `` + schedule.cvesearch.firstOffset.seconds = 0 + `` + + `` + schedule.cvesearch.interval.seconds = 86400 + `` + +With automatic scheduling the next synchronization moment according to the `offset` and the `interval` is computed. This will be the first moment when a `cveSearch-update` is run. +There is nothing like an `initial run` when autostarting of manually scheduling the `CveSearch-updates`. +Moreover, the configuration, i.e. `offset`, `interval` and `next synchronization` (where the latter is a consequence of `offset` and ` interval`) are shown in the portlet: + +![](./images/UCAdminScheduling/scheduleAdminPortletProperties.png) + + + +## Setup of a local instance +It is recommended to set up and use a local instance instead of the public cve-search instance. +The accompanying project sw360-chores contains a Dockerfile that can easily setup this service. diff --git a/content/fr/docs/AdministrationGuide/VulnerabilityManagement/User-Check-Vulnerabilities-for-Your-Project.md b/content/fr/docs/AdministrationGuide/VulnerabilityManagement/User-Check-Vulnerabilities-for-Your-Project.md new file mode 100644 index 0000000..40c3eb8 --- /dev/null +++ b/content/fr/docs/AdministrationGuide/VulnerabilityManagement/User-Check-Vulnerabilities-for-Your-Project.md @@ -0,0 +1,61 @@ +--- +linkTitle: "Search Vulnerabilities" +title: "Search Vulnerabilities" +description: "How to Check for Vulnerabilities Affecting Your Project" +weight: 101 +--- + + + +The CVE-Search service of SW360 checks for vulnerabilities that affect releases present in SW360. +The CVE-search service runs automatically at the time that has been scheduled by one of the `SW360-admins`. +Typically, this will happen at night. So, in the beginning, SW360 does not know any vulnerabilities for your project. + +## Vulnerabilites in the Project Portlet + +After a CVE-search run has been finished, you can see the number of vulnerabilities associated with your project in the `Projects Portlet`. +To that end, open the `Projects Portlet` and click on your project: + +![](./images/UCVulnerabilitiesProject/01_SelectProject.png) + +In the `Vulnerabilities tab` on the left hand side, you see the number of vulnerabilites that have been found for the releases that are directly linked +to your project. Actually, you see two numbers. The left number indicates how many vulnerabilities have not been evaluated or `rated` for this project yet. +Whenever this number is positive, the bullet surrounding the numbers will be red. Otherwise the bullet is grey. + +![](./images/UCVulnerabilitiesProject/02_NumberOfVulnerabilities.png) + +## The Vulnerabilities Tab +To view (and to rate the vulnerabilities for the project), click on the `Vulnerabilities Tab`. A list of vulnerabilities occurs. Each vulnerability has been found + for one of the releases that are directly linked to your project. In the first column, you see the name of that release. + +![](./images/UCVulnerabilitiesProject/03_VulnerabilityListProject.png) + +By clicking on the `external id` of a vulnerability, you can view the details of the vulnerability in the `Vulnerability Portlet`. +More details about the `Vulnerability Portlet` can be found [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#the-vulnerability-portlet). +The column `Priority` contains no special information when using `CVE-Search`, it is used when importing vulnerability information from different sources. +In the column `Matched By`, you see the `distance` with which the vulnerability was found, and in the mouse-over the corresponding `needle` is displayed. +Below the table, you see a report about how many vulnerabilities in your project were found with which `distance` by `heuristics` and how many of them have been found by a `matching CPE` respectively. +For more details on `distances`, `matches` and `needles`, click [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#heuristics). +In the column `Title`, the `External id` is repeated, and in the mouse-over, you can read the `description` of the vulnerability. + +## Evaluating Vulnerabilities for your Project +If you are allowed to edit the project, you can also `rate` the relevance of the vulnerability for your project. In this case, the column `Relevance for project` contains +drop-down menus, where you can select a `rating` for each vulnerability (compare [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#vulnerability-rating-for-projects)). +To change the rating for a project, simply select a different value from the drop-down menu, enter a comment and click `OK`. + +![](./images/UCVulnerabilitiesProject/04_ChangeRating.png) + +In order to update the number of checked and unchecked vulnerabilities in the bullet of the `Vulnerability tab`, you have to reload. +After that, you can also view the `history of rating changes` in the mouse-over of the corresponding vulnerability, +see also [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#change-history-for-vulnerability-ratings-and-verifications). + +You can also view the vulnerabilities associated with a `component` and those associated with a `release` in the `Components Portlet`. +CVE Search associates vulnerabilities with a release in SW360 based on the data that SW360 knows for that release. +For a `release`, a `security admin` or an `admin` can judge whether a vulnerability does indeed refer to the `release`. +Vulnerabilities that have been classified as `INCORRECT` by an `admin` or `security admin` are not displayed to `USERs` any more and therefore do not distort the picture for your project. + + + + + + diff --git a/content/fr/docs/AdministrationGuide/VulnerabilityManagement/Vulnerabilities.md b/content/fr/docs/AdministrationGuide/VulnerabilityManagement/Vulnerabilities.md new file mode 100644 index 0000000..9e2e3ad --- /dev/null +++ b/content/fr/docs/AdministrationGuide/VulnerabilityManagement/Vulnerabilities.md @@ -0,0 +1,89 @@ +--- +linkTitle: "Vulnerabilities" +title: "Vulnerabilities" +weight: 100 +--- + +# 5.0 Vulnerabilities + +A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases. + +To open Vulnerabilities page, click on the **Vulnerabilities tab** from the main menu. + +{{< figure src="/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerabilities_Page.png" >}} + +|Sl.No.|Description| +|:----:|:----------| +|1| [Quick Filter](#52-quick-filter)| +|2|[Advanced Filter](#53-advanced-filter)| +|3| [Vulnerabilities List](#51-vulnerabilities-list) | + +## 5.1 Vulnerabilities List +On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information: + +1. **External Id** of the vulnerabilities. +2. **Title** of the vulnerabilities. +3. **Weighting**. +4. **Publish date**: This is the date that the vulnerability was published. +5. **Last Update**: This is the date that the vulnerability was last updated. + + +**NOTE: USE ![](/sw360/img/ImagesBasic/VulnerabiblitiesPage/SortIcon.png) TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.** + + +## 5.2 Quick Filter + +You can use the **Quick Filter** to search for a vulnerability. To search for a particular vulnerability, use the type field. + +## 5.3 Advanced Filter + +The **Advance Filter** dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure: + +1. Search the Vulnerability by **CVE ID** (Common Vulnerabilities and Exposures). +2. Search the vulnerability by **Vulnerable Configuration**. + +## 5.4 View Vulnerability + +To open a view mode for a Vulnerability: + +Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the **External ID**. When you click on External ID for a vulnerability you are displayed with the following information: + * Summary + * Metadata + * References + +```NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.``` + +### A. Summary + +To view summary information for the vulnerability, click on **Summary**. You can now view the following vulnerability information: + +![](/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_Summary.png) + +* Title +* Description +* External ID +* Publish date +* Last update date +* Priority +* Priority Text +* Action +* Impact +* Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool. +* Assigned External Component IDs +* Vendor Advisories: Here you can view the vendor and a web address to the release +* Vulnerability Scoring (CVVS) +* Access +* Common Weakness enumerations +* Vulnerable Configurations +* Linked releases: List of all the releases that the vulnerability is linked to. + +### B. Metadata (To be added) + +To view metadata for the vulnerability, click on **Metadata**. + +### C. References + +To view all the references for the vulnerability, click on **References**. +This page lists all referenced websites. + +![](/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_References.png) \ No newline at end of file diff --git a/content/fr/docs/AdministrationGuide/VulnerabilityManagement/_index.md b/content/fr/docs/AdministrationGuide/VulnerabilityManagement/_index.md new file mode 100644 index 0000000..a3d70c2 --- /dev/null +++ b/content/fr/docs/AdministrationGuide/VulnerabilityManagement/_index.md @@ -0,0 +1,103 @@ +title: "Gestion des vulnérabilités" +linkTitle: "Gestion des vulnérabilités" +oem_ignore: true +description: "Portlet de vulnérabilité SW360" + +Dans le portlet de vulnérabilité, vous pouvez voir plus en détail les vulnérabilités actuellement présentes dans SW360, indépendamment de la version ou du projet auquel elles s'appliquent. En cliquant sur l'entrée de niveau supérieur Vulnerabilités, un tableau listant toutes les vulnérabilités est affiché : + + + +En cliquant sur une entrée de vulnérabilité dans le tableau, la vue détaillée de cette vulnérabilité est affichée. + + + +La vue détaillée est également liée à partir de la vue des vulnérabilités dans le portlet projet et le portlet composant et version, respectivement. + +Vérification des vulnérabilités pour les versions +Les vulnérabilités importées automatiquement dans SW360 - par exemple via la connexion de recherche CVE de SW360 - peuvent être applicables ou non à une version. Ce dernier cas peut se produire parce que les données de version dans SW360 sont incorrectes ou incomplètes. Ensuite, le service de recherche CVE utilise un modèle de recherche plus général produisant de nombreuses vulnérabilités, dont seules certaines s'appliquent réellement à la version. Par conséquent, dans SW360, une vulnérabilité peut être marquée pour une version donnée avec l'un des états de vérification suivants : + +NON VÉRIFIÉ + +VÉRIFIÉ + +INCORRECT + +Seuls les administrateurs peuvent marquer une vulnérabilité ou changer l'état de vérification et entrer un commentaire pour donner les raisons du changement. L'état de vérification et les méta-informations (quand et par qui l'état de vérification a été modifié et le commentaire) sont stockés sous forme de VerificationStateInfo dans la relation ReleaseVulnerabilityRelation appropriée. + +L'état de vérification est affiché en mode détail d'une version, sous vulnerabilités dans la colonne Vérification du tableau des vulnérabilités. Les utilisateurs sans droits admin ne peuvent voir que les vulnérabilités NON VÉRIFIÉES ou VÉRIFIÉES, avec une infobulle contenant les méta-informations. Les vulnérabilités INCORRECTES sont cachées aux utilisateurs sans droits d'administration dans la vue détaillée des versions, ainsi que dans les vues détaillées des composants et des projets. + +Les administrateurs voient dans le même tableau un menu déroulant où ils peuvent ajuster l'état. Un administrateur voit toutes les vulnérabilités appartenant à un projet, un composant ou une version, y compris celles marquées comme INCORRECTES. + + + +Évaluation des vulnérabilités pour les projets +Dans la vue détaillée d'un projet, dans la catégorie Vulnérabilités, les vulnérabilités appartenant aux versions liées du projet sont affichées. Une telle vulnérabilité dans le contexte d'un projet donné peut être attribuée à l'une des évaluations suivantes : + +NON VÉRIFIÉ + +IRRELEVANT + +RÉSOLU + +APPLICABLE + +Ces évaluations sont affichées dans le tableau des vulnérabilités de la vue détaillée du projet. Un utilisateur ayant l'autorisation d'écriture sur le projet peut modifier l'évaluation via un menu déroulant. S'il modifie la valeur, il lui est demandé d'entrer un commentaire. L'Évaluation de la vulnérabilité ainsi que les métadonnées (qui a changé l'évaluation, date de changement et commentaire) sont stockées dans un objet de base de données ProjectVulnerabilityRating par projet. + +Un utilisateur n'ayant pas d'autorisation d'écriture sur le projet voit l'Évaluation de la vulnérabilité dans le tableau sans possibilité de modifier la valeur. + +Le nombre de vulnérabilités pour un projet avec l'évaluation NON VÉRIFIÉ est affiché dans la pastille de l'onglet Vulnérabilité de la vue détaillée du projet. La pastille est rouge s'il existe des vulnérabilités avec l'état NON VÉRIFIÉ pour le projet. Dans l'exemple, 7 des 10 vulnérabilités existantes sont NON VÉRIFIÉES. + + + + + +Historique des modifications des évaluations et vérifications des vulnérabilités +La liste complète des modifications de statut pour les évaluations de vulnérabilités dans le portlet projet et pour les vérifications de vulnérabilités dans le portlet composant est affichée lors du survol de la souris sur l'évaluation/vérification de la vulnérabilité dans le tableau. Cela est illustré pour le tableau des vulnérabilités de projet dans l'image ci-dessous. + + + +Recherche CVE +Mise à jour automatique des vulnérabilités +Voir ce cas d'utilisation. + +Heuristiques +Toutes les heuristiques commencent par examiner le CPE. Si le CPE est valide, c'est-à-dire qu'il commence par la chaîne "cpe:" et contient plus de 10 caractères, il est utilisé pour la recherche. Si la recherche échoue, elle passe aux autres niveaux de recherche. + +Il existe actuellement deux heuristiques différentes implémentées qui définissent comment et dans quel ordre rechercher dans la base de données cveSearch. + +Heuristique de devinette (la nouvelle) +L'appariement des noms de fournisseurs et de produits est amélioré en utilisant des listes de fournisseurs et produits réels. + +Distance de Levenshtein modifiée +Les règles de définition sont : + +La distance de Levenshtein est la distance standard si la base de recherche ne contient pas d'espaces. + +Ignorer un préfixe se terminant par un espace ou un suffixe commençant par un espace ne coûte rien. + +Si l'une des chaînes est vide, la distance est Integer.MAX_VALUE. + +Configuration +Les paramètres peuvent être définis dans /etc/sw360/sw360.properties ou configuration.yml : + +ini +Copy +Edit +cvesearch.default.vendor.threshold=1 +cvesearch.default.product.threshold=0 +cvesearch.default.cutoff=6 +Affichage de l'origine d'une vulnérabilité +Dans les tableaux des vulnérabilités des portlets projets et des portlets composants et versions, on peut voir si une vulnérabilité a été trouvée directement par le CPE ou par heuristique. Dans ce dernier cas, la distance est également affichée (0 = meilleure correspondance possible). + + + +En outre, sous les tableaux des vulnérabilités, le nombre de versions directement liées trouvées par CPE ou heuristique est affiché : + + + +Exemple 1: {vendor="Apache", name="Maven", version="3.0.4"} +L'heuristique génère cpe:2.3:.:.*apache.*maven.*3.0.4.* et trouve cpe:2.3:a:apache:maven:3.0.4. + +Exemple 2: {vendor="", name="Apache Maven", version="3.0.4"} +L'heuristique devine apache comme fournisseur et maven comme produit, ce qui donne la même correspondance que précédemment. + diff --git a/content/fr/docs/AdministrationGuide/_index.md b/content/fr/docs/AdministrationGuide/_index.md new file mode 100644 index 0000000..912638d --- /dev/null +++ b/content/fr/docs/AdministrationGuide/_index.md @@ -0,0 +1,7 @@ +--- +title: "Administration Guides" +linkTitle: "Administration Guides" +weight: 11 +icon: fas fa-tools +description: SW360 Administration Guides +--- diff --git a/content/fr/docs/AdministrationGuide/menu.md b/content/fr/docs/AdministrationGuide/menu.md new file mode 100644 index 0000000..e3c843b --- /dev/null +++ b/content/fr/docs/AdministrationGuide/menu.md @@ -0,0 +1,29 @@ +--- +linkTitle: "Administrator Menu" +title: "Administrator Menu" +weight: 9 +--- + +The **admin menu** consists of the following items: + +{{< figure src="/sw360/img/ImagesBasic/admin_menu.png">}} + +- **User**: Displays the list of **Liferay Users**. One can also download or upload new users in this section + +- **Vendors**: Displays the list of the **Vendors** that can be managed by the admin + +- **Bulk License Edit**: List of licenses can be edited together in this section + +- **Licenses**: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section + +- **Obligations**: To manage different types of Obligations on the basis of obligation level and obligation type + +- **Schedule**: To schedule tasks such as CVE Search + +- **Fosology**: Connection to the Fossology server + +- **Import and Export**: Can Import and Export **Component**, **Release** and **License** information + +- **Attachment Cleanup**: To cleanup attachment database + +- **Database Sanitization**: Helps in searching for duplicate identifiers diff --git a/content/fr/docs/AdministrationGuide/properties.md b/content/fr/docs/AdministrationGuide/properties.md new file mode 100644 index 0000000..59a5f17 --- /dev/null +++ b/content/fr/docs/AdministrationGuide/properties.md @@ -0,0 +1,26 @@ +--- +linkTitle: "Properties" +title: "Properties" +weight: 12 +--- + +**Frontend Properties**: All the sw360 frontend properties are mentioned in [sw360.properties](https://github.com/eclipse/sw360/blob/master/frontend/sw360-portlet/src/main/resources/sw360.properties) file. +For example; +https://github.com/eclipse/sw360/wiki/ + - Different categories for components, + + component.categories=[ "framework", "SDK", "big-data", "build-management", "cloud", "content", "database", "graphics", "http", "javaee", "library", "mail", "mobile", "network-client", "network-server", "osgi", "security", "testing", "virtual-machine", "web-framework", "xml"] + + - Dropdown for project type, + + project.type=[ "Customer Project", "Internal Project", "Product", "Service", "Inner Source" ] + + - API Token generation, + + rest.apitoken.generator.enable=false + + - Activation of portlets and components + +**Backend Properties**: This, [sw360.properties](https://github.com/eclipse/sw360/blob/master/backend/src-common/src/main/resources/sw360.properties) file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility. + +You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected. diff --git a/content/fr/docs/AdministrationGuide/user-management-roles.md b/content/fr/docs/AdministrationGuide/user-management-roles.md new file mode 100644 index 0000000..1991e70 --- /dev/null +++ b/content/fr/docs/AdministrationGuide/user-management-roles.md @@ -0,0 +1,35 @@ +--- +linkTitle: "User Management Roles" +title: "User Management Roles" +weight: 10 +--- + +Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to; + +- The creator of the record +- The moderators for a record +- The clearing admins of the same group in SW360. + +Then, the proposed changes can be approved by them. + +## General SW360 Roles and Access + +There are two main types of roles. The first type are general roles on the system that apply in the default case: + +1. **User** - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created. +2. **Clearing Expert** - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests. +3. **Clearing Admin** - A clearing admin has the rights to work on the projects of the own group and to edit licenses. +4. **ECC Admin** - The only users who can edit (or approve as moderation request) ECC classifications. +5. **Secuirty Admin** - The only users to edit relevance for security vulnerabilities. +6. **SW360 Admin** - An admin has full rights on all (visible!) data items. Can elevate permissions of other users. + +In addition there are ACL-style roles, meaning that per data item access settings can be made: + +1. **Creator** - A creator can modify in addition to the user's read abilities, a user can be creator of a data item. +2. **Moderator** - A creator can define moderators for a data item. Moderators can change a data item as a creator can. +3. **Contributor** (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items. +4. **Project Owner** - A user who owns the project. +5. **Lead Architect** (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions. +6. **Project Responsible** (Project) - Is a contributor, just named differently to identify the responsible person. +7. **Security Responsible** - Users responsible for the security of the project. + diff --git a/content/fr/docs/Deployment/BareMetal/Deploy-19-Natively.md b/content/fr/docs/Deployment/BareMetal/Deploy-19-Natively.md new file mode 100644 index 0000000..2e55906 --- /dev/null +++ b/content/fr/docs/Deployment/BareMetal/Deploy-19-Natively.md @@ -0,0 +1,230 @@ +--- +linkTitle: "Version 19.x on Debian 12" +title: "Version 19.x on Debian 12" +weight: 101 +description: Bare metal deployment with Debian based Linux for SW360 v19.x +--- + +## Introduction + +We are covering the installation for Debian based Linux distros. sw360 may run +on a variety of other linux distributions or OSes such as Mac OSX (amd64 only). + +This is a guide with detailed explanation of how to install and run SW360 +natively on you local machine. It includes installation of all dependencies +manually, and will not use docker or other container system during the +installation or run. + +## Requirements + +The installation consists of quite some tasks, as an overview: + +* Java 21 +* Maven >= 3.5.0 +* Tomcat 11.0 +* Postgresql >= 16 +* CouchDB >= 3.4.x +* Thrift 0.20.0 +* NodeJS >= 20.x +* pnpm + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +```shell +sudo apt update +sudo apt upgrade +``` + +## 1. Installing backend services + +### 1.1. CouchDB + +CouchDB manages their own package repository, and we will be using it to get +latest packages for installation. + +Starting with adding keys and sources to APT and installing the couchdb and the +couchdb-nouveau (full-text search engine) packages. + +```shell +apt install curl gnupg2 apt-transport-https lsb-release +curl 'https://couchdb.apache.org/repo/keys.asc' | gpg2 --dearmor | sudo tee /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg >/dev/null 2>&1 +sudo chown root:root /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +sudo chmod 0644 /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +echo "deb [signed-by=/etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/couchdb.list +sudo chmod 0644 /etc/apt/sources.list.d/couchdb.list +sudo apt-get update -y +sudo apt-get install -y couchdb couchdb-nouveau +``` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind + address, if you would like to access the server from a remote computer + because your sw360 runs as a server in the network, you would need to change + accordingly. +2. Unless you know what you are doing, use standalone installation instead of + clustered option, for a regular single installation. +3. Enable Nouveau in CouchDB (if installed)?: We want to enable it so SW360 can + use it for search interface. Later, it can be customized to change index + storage location, if needed. +4. Admin user: For fresh installation for sure a very good idea. You can set the + password at sw360 for CouchDB in `couchdb.properties` and place it centrally + in `/etc/sw360`. + +### 1.2. Java 21 + +If you do not have installed java 21 yet on your setup: + +```shell +curl 'https://packages.adoptium.net/artifactory/api/gpg/key/public' | gpg2 --dearmor | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg >/dev/null 2>&1 +sudo chown root:root /etc/apt/trusted.gpg.d/apache-temurin.gpg +sudo chmod 0644 /etc/apt/trusted.gpg.d/apache-temurin.gpg +echo "deb [signed-by=/etc/apt/trusted.gpg.d/apache-temurin.gpg] https://packages.adoptium.net/artifactory/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/adoptium.list +sudo chmod 0644 /etc/apt/sources.list.d/adoptium.list +sudo apt-get update -y +sudo apt-get install -y temurin-21-jdk +``` + +### 1.3. Thrift + +For thrift, the helper install script is located on sw360 `scripts/install-thrift.sh`: + +```bash +sudo ./scripts/install-thrift.sh +``` + +In case there is thrift in the package management of the OS you are running on, +just make sure, you have version 0.20 + +### 1.4. Maven + +If your OS has maven version 3.5.0 or above, you can simply go and install it. + +Otherwise, you can install maven manually: + +```shell +curl -L 'https://dlcdn.apache.org/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz' -o ~/Downloads/maven-3.9.9.tar.gz +sudo tar -xzvf ~/Downloads/maven-3.9.9.tar.gz -C /opt +sudo find /opt/apache-maven-3.9.9/ -type d -exec chmod 755 {} \; +sudo update-alternatives --install /usr/bin/mvn mvn /opt/apache-maven-3.9.9/bin/mvn 399 +printf 'export M2_HOME=/opt/apache-maven-3.9.9\nexport PATH=${M2_HOME}/bin:${PATH}' | sudo tee /etc/profile.d/maven.sh +sudo chmod 0644 /etc/profile.d/maven.sh +``` + +### 1.5. Install Apache Tomcat 11 + +Get the latest version of Apache Tomcat 11 from https://tomcat.apache.org/download-11.cgi +and install it in `/opt` + +```shell +curl -L 'https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.4/bin/apache-tomcat-11.0.4.tar.gz' -o ~/Downloads/tomcat-11.0.4.tar.gz +sudo tar -xzvf ~/Downloads/tomcat-11.0.4.tar.gz -C /opt +sudo chown -R $USER:$USER /opt/apache-tomcat-11.0.4/ +``` + +### 1.6. Install KeyCloak (optional) + +You can configure KeyCloak with SW360 for IAM. SW360 on its own can do +authentication and authorization, but for corporate setup, you might want to +offload to KeyCloak. Thus, this step is optional. + +Get the latest 26.x.x version from https://www.keycloak.org/downloads + +```shell +curl -L 'https://github.com/keycloak/keycloak/releases/download/26.1.3/keycloak-26.1.3.tar.gz' -o ~/Downloads/keycloak-26.1.3.tar.gz +sudo tar -xzvf ~/Downloads/keycloak-26.1.3.tar.gz -C /opt +sudo chown -R $USER:$USER /opt/keycloak-26.1.3/ +``` + +Install PostgreSQL used by KeyCloak for management. + +```bash +sudo apt install postgresql +``` + +or whatever package version is suitable here, for example version 15 for Debian 12. + +Follow the [Keycloak based authentication](../Deploy-Keycloak-Authentication.md) +guide to set up KeyCloak for SW360 after the installation from 1.8 is done. + +### 1.7. Clone and build sw360 version 19.x + +* Clone sw360 source code to folder + - `$ git clone https://github.com/eclipse-sw360/sw360.git` +* Create config properties + - `$ sudo mkdir -p /etc/sw360 /etc/sw360/autorization /etc/sw360/rest` + - Find the relevant configurations at [Configurable Property Keys](../Deploy-Configuration-Files.md) +* Compile and install the application + - `$ mvn clean install -Dbase.deploy.dir=/opt/apache-tomcat-11.0.4/ -Dlistener.deploy.dir=/opt/keycloak-26.1.3/providers -P deploy` + +This will install the jar and war files at appropriate locations. + +### 1.8. Start backend service + +* Start tomcat server + - `$ /opt/apache-tomcat-11.0.4/bin/startup.sh` +* Check tomcat logs + - `$ tail -f100 /opt/apache-tomcat-11.0.4/logs/catalina.out` + +Once you see message like +`org.apache.catalina.startup.Catalina.start Server startup in [**] milliseconds` +in the logs, the backend is up and can load the OpenAPI docs at +[http://localhost:8080/resource/v3/api-docs](http://localhost:8080/resource/v3/api-docs) + +The backend install SwaggerUI as well and accessible via +[http://localhost:8080/resource/swagger-ui/index.html](http://localhost:8080/resource/swagger-ui/index.html) + +## 2. Installing frontend services + +Since version 19, SW360 has separated the front-end as a React based project. +It is hosted at https://github.com/eclipse-sw360/sw360-frontend/ and needs to be +installed as well. + +### 2.1. Install node 20 + +First we need to install Node and NPM version 20 or above. Setting nvm is the +easiest and fastest way to do it for your user. Follow the guide from +https://github.com/nvm-sh/nvm?tab=readme-ov-file#installing-and-updating + +```shell +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash +source ~/.bashrc +nvm install 20 +``` + +### 2.2. Install pnpm + +pnpm is an advanced package manager for node dependencies and can be installed +with the new npm installed above. + +```shell +npm install -g pnpm@latest-10 +``` + +### 2.3. Clone and install frontend + +* Clone sw360 source code to folder + - `$ git clone https://github.com/eclipse-sw360/sw360-frontend.git` +* Setup `.env` file + - ```ini + NEXTAUTH_SECRET='secret' + NEXT_PUBLIC_SW360_API_URL='http://localhost:8080' + NEXTAUTH_URL='http://localhost:3000' + # possible values are sw360basic, sw360oauth, keycloak + NEXT_PUBLIC_SW360_AUTH_PROVIDER='sw360basic' + + # Enable if using KeyCloak + #SW360_KEYCLOAK_CLIENT_ID='client-from-kc' + #SW360_KEYCLOAK_CLIENT_SECRET='secret-from-kc' + #AUTH_ISSUER='http://localhost:8083/realms/sw360' + #NEXT_PUBLIC_SW360_AUTH_PROVIDER='keycloak' + ``` +* Install dependencies and build pages + - ```shell + $ pnpm install + $ pnpm build + ``` +* Start the server and visit [http://localhost:3000](http://localhost:3000) + - `$ pnpm start` diff --git a/content/fr/docs/Deployment/BareMetal/Deploy-Natively.md b/content/fr/docs/Deployment/BareMetal/Deploy-Natively.md new file mode 100644 index 0000000..fccf842 --- /dev/null +++ b/content/fr/docs/Deployment/BareMetal/Deploy-Natively.md @@ -0,0 +1,134 @@ +--- +linkTitle: "Ubuntu 22.04 / Debian 11" +title: "Ubuntu 22.04 / Debian 11" +weight: 100 +description: Bare metal deployment with Debian based Linux +--- + +## Introduction + +We are covering the update for Debian based Linux distros, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as Mac OSX (amd64 only). + +## Requirements + +The installation consists of quite some tasks, as an overview: + +* Java 11 +* Postgresql >= 15.x +* CouchDB >= 3.2.x +* Thrift 0.18.1 +* Liferay CE 7.4.3 GA18 + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +```shell +sudo apt update +sudo apt upgrade +``` + +## PostgreSQL + +You can go ahead install postgresql: + +```bash +sudo apt install postgresql +``` + +or whatever package version is suitable here, for example version 12 for ubuntu 20.04. + +The configuration for Liferay will come later. + +## CouchDB + +CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing: + +```shell +apt install curl gpg +curl https://couchdb.apache.org/repo/keys.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +echo "deb https://apache.jfrog.io/artifactory/couchdb-deb/ $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null +sudo apt-get update -y +sudo apt-get install -y couchdb +``` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly. +2. Unless you know what you are doing, use standalone install intead of clustered option, for a regular single instalation. +3. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in `couchdb.properties` and place it centrally in `/etc/sw360` + +In case you added an admin accidentally and would like to remove it, + +## Thrift + +For thrift, the helper install script is located on sw360 `scripts/install-thrift.sh`: + +```bash +sudo ./install-thrift.sh +``` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16 + +## Java 11 + +If you do not have installed java 11 yet on your setup: + +```shell +curl https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg >/dev/null +echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.gpg +``` + +## Dependencies + +Use the included script located in: +```bash +./scripts/download_dependencies.sh +``` + +Required dependencies will be downloaded on the deps folder. + +For liferay, unpack it, ideally in the `/opt` directory. + +## Install Couchdb Lucene + +SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container. + +For build the custom CLucene jar: + +```shell +#!/bin/bash + +CLUCENE_VERSION=2.1.0 +mkdir /tmp/build +curl -JL https://github.com/rnewson/couchdb-lucene/archive/v"$CLUCENE_VERSION".tar.gz | tar -C /tmp/build -xz --strip-components=1 +cp ./scripts/patches/couchdb-lucene.patch /tmp/build +cp ./scripts/docker/couchdb-lucene.ini /tmp/build/src/main/resources/couchdb-lucene.ini +cd /tmp/build || exit 1 +patch -p1 < couchdb-lucene.patch \ +mvn -X install war:war \ + +## Deploy New SW360 + +Build with: + +```bash +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ \ + -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.4.18-ga4/tomcat-9.0.33/webapps/ -DskipTests +``` + +Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed: + +```bash +cd rest +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +``` + +## Final Steps in Liferay + +Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. + +This is the legacy guide for Liferay CE 7.3.3 but is valid for current 7.4.3 deployment: + +https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ + diff --git a/content/fr/docs/Deployment/BareMetal/_index.md b/content/fr/docs/Deployment/BareMetal/_index.md new file mode 100644 index 0000000..4db9d68 --- /dev/null +++ b/content/fr/docs/Deployment/BareMetal/_index.md @@ -0,0 +1,7 @@ +--- +title: "Bare Metal" +linkTitle: "Bare Metal" +weight: 10 +oem_ignore: true +description: SW360 Bare Metal Deployment +--- diff --git a/content/fr/docs/Deployment/Deploy-Authorization-Concept.md b/content/fr/docs/Deployment/Deploy-Authorization-Concept.md new file mode 100644 index 0000000..2e206d9 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Authorization-Concept.md @@ -0,0 +1,50 @@ +--- +linkTitle: "Authorization Concept" +title: "Authorization Concept" +weight: 100 +description: + Describe different roles of authorization concepts on SW360 +--- + +The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: [role and access model](https://github.com/eclipse/sw360/wiki/Dev-Role-Authorisation-Model) + +## Roles Overview + +SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI. + +#### Setup Admin (Liferay Role) + +The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page. + +#### SW360 Admin (Liferay Role) + +The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role `CLEARING_ADMIN`. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the `SW360_ADMIN` role to allow users of this role to promote other users's roles, follow these steps: + +1. Go to control panel +2. Select the `Users` section +3. To subsection `Roles` +4. Select row for `SW360 Admin` and select action `Define permissions`. + +When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users. + +#### Clearing Admin (Liferay Role) + +The clearing admin can change all component and release records and project records of the same group. + +#### Security Admin (Liferay Role) + +In addition to the user rights, the security admin can set security vulnerabilities to irrelevant + +#### ECC Admin (Liferay Role) + +In addition to the user rights, the ECC admin can manipulate ECC data. + +#### User + +A user can create, modify and delete all own (=self created) records. A user cannot change records of others + +#### Summary + +### Moderation Requests + +If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record. diff --git a/content/fr/docs/Deployment/Deploy-CVE-search.md b/content/fr/docs/Deployment/Deploy-CVE-search.md new file mode 100644 index 0000000..d42d445 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-CVE-search.md @@ -0,0 +1,150 @@ +--- +linkTitle: "CVE Scheduler" +title: "CVE Scheduler" +weight: 100 +description: + SW360 CVE Schedules +--- + +# How to use SW360 CVE schedule + +SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server. +_Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active._ + +## Install CVE-search + +cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install. + +### Docker Installation [Github repo](https://github.com/cve-search/CVE-Search-Docker) + +Only clone and "docker-compose up". + +```sh + $ git clone https://github.com/cve-search/CVE-Search-Docker.git + $ cd CVE-Search-Docker + $ docker-compose up +``` + + +### Native Installation [Github repo](https://github.com/cve-search/cve-search) + +1. Clone source +```sh + $ git clone https://github.com/cve-search/cve-search + $ cd cve-search + $ git checkout {tag/branch} +``` +2. Install system requirements +```sh + $ sudo apt-get install -y < requirements.system +``` + +3. Install CVE-Search and its Python dependencies +```sh + pip3 install -r requirements.txt +``` + +4. Install mongodb +```sh + + $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - + + $ codename=$(lsb_release --codename --short) + + $ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu ${codename}/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list + +``` + +```sh + $ sudo apt-get update + + $ sudo apt-get install -y mongodb-org + + $ sudo systemctl daemon-reload + + $ sudo systemctl start mongod + + # Verify status of mongodb + $ sudo systemctl status mongod + + # if all is ok, enable mongodb to start on system startup + $ sudo systemctl enable mongod +``` + +5. Populating the database +```sh + $ sudo apt-get install redis redis-server + + #modify: stop-writes-on-bgsave-error yes -> no + $ sudo vim /etc/redis/redis.conf + + $ sudo systemctl daemon-reload + + $ sudo systemctl restart redis + + $ ./sbin/db_mgmt_cpe_dictionary.py -p + + $ ./sbin/db_mgmt_json.py -p + + $ ./sbin/db_updater.py -c # This will take > 45minutes on a decent machine, please be patient +``` + +6. Updating the database +```sh + $ ./sbin/db_updater.py -v +``` + +7. Starting and stopping the web-server + +```sh + # Install psutil >= 5.7.0 + $ pip3 install psutil>=5.7.0 + + # Starting web server + $ python3 web/index.py +``` +Default Web server: http://localhost:5000 + +To stop the server, press the `CTRL+C` + +**Note**: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust + +```sh + $ cd cve-search + $ cp etc/configuration.ini.sample etc/configuration.ini + $ vim etc/configuration.ini +``` + + +## Setup SW360 with CVE server + +1. Change default CVE server + +Change `cvesearch.host` with CVE server address. +```sh + $ vim ${SW360_DIR_INSTALL}/backend/src/src-cvesearch/src/main/resources/cvesearch.properties +``` + +2. Setting for schedule the CVE service + +The offset (first run of the update) and the interval between updates can also be adjusted. + +```sh + $ vim ${SW360_DIR_INSTALL}/backend/src/src-schedule/src/main/resources/sw360.properties +``` + +The `offset` has to be given in seconds since midnight and also the `interval` has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds). + +According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start `autostart = cvesearchService` + +3. Schedule task Adminstration + +View and start/stop schedule + +Click `Admin` > `Schedule` + +## Reference + +CVE guide: [https://cve-search.github.io/cve-search/database/database.html] + +User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins] diff --git a/content/fr/docs/Deployment/Deploy-Configuration-Country-Codes.md b/content/fr/docs/Deployment/Deploy-Configuration-Country-Codes.md new file mode 100644 index 0000000..74b1263 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Configuration-Country-Codes.md @@ -0,0 +1,20 @@ +--- +linkTitle: "Configuring Country Codes" +title: "Configuring Country Codes" +weight: 100 +description: + SW360 provides a feature for showing country codes and country names +--- + +This feature is available on: +- projects / Owner Country +- components / Owner Country + +![Country Code List](https://user-images.githubusercontent.com/29916928/36796378-551cf572-1c9d-11e8-96aa-85ce98e97ff3.jpg) + +Its supports preferred country codes, which are shown at the top of the country list.
+You can configure them by using the sw360.properties. + +| sw360 properties key | value | default | +| :---: | :---: | :---: | +| preferred.country.codes | (ISO 3166-1 alpha-2) | DE,AT,CH,US | diff --git a/content/fr/docs/Deployment/Deploy-Configuration-Files.md b/content/fr/docs/Deployment/Deploy-Configuration-Files.md new file mode 100644 index 0000000..99154b0 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Configuration-Files.md @@ -0,0 +1,246 @@ +--- +linkTitle: "Configurable Property Keys" +title: "Configurable Property Keys" +weight: 100 +description: + SW360 Configurable property keys +--- + + +### Introduction + +List of all applicable property files in sw360: +- sw360.properties +- fossology.properties +- couchdb.properties +- search.properties +- orgmapping.properties +- databasetest.properties +- authorization/application.yml +- rest/application.yml + + +### SW360.properties (/etc/sw360/sw360.properties) + +The following table shall give an overview about the general sw360 configuration settings. + +| Property Key | Default| +|:-----------|:------------| +| licenseinfo.spdxparser.use-license-info-from-files | true/false | +| mainline.state.enabled.for.user | true/false | +| key.auth.email | EMAIL | +| key.auth.extid | EXTID | +| key.auth.givenname | GIVENNAME | +| key.auth.surname | SURNAME | +| key.auth.department | DEPARTMENT | +| backend.url | http://127.0.0.1:8080 | +| cvesearch.vendor.threshold | 1 | +| cvesearch.product.threshold | 0 | +| cvesearch.cutoff | 6 | +| combined.cli.parser.external.id.correlation.key | - | +| schedule.cvesearch.firstOffset.seconds | 0 | +| schedule.cvesearch.interval.seconds | "(24*60*60)" | +| autostart | - | +| rest.write.access.usergroup | SW360_ADMIN | +| rest.access.token.validity.seconds | 3600 | +| rest.security.client.id | sw360-trusted-client | +| rest.security.client.secret | sw360-secret | +| programming.languages | ActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON | +| software.platforms | Adobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)| +| operating.systems | Android,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS | +| clearing.teams | org1,org2,org3 | +| state | Active,Phase out,Unknown | +| project.type | Customer Project,Internal Project,Product,Service,Inner Source | +| project.externalkeys | internal.id | +| license.identifiers | - | +| component.categories | framework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml | +| component.externalkeys | com.github.id,com.gitlab.id,purl.id | desc | +| custommap.project.roles |Stakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user | +| custommap.component.roles | Committer,Contributor,Expert | +| custommap.release.roles | Committer,Contributor,Expert | +| custommap.release.externalIds | - | +| release.externalkeys | org.maven.id,com.github.id,com.gitlab.id,purl.id | +| projectimport.hosts | - | +| preferred.country.codes | DE,AT,CH,US | +| MailUtil_from | _No_Reply__@sw360.org | +| MailUtil_host | - | +| MailUtil_port | 25 | +| MailUtil_enableStarttls | false | +| MailUtil_enableSsl |false | +| MailUtil_isAuthenticationNecessary | true | +| MailUtil_login | - | +| MailUtil_password | - | +| MailUtil_enableDebug | false | +| MailUtil_supportMailAddress | - | +| defaultBegin | - | +| defaultEnd | - | +| unsubscribeNoticeBefore | - | +| unsubscribeNoticeAfter | - | + + +### fossology.properties (/etc/sw360/fossology.properties) + +These configuration parameters are necessary to connect to a fossology server. + +| Property Key | Default| +|:-----------|:------------| +| fossology.host | localhost | +| fossology.port | 22 | +| fossology.user | sw360 | +| fossology.key.file | /fossology.id_rsa | +| fossology.key.pub.file | [fossology.key.file] + .pub | + + + +### couchdb.properties (/etc/sw360/couchdb.properties) + +CouchDB and Lucene search configuration properties. + +| Property Key | Default| +|:-----------|:------------| +| couchdb.url | http://localhost:5984 | +| couchdb.database | sw360db | +| couchdb.user | - | +| couchdb.password | - | +| couchdb.userdb | sw360users | +| couchdb.attachments | sw360attachments | +| couchdb.fossologyKeys | sw360fossologyKeys | +| couchdb.vulnerability_management | sw360vm | +| lucenesearch.limit | 25 | desc | +| lucenesearch.leading.wildcard* | false | + +> \* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. _(couchdb-lucene.ini is part of the couchdb-lucene .war package)_
+> [lucene]
+> allowLeadingWildcard=true + + +### search.properties (/etc/sw360/search.properties) + +The following table shall give an overview about the specific search properties + +| Property Key | Default| +|:-----------|:------------| +| search.name.max.length | 64 | + + + +### orgmapping.properties (/etc/sw360/orgmapping.properties) + +This configuration file is used to activate the sw360 orgmapping feature. + +| Property Key | Default| +|:-----------|:------------| +| match.prefix | false | +| enable.custom.mapping | false | + + +### databasetest.properties (/etc/sw360/databasetest.properties) + +Just for couchdb database test purpose. + +| Property Key | Default| +|:-----------|:------------| +| couch_db_url | http://localhost:5984 | +| couch_db_database | datahandlertestdb | +| couchdb.username | - | +| couchdb.password | - | + +### authorization/application.yml (/etc/sw360/authorization/application.yml) + +All of the following built-in properties can be overridden: + +``` + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + #username: + #password: + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API +``` + +### rest/application.yml (/etc/sw360/rest/application.yml) + +All of the following built-in properties can be overridden: + +``` +server: + port: 8091 + +spring: + http: + multipart: + max-file-size: 500MB + max-request-size: 600MB + + data: + rest: + base-path: /api + +# logging: +# level: +# org.springframework.web: DEBUG + +security: + oauth2: + resource: + id: sw360-REST-API + filter-order: 3 + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + +sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` diff --git a/content/fr/docs/Deployment/Deploy-Export-and-Import.md b/content/fr/docs/Deployment/Deploy-Export-and-Import.md new file mode 100644 index 0000000..e311384 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Export-and-Import.md @@ -0,0 +1,170 @@ +--- +linkTitle: "Export and Import" +title: "Export and Import" +weight: 100 +description: + SW360 Export and Import +--- + + +```diff +- note that only export and import of users is active, +- everything else is deprecated functionality. +- The export and import functionality has not been +- updated at some point and thus will not function +- properly anymore. +``` + +Full Export +=========== + +The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. +e.g. +``` +http://localhost:5984/_utils/config.html +``` +under +``` +view_index_dir /var/lib/couchdb +``` +This method of exporting has the advantage that all Ids remain the same. +An equally simple method it to use the Couch-DB replicator from Futon. + +This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with +``` +https://github.com/couchapp/couchapp +``` +and then follows the instructions from +``` +http://harthur.github.io/costco/ +``` +and +``` +couchapp push . http://localhost:5984/sw360users +``` + +then you go to +``` +http://localhost:5984/sw360users/_design/costco/index.html +``` +and you can run functions like: + +``` +function(doc) { + if (doc.type == 'user') { + if(doc.fullname == 'Homer J. Simons') { + doc.fullname = 'Homer Jay Simons'; + } + } + return doc; +} +``` + +You can also change the names of properties, e.g. + +``` +function(doc) { + if (doc.type == 'user') { + if(doc.fullname ) { + doc.fullname2 = doc.fullname; + delete doc.fullname; + } + } + return doc; +} +``` + +CSV Export +========== + +## Users +The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough. + +## Projects + +There is no CSV export or import for projects currently. + +## Components and Releases + +To Export the components and releases you need to do the following: +As Components and Releases are identified by their identifier ([name] or [name(version)]), these identifiers need to be unique. When importing duplicates in the identifiers are ignored and they are also not exported. +Therefore in the admin page you can check the database for such duplicates. + +After that "Download Component CSV" creates a CSV with components, releases and their source attachments. +The source attachments are created if the "DownloadURL" is a valid url. +These remote-only attachments will be download once the first download request occurs. +If the URL does not exist you get an error. + +Alternatively you can use +``` +sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java +``` +to bulk download the source only attachments. +The command line call to use it from the Siemens network looks like this: +``` + java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d +``` +## Attachments + +Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database. + +The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up. + +This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent. + +The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it. + +If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards. + +If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete. + +In general this should only be necessary if errors have occurred. +It is a good idea to run this before you export the attachments. + +## Release links + +Links between releases can be exported or imported. +Because release links are stored in maps, the procedure is idempotent by construction. +The old links are overwritten with the imported data. + +## Suggested Order for Exports + +1. Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding) +2. Clean up the attachments +3. Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported) +4. Export the Users, Components, Attachment Infos and release links +5. copy the sw360attachments.couch, this might be a huge files + +## Suggested Order for Imports +### On a fresh installation +1. Copy the sw360attachments.couch in its place +2. Start the licenses importer +3. restart the backend to make the design documents available and boot the frontend +4. Import the users +5. Import the component CSV +6. Import the Attachment Infos +7. Import the Release Link Infos. + +### Regular Maintenance Operations +1. Run the attachments clean up +2. Resolve name crashes with the search for duplicate Identifiers + +### Imports on a running instance +1. New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message. +2. Users can be added via CSV. +3. Release links can be added via CSV, duplicates overwrite existing links + +Attachments should not be imported on a running instance! +This should not break much, as without the entries in the couchDB there will be no import. +But potentially remote-only Attachments get deleted. +Nevertheless this scenario is not intended and maybe there are unforeseen side effects. + +## Troubleshooting + +#### Import failing in the Backend: No Department + +The import fails with some error message that a user does not have a department? + +1. First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail. +2. If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the "sw360users" database in couchdb. +3. Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates. diff --git a/content/fr/docs/Deployment/Deploy-Keycloak-Authentication.md b/content/fr/docs/Deployment/Deploy-Keycloak-Authentication.md new file mode 100644 index 0000000..c7465f8 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Keycloak-Authentication.md @@ -0,0 +1,329 @@ +--- +linkTitle: "Keycloak based authentication" +title: "Keycloak based authentication" +weight: 101 +description: + Using Keycloak based authentication for the new SW360 setup. +--- + +## Install Java 21 + +* Update the package index: `sudo apt update` +* Install OpenJDK 21: `sudo apt install openjdk-21-jdk` + +## Set JAVA_HOME + +* Edit the `~/.bashrc` file: `vim ~/.bashrc` +* Add the following line at the end of the file: `export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64` +* Save and exit the editor. +* Update the environment variables: `source ~/.bashrc` +* Or you can set environment variable in `/etc/environment` file + +## Install PostgreSQL + +* Install PostgreSQL 14 or higher. +``` +sudo apt update && sudo apt upgrade -y +sudo apt install postgresql-14 +``` + +## Set Username and Password in PostgreSQL + +* Switch to the PostgreSQL user: `sudo su postgres` +* Access the PostgreSQL console: `psql` +* Execute the following SQL commands: +``` +CREATE USER keycloak WITH ENCRYPTED PASSWORD 'mystrongandsecurepassword'; +CREATE DATABASE keycloak; +GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; +``` + +## Install Keycloak + +* Download Keycloak 26.0.6 from the official repository. +* Or download the tar file `wget https://github.com/keycloak/keycloak/releases/download/26.0.6/keycloak-26.0.6.tar.gz` +* Extract the downloaded file to the /opt folder, `sudo tar -xvf myfiles.tar -C /opt` +* Goto `/opt/keycloak-26.x.x/conf` folder and setup the following in `keycloak.conf` file: +``` +# Database + +# The database vendor. +db=postgres + +# The username of the database user. +db-username=keycloak + +# The password of the database user. +db-password=mystrongandsecurepassword + +# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. +db-url=jdbc:postgresql://localhost/keycloak + +# Changes for SW360 +keycloak-admin=admin +keycloak-admin-password=admin + +log=console,file + +# Should be true for productive +hostname-strict-backchannel=false +hostname-strict-https=false + +# Should be false for productive +http-enabled=true +http-port=8083 + +https-port=8533 +``` + +## Start Keycloak + +* Navigate to the Keycloak directory, `cd /opt/keycloak-26.x.x/bin` +* Run the start-dev command for development (with HTTP): +``` +./kc.sh start-dev +``` +* Run the start command for productive (with HTTPS): +``` +./kc.sh start +``` +* Run the start command with the necessary parameters(with debug mode): +``` +sudo ./kc.sh start-dev --log="console,file" --debug --log-level=INFO,org.eclipse.sw360.keycloak.spi:debug,org.eclipse.sw360.keycloak.event.listener:debug +``` + +## Build the Backend + +* Build the SW360 backend code using Maven, + ```shell + mvn clean install -DskipTests -Dbase.deploy.dir=/opt/apache-tomcat-11.x.x/ -Dlistener.deploy.dir=/opt/keycloak-26.x.x/providers -P deploy + ``` +* Start the Apache Tomcat server. + +## Keycloak Providers and Libraries +Providers are used to read users from SW360 DB and register users from keycloak to SW360 DB. + +* After building the backend with deploy profile, following files should be + copied and available at `/opt/keycloak-26.x.x/providers/`: +``` +commonIO-19.0.0.jar +datahandler-19.0.0.jar +httpcore5-5.2.5.jar +libthrift-0.20.0.jar +spring-security-crypto-6.3.3.jar +sw360-keycloak-event-listener.jar +sw360-keycloak-user-storage-provider.jar +``` + +## Keycloak Admin Console + +* Login to Keycloak admin console. + + {{< figure src="/sw360/img/keycloak/keycloak-signin.png" >}} + + ``` + username: admin + password: admin + ``` + +* Create Realm and name it sw360. + + {{< figure src="/sw360/img/keycloak/keycloak-realm.png" >}} + +* Get the JWT issuer and key set for realm and update the backend file at + `rest/resource-server/src/main/resources/application.yml` and reinstall the + backend. Restart the Tomcat server. + * Select "OpenID Endpoint Configuration" from the "Realm Settings" and copy + `jwks_uri`. It will look something like + `http://localhost:8083/realms/sw360/protocol/openid-connect/certs` + {{< figure src="/sw360/img/keycloak/keycloak-jwks.png" >}} + * Update the `issuer-uri` and `jwk-set-uri` in the `application.yml` file + with this copied `jwks_uri`. + * Build and install the backend one more time. + +* Create Client in Keycloak. + + {{< figure src="/sw360/img/keycloak/keycloak-client.png" >}} + + * Follow the below steps for client creation: + * Under *General settings*, enter Client ID which will be used in `.env` + file (SW360 Frontend Repo) as well as in rest. + + {{< figure src="/sw360/img/keycloak/keycloak-create-client.png" >}} + + * In *Capability config* enable Client authentication. + + {{< figure src="/sw360/img/keycloak/keycloak-client-authentication.png" >}} + + * Goto *Login settings* and enter below fields: + + {{< figure src="/sw360/img/keycloak/keycloak-client-settings.png" >}} + + ``` + Home URL: http://localhost:3000 + Valid redirect URIs: http://localhost:3000/api/auth/callback/keycloak, https://oauth.pstmn.io/v1/callback + Valid post logout redirect URIs: + + Web origins: * + ``` + +* Create Client Scopes. + * Create `READ` scope by clicking on *Create client scope* button. + + {{< figure src="/sw360/img/keycloak/keycloak-client-scope.png" >}} + + * Similarly create `WRITE` scope. + +* Add Scopes to our Client. + * Goto Clients, then select your newly created client in *Client lists* + page. + * Goto *Client scopes* page, click on Add client scope and there you will + see your *READ* and *WRITE* scopes that you need to add. + * Select both scopes and then click on Add (default). + + {{< figure src="/sw360/img/keycloak/keycloak-client-scope-add.png" >}} + +* Create Groups. + * Goto *Groups* and create different groups that we are going to use in + sw360. + + {{< figure src="/sw360/img/keycloak/keycloak-groups.png" >}} + + * Create 7 groups: `ADMIN`, `CLEARING_ADMIN`, `CLEARING_EXPERT`, + `ECC_ADMIN`, `SECURITY_ADMIN`, `SW360_ADMIN`, `USER`. + + {{< figure src="/sw360/img/keycloak/keycloak-groups-create.png" >}} + +* Create an Attribute. + * Goto Realm settings then click on *User profile* page where we can create + a new attribute. + + {{< figure src="/sw360/img/keycloak/keycloak-attribute.png" >}} + + * Create a new attribute by the name `Department` and give the required + permissions as shown in screenshot. + + {{< figure src="/sw360/img/keycloak/keycloak-attribute-settings.png" >}} + +* Add Event Listener. + * Goto *Events* page in Realm settings. + * Click on event listeners dropdown and select *sw360-add-user-to-couchdb*. + + {{< figure src="/sw360/img/keycloak/keycloak-event-listener.png" >}} + +* Access to external Databases. + * Goto User federation and select *sw360-user-storage-jpa providers*. + + {{< figure src="/sw360/img/keycloak/keycloak-providers.png" >}} + + * Give proper name and create the custom provider. + + {{< figure src="/sw360/img/keycloak/keycloak-providers-create.png" >}} + +* Check Authentication Settings + * Goto Authentication and apply the permissions in *Required actions* as + shown in screenshot. + + {{< figure src="/sw360/img/keycloak/keycloak-authentication-settings.png" >}} + +* Create Users + * To create a new user one can goto Users section. + + {{< figure src="/sw360/img/keycloak/keycloak-users-create.png" >}} + * Also check whether user is created in CouchDB or not. + * Set password for the newly created user by selecting the user and going to + the *Credentials* page. + + {{< figure src="/sw360/img/keycloak/keycloak-users-password.png" >}} +## Adding Identity Providers in Keycloak for Azure AD Integration + +### Prerequisites +- Keycloak 26.0.5 installed and running +- Azure AD tenant with necessary permissions + +### Step 1: Create an Application in Azure AD +### Step 2: Configure the Application +### Step 3: Configure Keycloak +1. Log in to the Keycloak admin console. +2. Select the realm sw360 to add the identity provider. +3. Go to **Identity Providers** and select **OpenID Connect v1.0** from the dropdown. +4. Fill in the following details: + - **Alias**: `azure-foss360` + - **Display Name**: `Login with AzureAD` + - **Authorization URL**: `https://login.microsoftonline.com//oauth2/v2.0/authorize` + - **Token URL**: `https://login.microsoftonline.com//oauth2/v2.0/token` + - **Logout URL**: `https://login.microsoftonline.com//oauth2/v2.0/logout` + - **User Info URL**: `https://graph.microsoft.com/oidc/userinfo` + - **Issuer**: `https://login.microsoftonline.com//v2.0` + - **JWKS URL**: `https://login.microsoftonline.com//discovery/v2.0/keys` + - **Validate Signatures**: ON + - **Use JWKS URL**: ON + - **Trust Email**: ON + - **Client ID**: The Application (client) ID from Azure AD + - **Client Secret**: The client secret you created in Azure AD + - **Default Scopes**: `openid profile email` +5. Click **Save**. + +### Step 4: Test the Integration +1. Click on Authentication from Left hand Configure Group section +2. Click on Browser Flow +3. Click config of Identity Provider Redirector {{< figure src="/sw360/img/keycloak/keycloak-browser-flow-identity-provider-redirector-config.png" >}} +4. Provide Default Identity Provider as the value which was given in Identity Providers Alias ( e.g. `azure-foss360` in previous section) and click on save. +5. With this configuration update now access http://localhost:8080 and verify the automatic login with Azure ID redirect. + +## Clone SW360 Frontend Repository + +* Run the git clone command, + `git clone git@github.com:eclipse-sw360/sw360-frontend.git` +* Create `.env` file inside the repository and add the following data: +``` +NEXTAUTH_SECRET = 'secret' +NEXT_PUBLIC_SW360_API_URL = 'http://localhost:8080' +NEXTAUTH_URL='http://localhost:3000' +NEXT_PUBLIC_SW360_REST_CLIENT_ID='trusted-sw360-client' +NEXT_PUBLIC_SW360_REST_CLIENT_SECRET='sw360-secret' +NEXT_PUBLIC_ENABLE_SW360_OAUTH_PROVIDER='true' +#possible values are sw360basic, sw360oauth, keycloak +NEXT_PUBLIC_SW360_AUTH_PROVIDER='keycloak' +SW360_KEYCLOAK_CLIENT_ID= +SW360_KEYCLOAK_CLIENT_SECRET= +AUTH_ISSUER=http://localhost:8083/realms/sw360 +``` +* Get `SW360_KEYCLOAK_CLIENT_ID` and `SW360_KEYCLOAK_CLIENT_SECRET` from + Keycloak console + * `SW360_KEYCLOAK_CLIENT_ID` will be present in your client's *Settings* page. + * `SW360_KEYCLOAK_CLIENT_SECRET` will be present in your client's + *Credentials* page + +## Install NVM + +* Installs NVM (Node Version Manager) + `curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.4/install.sh | bash` +* Download and Install Node.js + `nvm install 20.5.1` +* Verifies the right Node.js version is in the environment + `node -v` # should print `v20.5.1` +* Verifies the right NPM version is in the environment + `npm -v` # should print `10.2.4` + +## Build the Frontend +``` +npm install +npm run build +npm run start +/usr/bin/google-chrome-stable --disable-web-security --user-data-dir="/home/${USER}/cors" --allow-file-access-from-files +``` + +## Token Creation for REST + +* Type of authorization will be OAuth 2.0. +* Enter the below details while creating a new Bearer token: + + {{< figure src="/sw360/img/keycloak/keycloak-postman.png" >}} + +``` +Clallback URL: https://oauth.pstmn.io/v1/callback +Auth URL: http://localhost:8083/realms/sw360/protocol/openid-connect/auth +Access Token URL: http://localhost:8083/realms/sw360/protocol/openid-connect/token +Get Client Id and Client Secret from Keycloak client +Scope: openid READ WRITE +``` diff --git a/content/fr/docs/Deployment/Deploy-Requirements.md b/content/fr/docs/Deployment/Deploy-Requirements.md new file mode 100644 index 0000000..17b8a92 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Requirements.md @@ -0,0 +1,89 @@ +--- +linkTitle: "System Requirements" +title: "System Requirements" +weight: 100 +description: + SW360 minimal system requirements based on system class +--- + +For deploying the SW360, there are the following hardware requirements below. Please note that the main memory consumer is the tomcat application container. Accordingly, this requires different settings (see `$TOMCAT_HOME/bin/setenv.sh`). + +Please note that you can review the current memory situation of the application in the liferay administration section as well (see `Configuration`-> `Server Administration`). + +## Hardware and Infrastructure + +### CD-based test instances + +When there is a continuous deployment and continuous delivery directly deployed to machine the following machine is recommended: + +* 1 core +* 4GB RAM +* 40GB normal file system +* 10Mbit Ethernet link + +In this case, the sw360 solution runs fairly well for clicking around and creation of a few data sets. Note that Tomcat should have 2GB. + +### Staging instances + +Testing and working with normal data sets for staging and pre-productive testing. Pre productive does not need to have the same execution speed of the machine, however, requires enough RAM and file system to run a clone on the data set. + +* 2 cores +* 8GB RAM +* 500GB normal file system +* 100Mbit Ethernet link + +The tomcat should be adjusted to 4GB RAM + +### Productive instances + +Productive with for example: 10K releases, 2k users which deploys the entire solution onto a single larger machine. It does not apply to a docker based setup. + +* 4 cores +* 16GB RAM +* 500GB SSD based file system +* 1GBit link Ethernet link + +Tomcat should be adjusted to 10-12GB RAM. Note: normally, you could also run Tomcat with significantly lees RAM, if you put common dependencies in a shared lib folder. + +### Network + +The following table shall give an overview about the inbound ports + +| Port | Service | Remarks| +|:-----------|:------------|:------------| +| 443 | https | Accessing the application | +| 22 | ssh | Administering the application | +| 80 | http | if you would like to access the solution over http | +| 5984/5985 | http/https | if access to the couchdb (admin) interface is required | + +Overview about the *additional* outbound ports: + +| Port | Service | Remarks| +|:-----------|:------------|:------------| +| 3269 | sldap | If you do authentication using secure LDAP | +| 443 | sldap | If you do consume services over https (e.g. vulnerabilty pulling) | +| 53 | dns | ... | +| 22 | ssh | the old way of calling a fossology server | + +Outbound ports for http / https may be required for downloading system updates. Ports for ssh may not be required outbound. + +## Software: + +As for the software, the sw360 can be run on many platforms, even on Windows seven. We have the following reference platform for development: + +until 5: + +* OpenJDK 8 +* Unbunu 16.04 LTS + +after 5: + +* openjdk 8 +* ubuntu 18.04 LTS + +after 11: + +* openjdk 11 +* ubuntu 18.04 LTS + +More information about requirements can be found here: https://github.com/sw360/sw360vagrant/wiki diff --git a/content/fr/docs/Deployment/Deploy-Secure-Deployment.md b/content/fr/docs/Deployment/Deploy-Secure-Deployment.md new file mode 100644 index 0000000..204d147 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-Secure-Deployment.md @@ -0,0 +1,34 @@ +--- +linkTitle: "Security" +title: "Security" +weight: 100 +description: + SW360 security checklist pre and post deployment +--- + +After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components: + +* Lifearay +* Tomcat +* Couchdb + +For the applications, the following very first line measure should be considered: + +* Change password of Liferay administrator user or check if that is appropriately secure. + +* You should check the permissions of the involved users in the user management in Liferay. + +* Assign individual passwords for users, also you could force the users to change their passwords at login if you like. + +* Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only. + +* Also for Tomcat you limit port access from localhost only. + +* Do you need the ssh ports open or can you just go to the machine (physically). + +* Fix the admin party on couchdb + +* Add https access to couchdb + +* check that sw360 runtime user does not have sudo rights and config files for sw360 are `600` only. + diff --git a/content/fr/docs/Deployment/Deploy-SpecialDeployment.md b/content/fr/docs/Deployment/Deploy-SpecialDeployment.md new file mode 100644 index 0000000..0d35567 --- /dev/null +++ b/content/fr/docs/Deployment/Deploy-SpecialDeployment.md @@ -0,0 +1,9 @@ +--- +linkTitle: "Special Deployment Guides" +title: "Special Deployment Guides" +weight: 100 +--- + +### General Deployment Guides + +* [Comprehensive blog post on SW360 Installation in Japanese](https://qiita.com/K-Hama/items/1582b4e1bf248025eabb) diff --git a/content/fr/docs/Deployment/Legacy/Deploy-Liferay.md b/content/fr/docs/Deployment/Legacy/Deploy-Liferay.md new file mode 100644 index 0000000..516cfaa --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/Deploy-Liferay.md @@ -0,0 +1,123 @@ +--- +linkTitle: "Initial Setup of Liferay 6.2 and sw360" +title: "Initial Setup of Liferay 6.2 and sw360" +weight: 100 +--- + +### Liferay administrator steps + +This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the [sw360vagrant](https://github.com/sw360/sw360vagrant) or the [sw360chores](https://github.com/sw360/sw360chores) deployment, the default setup user credentials are `setup@sw360.org` with the unsafe password `sw360fossy`. + +1. Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances) + +2. Go to + + Menu Admin -> Item Control Panel -> Section Users, Password Policies -> Default Password Policy -> Actions -> Edit + +3. Then + + uncheck ```Change Required``` and then + save + +4. Then we need to grant new users the right to see SW360 + + Control Panel -> Configuration -> Users(on the right) -> Default User Associations + + check ```Apply to Existing Users``` + write in Sites: ```SW360 ``` + save (on the right) + +4. Do not allow stranger to create accounts ... + + Control Panel -> Configuration -> Users(on the right) -> Authentication + + uncheck ```Allow strangers to create ...``` + uncheck ```Allow strangers to verify ...``` + save (on the right) + + +5. Then, to deactivate self registration + + Control Panel -> Authentication -> remove checkmarks for creating accounts by strangers + save (on the right) + + Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required) + +6. Then we go to + + Admin -> Pages + +7. and import the lar files from + + ``` + frontend/configuration/public_pages.lar + frontend/configuration/private_pages.lar + ``` + for the respective pages, using the tabs ```Public Pages``` and ```Private Pages```. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually. + +8. ( DO NOT CHECK Pages -> Change -> Delete Missing Pages) + + We check on first page + + Application Configuration -> Choose Applications (leave all checked) + + Permissions -> Permissions + + Permissions -> Permissions Assigned to Roles + + => Click Continue + +9. We check on second page of the import agent: + + Update Data -> Mirror with overwriting + + Authorship of the Content -> Use the Current User as Author + +10. If this was successful we can go to + + Private Pages -> users + +11. We can then import a csv file that looks like that + + ``` + GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash + user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK + ``` + + Note that + + 1. The GID must be unique + 1. The hash here means "t" + 1. The GID is called external Id in the thrift-based datamodel + +### Some notes and troubleshooting + +#### Check Liferay Configuration Options + +There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable: + +* Auto login or self registration functionality +* Site statistics +* Password policies +* Configurability options +* many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options. + +#### Liferay crashes at startup with exception: Dockbar + +If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem ...). + +#### Strange behavior + +If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider: + +``` +CATALINA_OPTS="$CATALINA_OPTS -Xms2048m -Xmx2048m +- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m +- -XX:MaxPermSize=512m" +``` + +if you run Java prior to 8. + +#### Surfing to the main page shows blank page with exception message + +If the "null pointer page" shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after). diff --git a/content/fr/docs/Deployment/Legacy/Deploy-Liferay7.3.md b/content/fr/docs/Deployment/Legacy/Deploy-Liferay7.3.md new file mode 100644 index 0000000..60f5974 --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/Deploy-Liferay7.3.md @@ -0,0 +1,133 @@ +--- +linkTitle: "Initial Setup of Liferay 7.3 and sw360" +title: "Initial Setup of Liferay 7.3 and sw360" +weight: 100 +--- + +After successful installation, the vagrant ends like the following terminal output: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png" >}} + +Then if you open the server with the URL `https://localhost:8443/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +Sign in_the icon_the upper left corner. If you did not change the values in `configuration.rb`the default login is `setup@sw360.org` and `sw360fossy`. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png" >}} + +# User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png" >}} + +In this area, go for Security > Password Policies: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png" >}} + +Finally, sice Liferay 7.3 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +# Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `PublicPages.lar` file the selection `Public Pages` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `PrivatePages.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png" >}} + +Make sure that `Private Pages` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png" >}} + +# Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png" >}} + +# Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png" >}} diff --git a/content/fr/docs/Deployment/Legacy/Deploy-Liferay7.md b/content/fr/docs/Deployment/Legacy/Deploy-Liferay7.md new file mode 100644 index 0000000..ae44e8a --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/Deploy-Liferay7.md @@ -0,0 +1,134 @@ +--- +linkTitle: "Initial Setup of Liferay 7.2 and sw360" +title: "Initial Setup of Liferay 7.2 and sw360" +weight: 100 +--- + +# Starting SW360 for the First Time + +So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know. + +Until then, some tasks need to be done manually, after everything has been built up: + +* import *.lar files +* set password policies not to change after first login (it is annoying when developing) +* set the default area to be SW360 when users login to liferay +* apply some more settings, like users cannot create accounts on their own + +# Setup Login + +After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png" >}} + +Sign in_the icon_the upper left corner. If you did not change the values in `configuration.rb`the default login is `setup@sw360.org` and `sw360fossy`. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png" >}} + +# User Settings in SW360 + +Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users > Password Policies and disable `change Required` if you wish to do so. Click on Save to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png" >}} + +Then, in `Configuration` > `Instance Settings` > `Users` > `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png" >}} + +Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png" >}} + +# Import *.lar Files + +Then, in the `SW360` area > `Publishing` > `Import` klick on the plus sign in order to import the *.lar file for public pages. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `PublicPages.lar` file the selection `Public Pages` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png" >}} + +Overwriting and the write as current user needs to be selected. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png" >}} + +After successful importing the following view should appear. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png" >}} + +The same steps shall be repeated for the `PrivatePages.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png" >}} + +Make sure that `Private Pages` is selected. Follow the other selections made as shown on the screenshots. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png" >}} + +Importing permissions ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png" >}} + +Mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png" >}} + +Then the successful result should be shown like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png" >}} + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png" >}} + +# Import User Accounts for Testing + +Assuming you are still logged in, the main view of SW360 looks as follows: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png" >}} + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png" >}} + +You can find a user file to import in the `sw360vagrant` project in the folder `shared`. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png" >}} + +After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png" >}} + +After the user have been imported successfully, they should appear in the table view. + +# Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png" >}} + +After the successful login, SW360 will look as in the following screenshot. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png" >}} + +For example, click on `Projects` to see that no projects have been created so far ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png" >}} diff --git a/content/fr/docs/Deployment/Legacy/Deploy-Natively-11.md b/content/fr/docs/Deployment/Legacy/Deploy-Natively-11.md new file mode 100644 index 0000000..b7088a0 --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/Deploy-Natively-11.md @@ -0,0 +1,237 @@ +--- +linkTitle: "Ubuntu 18.04 and Java 11" +title: "Ubuntu 18.04 LTS, Java 11" +weight: 100 +description: + Bare metal deployment with Ubuntu 18.04 LTS and Java 11 +--- + +## Introduction + +We are covering the update for Ubuntu 18.04 LTS here because it is our main and agreed-upon base system for running SW360. While SW360 may run on a variety of other Linux distributions or operating systems such as macOS, we have agreed to use Ubuntu Long-Term Releases as a reference OS to avoid compatibility issues. The author of this guide also uses macOS with Homebrew, which works fairly well. + + + +Please note that during the time, the dependencies are updated and the version info might change. + +## Overview + +The installation consists of quite some tasks, as an overview: + +5. Java 11 +6. Postgresql, if we want to use it instead of hypersonic db +7. CouchDB 2.X at the time of starting this guide, but 3.1.X seems to work well +8. Thrift to 0.13, later updated to 0.14 +9. Liferay CE 7.3.3 and 7.3.4 has been also tested +10. Adjust `/etc/ini.d/tomcat` with path of new liferay +13. Adjust `$liferay_install` variable +14. add Java prerequisites to OSGi container +15. Install couchdb-lucene (2.1) +16. Deploy new version of sw360 +17. Go ahead with Liferay steps + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +`# sudo apt update` + +`# sudo apt upgrade` + +## PostgreSQL + +You can go ahead install postgresql 10: + +`sudo apt install postgresql-10` + +or whatever package version is suitable here, for example version 12 for ubuntu 20.04. + +The configuration for Liferay will come later. + +## CouchDB + +CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing: + +`curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -` + +The add the repo to the sources: + +`echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list` + +Then, add its contents to the package database by updating apt: + +`sudo apt-get update -y` + +Ultimately install CouchDB, we tried with 2.1.2 install: + +`sudo apt-get install -y couchdb=2.1.2~bionic` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly. +2. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in `couchdb.properties` and place it centrally in `/etc/sw360` + +In case you added an admin accidentally and would like to remove it, + +## Thrift + +For thrift, we need version 0.13. The installation script in `scripts/install-thrift.sh` will help you: + +`sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.13 + +## OpenJDK 11 + +First check, what is installed. + +`# sudo apt list openjdk* --installed` + +Then you could check what is available: + +`# sudo apt list openjdk*` + +And install OpenJDK 11 + +`# sudo apt install openjdk-11-jdk` + +Then the `$JAVA_HOME` needs to be updated, most likely in `/etc/environment`. Please check for your installation how to set the `$JAVA_HOME` correctly (most likely: `JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64`). + +## Liferay CE 7.3.3 + +Download Liferay from this link + +https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz + +and unpack it, ideally in the `/opt` directory, so resulting path would look like `/opt/liferay-ce-portal-7.3.3-ga4`. + +Then, you need to update the `$LIFERAY_INSTALL` in `/etc/environment` from `LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ +` to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4. + +### Auto Start + +For auto start, you need an according init.d entry. It could be a file like `/etc/init.d/tomcat`. The file could be created if not there already, with the following contents: + +``` +#!/bin/bash + +### BEGIN INIT INFO +# Provides: tomcat7 +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop Tomcat server +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +start() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh +} + +stop() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh +} + +case $1 in + start|stop) $1;; + restart) stop; start;; + *) echo "Run as $0 "; exit 1;; +esac +``` + +Te user `siemagrant` is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server should run under. In the ideal case, it is unprivileged user. + +### Adjust Memory + +When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in `$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh` should be adapted again. + +### PostgreSQL instead of Hypersonic + +Liferay CE comes with the hypersonic database. Just for making a long-term setup in the berginning, we are advising to use postgresql from the start. The settings for postgrsql can be found in `portal-ext.properties`. Please do not forget to create the user and the database in the database server first. + +## Install Prerequisites + +There are some install libraries to be downloaded and installed as OSGi modules. You can check the download script from the sw360vaghrant project for list of URLs that help you. + +https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh + +An URL for libtrift is: + +https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar + +An URL for commons-compress is: + +https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar + +If you have downloaded every thing, copy them to the `deploy` folder of your liferay installation: + +``` +# cp libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ +# cp commons-lang-2.4.jar $LIFERAY_HOME/deploy +# cp commons-io-2.6.jar $LIFERAY_HOME/deploy +# cp commons-csv-1.4.jar $LIFERAY_HOME/deploy +# cp commons-collections4-4.4.jar $LIFERAY_HOME/deploy +# cp commons-codec-1.12.jar $LIFERAY_HOME/deploy +# cp commons-compress-1.20.jar $LIFERAY_HOME/deploy +# cp commons-logging-1.2.jar $LIFERAY_HOME/deploy +# cp gson-2.8.5.jar $LIFERAY_HOME/deploy +# cp guava-21.0.jar $LIFERAY_HOME/deploy +# cp jackson-annotations-2.11.3.jar $LIFERAY_HOME/deploy +# cp jackson-core-2.11.3.jar $LIFERAY_HOME/deploy +# cp jackson-databind-2.11.3.jar $LIFERAY_HOME/deploy +``` + +if you use PostgreSQL as your database, you need to install postgres.jar in Liferay. + +``` +# wget https://jdbc.postgresql.org/download/postgresql-42.2.9.jar postgresql-42.2.9.jar +# cp postgresql-42.2.9.jar $LIFERAY_HOME/tomcat-9.0.33/lib/ext +``` + +[Note] In case you use other database with Liferay, you need to set other jar file of corresponding database. + +## Install Couchdb Lucene + +SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container. + +Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be `couchdb-lucene`: + +`# wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz` + +Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene: + +https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh + +Please note that the patching issue is well known in the project and it is unclear why it is not merged: + +* https://github.com/rnewson/couchdb-lucene/issues/161 "allow context-root other than "/" when running in servlet container" +* https://github.com/rnewson/couchdb-lucene/pull/162 +* https://github.com/rnewson/couchdb-lucene/pull/152 + +## Deploy New SW360 + +You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 (or later) or some few commits before that. Then build in the sw360 project root using: + +`mvn clean install -DskipTests` + +This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same directory: + +``` +# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests +``` + +Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed: + +``` +# cd rest +# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +``` + +## Final Steps in Liferay + +Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. For Liferay CE 7.3.3 please continue here: + +https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3 + diff --git a/content/fr/docs/Deployment/Legacy/NativeInstall/Native-Install-SW360-Version-14.0.0-and-16.0.0.md b/content/fr/docs/Deployment/Legacy/NativeInstall/Native-Install-SW360-Version-14.0.0-and-16.0.0.md new file mode 100644 index 0000000..1168aaf --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/NativeInstall/Native-Install-SW360-Version-14.0.0-and-16.0.0.md @@ -0,0 +1,1060 @@ +--- +linkTitle: "Native-Install v14 and v16" +title: "Native Install v14 and v16" +weight: 100 +description: + Native-Install-Version-14-and-Version-16 +--- + +# How to install and run SW360 v16.0.0 +# These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers. + +### This is a guide with detailed explanation of how to install and run SW360 natively on you local machine. +### It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run. + +SW360 is an Open Source project. The [SW360] repository and [SW360 website] repositories are published on GitHub. + +## In this file you will find how to: +- Install SW360 and its dependencies +- Run SW360 and its dependencies +- Check all services are working +- Be aware of cautions and notes + +## What does SW360 use to construct the UI. +- [Java] - Java is a class-based, object-oriented programming language. +- [Maven] - Maven is a build automation tool for Java projects. +- [Liferay bundled with Tomcat] - Liferay is a Java-based web application platform for the development of customizable portals and websites. + And Apache Tomcat provides a "pure Java" HTTP web server environment in which Java code can run. +- [PostgreSQL] - PostgreSQL or Postgres, is a relational database management system. +- [Couchdb] - Apache CouchDB is a document-oriented NoSQL database, it uses JSON to store data, and provides HTTP for an API. +- [CVE-Search] - CVE-Search is a tool to perform local searches for known vulnerabilities (CVE - Common Vulnerabilities and Exposures). + + +## 1. Install SW360 and its dependencies + +### 1.1 Clone the SW360 Github repository and checkout to stable version. + +```sh +$ git clone https://github.com/eclipse/sw360.git +$ cd sw360/ +$ git checkout sw360-16.0.0-M1 +``` +> Check if you have correct repository version +```sh +$ git branch +``` + +### 1.2. Install Java, Maven + +> Install java and maven: +```sh +$ sudo apt install openjdk-11-jre-headless +``` +> You may use this "$ sudo apt install default-jdk" command instead. +> Check if java is installed: +```sh +$ java --version [check] +``` +> Install maven: +```sh +$ sudo apt update +$ sudo apt install maven +``` +> Check if Maven is installed: +```sh +$ mvn --version +``` + +### 1.3. Install Liferay portal and its dependencies + +```sh +$ ./scripts/docker-config/download_dependencies.sh +$ ls -la ./deps [check if all dependencies have proper sizes] +$ ./scripts/install-thrift.sh +$ thrift --version [check] +``` +> After this step, check whether the "./deps/jars/libthriftxxx.jar" has version at the end of its name instead of xxx, and has size of 345Kb. If no, download the correct jar from this link: +```sh +$ wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar +$ mv libthrift-0.16.0.jar ./deps/jars +``` +> Once the correct Thrift library is found, install Liferay and copy dependency ".jar" files under "liferay_xxx/osgi/modules" folder: +```sh +$ tar -xzvf liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz +$ cp ./deps/jars/* deps/liferay-ce-portal-7.3.4-ga5/osgi/modules/ +``` +> Now set all environment variables of SW360 path to your local ".bashrc": +> You may use other text editor instead of vim. +```sh +$ vim ~/.bashrc +``` +> Scroll till the end of the .bashrc file and add following lines, make sure to put correct absolute paths of your local machine in the place of {absolute path to sw360 repository folder}. +```sh +export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java)))) +export PATH=$PATH:$JAVA_HOME/bin +export LIFERAY_INSTALL="/{absolute path to sw360 repository folder}/sw360/deps/liferay-ce-portal-7.3.4-ga5" +export SW360_DIR_INSTALL="{absolute path to sw360 repository folder}/sw360" +``` +> Save the .bashrc file and run it: +```sh +$ source ~/.bashrc +``` +### 1.4. Make and build SW360 +> Go to sw360 repository folder firstly. + +> We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360. +```sh +$ vim frontend/configuration/setenv.sh +``` +```sh +# The following settings should be adapted to your needs +JAVA_MEMORY_MIN="3g" +JAVA_MEMORY_MAX="6g" + +# The following settings should not be touched unless you know what you are doing +# Misconfiguration may be lead to an unusable instance. +JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF8" +JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false" +JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT" +JAVA_OPTS="$JAVA_OPTS -Xms${JAVA_MEMORY_MIN} -Xmx${JAVA_MEMORY_MAX}" +JAVA_OPTS="$JAVA_OPTS -XX:+UseG1GC" +JAVA_OPTS="$JAVA_OPTS -XX:+CMSParallelRemarkEnabled" +JAVA_OPTS="$JAVA_OPTS -XX:SurvivorRatio=20" + +JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true" +``` + +> Then we can type the following command to install: +> "sudo" might not be necessary, and this will take time, around 5 min] +```sh +$ mvn clean +$ sudo mvn install -DskipTests +``` +> If the installation was successful, then need to deploy the project to be able to run. +> Check which tomcat version do you have and put that in the place of {existing version 9.0.33}, normally it should be just "tomcat-9.0.33". +```sh +sudo mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -DskipTests +``` +> This will create /deploy under root, so sudo is necessary, however you can chmod /deploy. +> This will take time, around 5 - 10 min. +> After deploying the project, you should copy the portal-ext.properties to the place of the Liferay. +```sh +cp frontend/configuration/portal-ext.properties ${LIFERAY_INSTALL}/ +``` +> Then modify the file: setup.wizard.enabled=false -> setup.wizard.enabled=true +> Then copy the files in the directory scripts/docker-config/etc_sw360/ to the directory /etc/sw360/. If the directory /etc/sw360/ does not exist, create it and chmod it. +```sh +cp -r scripts/docker-config/etc_sw360/* /etc/sw360/ +``` +> After this step, you should be able to run Tomcat server and see the index page of SW360 portal. [Check SW360] +### 1.5. Install PostgreSQL +> Install PostgerSQL manually, you can install through "apt install" too: +```sh +$ sudo apt install zlib1g-dev -y +$ sudo apt install libreadline-dev -y +$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +$ tar -xvf postgresql-10.14.tar.gz +$ cd postgresql-10.14/ +$ mkdir -p /PATH_TO/sw360postgres +$ ./configure -prefix=/PATH_TO/sw360postgres +$ make +$ sudo make install +``` +> Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step. +```sh +$ vim ~/.bashrc +``` +> Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as "/home/username": +```sh +$ export PATH=$HOME/sw360postgres/bin:$PATH +$ export PGDATA=$HOME/sw360postgres/data +$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib +$ export PGPORT=5432 +``` +> Check if paths have been set, result must be the absolute paths: +```sh +$ echo $PATH +$ echo $PGDATA +$ echo $LD_LIBRARY_PATH +$ echo $PGPORT +``` +> After paths are set, postgres service can be run: +```sh +$ cd /PATH_TO/sw360postgres/bin +$ ./initdb --encoding=UTF8 --no-locale +$ ./pg_ctl start +``` +> You will see that the server has started. +> Note: If you installed through "apt install" then start the postgres service by following command, where after @ comes the installed version, if postgres isn't running you won't be able to connect to the server, and the error message is not explaining well that server isn't actually running at the moment: +```sh +sudo systemctl status postgresql@12-main.service +sudo systemctl start postgresql@12-main.service +``` +Normally, Default postgres creates user "postgres" with "postgres" password, use that to enter PostgreSQL terminal: +```sh +$ sudo -i -u postgres +$ psql + ``` +> You will be logged in as user named "postgres". +```sh +$ psql postgres +postgres=# \du +postgres=# create database lportal; +postgres=# ALTER USER postgres WITH PASSWORD 'sw360fossy'; +postgres=# ALTER ROLE postgres with superuser; +postgres=# \q +``` +> Connect to postgres shell, and check users information +```sh +$ psql -d lportal +# \du +# \dt +# \l +``` +### 1.6. Install Couch DB + +> To install from aptitute type: + +```sh +$ sudo apt update +$ sudo apt install -y couchdb +``` + +> You may refer to the bottom Native Installation 14 version CouchDB manual configuration for seting credentials. + +> After, run CouchDb service, check if it's working: + +```sh +$ sudo systemctl start couchdb.service +``` +> Check if CouchDB is responding: +```sh +$ curl localhost:5984 +``` +> This should return json containing version information +> You can use "start/stop/status/restart" command with systemctl for controlling CouchDB service. + +### 1.7. Install CVE-Search + +> Follow these detailed instructions: + +```sh +[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst] +``` + +> To connect it to SW360, see following instructions: + +```sh +https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +``` +##### Notes: +- In the instruction be careful with setting apt link for mongodb, if somehow it destroys your "sudo apt update" command, go to "/etc/apt/sources.list" file and comment out the broken line, that's probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions. + +### 1.8. Configure SW360 + +> Before going to configuration page, need to start the Liferay Tomcat server: + +```sh +$ {path to sw360 installation}/./deps_backup/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh +``` +> You can use ...bin/shutdown.sh script to stop the server. +> If startup.sh script responded "Tomcat started. Then you are close to see SW360 portal page: +> To do so, open this url from your browser: + +```sh +http://127.0.0.1:8080 +``` + +> This will take time, around 5 min. +> If you can see liferay page, then go to the following links to configure SW360 portal. + +- https://qiita.com/K-Hama/items/1582b4e1bf248025eabb#liferaygui%E8%A8%AD%E5%AE%9A - instructions in Japanese. +- https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 - instrutions in English + +##### Notes: + +- Probably your postgres user and password are different, then replace the configurations "deps/liferay-ce-portal-7.3.4-ga5/portal-setup-wizard.properties" file or add the new user into postgres with required credentials. + +- After creating user, if you can't sign in to SW360 portal https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png try to login with "test" password and the same email "setup@sw360.org" as you set in during configuration. + +## 2. Run SW360 and its dependencies + +### 2.1. Run dependencies + +> Turn on the CouchDB and Postgres services + +```sh +$ sudo systemctl start couchdb.service +$ sudo systemctl start postgres@@12-main.service +``` + +> Check if both are running: + +```sh +$ sudo systemctl status couchdb.service +$ sudo systemctl status postgres@@12-main.service +``` + +> You should be able to see something like this: + +```sh +... systemd[1]: Started PostgreSQL Cluster 12-main. +... +... halt systemd[1]: Started Apache CouchDB. +``` + +> Run Liferay portal + +```sh +$ ./deps/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh +``` + +> Make sure to type correct path to the startup.sh file. + +### 2.3. Run SW360 + +> Open the localhost:8080 page from the browser +If all the previous steps were successfuly done you will be able to see this page: +https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png +Now enjoy SW360 portal! + +## Check all services are working + +To fully use SW360 you need to have following services running, please check one by one by opening your browser and typing url, or using curl from command line: +| Service | URL/Port | Notes +| ------ | ------ | ------ +| Tomcat | http://127.0.0.1:8080 | When Tomcat is installed without liferay it uses same 8080 port | +| Liferay | http://127.0.0.1:8080 | If Liferay version is correct you will see Liferay white-blue index page not Tomcat yellow-green page. +| PostgreSQL | http://127.0.0.1:5432 | +| CouchDB | http://127.0.0.1:5984/_utils | +| CVE-Search | http://127.0.0.1:5000/admin | + +## Be aware of cautions and notes + +> There are various versions of Tomcat with or without Liferay, however here we use Liferay which has already bundled Tomcat inside it's installation archive, that means you don't have to install Tomcat separately. In this case, when script liferay- xxx / tomcat- yyy/start.sh is run, the 8080 page will be visible, and will be overwritten by Liferay. + +> If the service has problem with Liferay then you will not see Liferay blue-white page. If you see other than that then you need to go through 3rd step of Liferay installation, check it's version and reinstall it. + +> If you still face the problem with Thrift or Liferay page isn't responding properly, type this command in the shell, to set the missing Thrift version environment variable, and run the ./scripts/install-thrift.sh again, then start from 3rd step of installation again: + +```sh +THRIFT_VERSION=${THRIFT_VERSION:-0.16.0} +``` +--- + +# Native Install SW360 Version-14.0.0 + +# SW360 Version up test + +## 1. Overview +### 1.1 SW360 Portal + +A software component catalogue application - designed to work with FOSSology. + +SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information. + +This material helps user to install SW360 14.0 + +### 1.2 Environment + +| Package Name | Version | +|:--------------|:--------:| +| Ubuntu | 20.04 | +| Apt | 2.0.2 | +| Wget | 1.20.3 | +| Curl | 7.68.0 | +| Git | 2.25.1 | +| Maven | 3.6.0 | +| OpenJDK | 11.0.5 | + +## 2.Install & Config proxy for Environment +``` +2.1 Apt +2.2 Wget +2.3 Curl +2.4 Git +2.5 Maven +2.6 OpenJDK +``` +### 2.1 Apt +#### Create file with name proxy.conf in folder `/etc/apt/apt.conf.d` + + - `$ sudo gedit /etc/apt/apt.conf.d/proxy.conf` + +#### Add the following line few files `proxy.conf` +``` + Acquire { + HTTP::proxy "http://username:password@server:port"; + HTTPS::proxy "http://username:password@server:port"; + } +``` +### 2.2 Wget +#### Create file `~/.wgetrc` + + - `$ sudo gedit ~/.wgetrc` + +#### Add the following line few files `~/.wgetrc` +``` + use_proxy=yes + http_proxy=http://username:password@server:port + https_proxy=http://username:password@server:port +``` +### 2.3 Curl +#### 2.3.1 Install Curl + - `$ sudo apt update` + - `$ sudo apt install curl` + +#### 2.3.2 Config proxy +* Create file `~/.curlrc` + + - `$ sudo gedit ~/.curlrc` + +* Add the following line few files `~/.curlrc` +``` + proxy=http://username:password@server:port/ +``` + +### 2.4 Git + +#### 2.4.1 Install Git +- `$ sudo apt update` +- `$ sudo apt install git` +#### 2.4.2 Config proxy +* Create file `~/.gitconfig` + + - `$ sudo gedit ~/.gitconfig` + +* Add the following line few files `~/.gitconfig` + ``` + [http] + proxy = http://username:password@server:port + sslverify = false + [https] + proxy = http://username:password@server:port + + ``` +### 2.5 Maven +#### 2.5.1 Install Maven +*Go to back Home in Terminal + +- `$ sudo apt update` +- `$ sudo apt install maven` + +#### 2.5.2 Config proxy for Maven + +* Create Folder with path `/home/user/.m2` +- `$ mkdir /home/user/.m2` + +* Create File in Folder `.m2` +- `$ touch /home/user/.m2/settings.xml` + +* Copy the following lines into tag + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + +### 2.6 OpenJDK 11 + +* And install OpenJDK 11 + - `$ sudo apt install openjdk-11-jdk` +* Check version: + - `$ java --version` + - Output: + ``` + openjdk version "11.0.15" 2022-04-19 + OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) + OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) + ``` + - Install JDK successfully +## 3. Native install 14.0 (without docker-compose) + +### The installation consists of some tasks:: +``` +3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules +3.2 Install Couchdb version 3.2.2 +3.3 Install Couchdb Lucene +3.4 Clone Project sw360 with version 14 +3.5 Install Thrift version 14.0 +3.6 Compiling and deploying +3.7 Version Management Table +``` +### 3.1 Install A Liferay Community Edition bundled with Tomcat + +* Make folder `work` in path of work: `/home/user` + + - `$ mkdir work` + +* Download Liferay Portal CE 7.3.4 GA5 + - `$ cd work` + - `$ wget --no-check-certificate https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz/download -O liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz` + +* Extract downloaded file + - `$ tar -xzf liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Move to `${LIFERAY_INSTALL}/deploy` and Run command: + + * `$ cd ${LIFERAY_INSTALL}/deploy` + + * ` wget https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar -O commons-codec-1.12.jar ` + * ` wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar -O commons-collections4-4.4.jar ` + * ` wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-csv/1.4/commons-csv-1.4.jar -O commons-csv-1.4.jar ` + * ` wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.6/commons-io-2.6.jar -O commons-io-2.6.jar` + * ` wget https://search.maven.org/remotecontent?filepath=commons-lang/commons-lang/2.4/commons-lang-2.4.jar -O commons-lang-2.4.jar` + * ` wget https://search.maven.org/remotecontent?filepath=commons-logging/commons-logging/1.2/commons-logging-1.2.jar -O commons-logging-1.2.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.5/gson-2.8.5.jar -O gson-2.8.5.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/21.0/guava-21.0.jar -O guava-21.0.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.11.3/jackson-annotations-2.11.3.jar -O jackson-annotations-2.11.3.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar -O jackson-core-2.11.3.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar -O jackson-databind-2.11.3.jar` + * ` wget https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar -O commons-compress-1.20.jar` + * ` wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -O libthrift-0.13.0.jar` + + +* Create `portal-ext.properties` file in `liferay-ce-portal-7.3.4-ga5` folder + +* Copy content from https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties + +- Edit `portal-ext.properties`: uncomment below lines + + # default.admin.password=sw360fossy + + # default.admin.screen.name=setup + + # default.admin.email.address.prefix=setup + + # default.admin.first.name=Setup + + # default.admin.last.name=Administrator + +* Remove files in folder `hypersonic` with path: `/home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic` + - `$ rm -rf /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic/*` + + +* Move folder `liferay-ce-portal-7.3.4-ga5` to `/opt` + + - `$ sudo mv liferay-ce-portal-7.3.4-ga5 /opt` + +### 3.2 Install Couchdb version 3.2.2 + +* Run the following commands: + - `$ sudo apt update && sudo apt install -y curl apt-transport-https gnupg` + - `$ curl https://couchdb.apache.org/repo/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1 ` + - `$ source /etc/os-release ` + - `$ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" \ ` + ` | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null ` + - `$ sudo apt update ` + - `$ sudo apt install -y couchdb ` + + +* Config and Setup Couchdb follow images: + * Config Couchdb Type +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/ConfigTypeCouchdb.jpg" title="Type Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + +   + * Config node name +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/ConfigDomainCouchdb.jpg" title="Domain Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Set up magic cookie +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/SetupMagicCookie.jpg" title="Setup Magic Cookie" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Config bind address +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/ConfigIPCouchdb.jpg" title="IP Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Set up Couchdb Password +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/SetupPassword.jpg" title="Setup Password" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Repeat Password +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/RepeatPassword.jpg" title="Repeat Password" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Start and status of Couchdb +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/StatusStartCouchdb.jpg" title="Status Start Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Stop and status of Couchdb +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/StatusStopCouchdb.jpg" title="Status Stop Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + +* Url and account when config couchdb + - Username: `admin` + - Password: `password` + - Url: `http://localhost:5984/_utils` + +* Command Line When Start, Stop, check status Couchdb + - Start Couchdb: `$ sudo service couchdb start` + - Stop Couchdb: `$ sudo service couchdb stop` + - Check status: `$ sudo service couchdb status` +### 3.3 Install Couchdb Lucene + +* SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene + +* Run command download Couchdb Lucene + - `wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz` + +* Note Extract liferay To folder `work` with path of work: `/home/user/work` + - `tar -xzf couchdb-lucene.tar.gz` + +* Run command: + - `cd couchdb-lucene-2.1.0` + - `sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini ` + - `sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini ` + - `wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch ` + - `patch -p1 < couchdb-lucene.patch ` + - `mvn clean install war:war` + - `cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/webapps/couchdb-lucene.war` + + +### 3.4 Clone sw360 with version 14.0.0 + +* Clone sw360 source code to folder `work` with path: `/home/user/work` + + - `$ git clone https://github.com/eclipse/sw360` + +* Checkout to tag 14.0.0 version + - `$ cd sw360` + - `$ git checkout sw360-14.0.0-M1` + +### 3.5 Install Thrift version 0.14 + +* For thrift, we need version 0.14. The installation script in Path: `SW360_REPOSITORY/scripts/install-thrift.sh` + +* Run command: + - `$ chmod +x install-thrift.sh` + - `$ sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.14 +* Check version thrift + + - `$ thrift --version` + + - Output: + ``` + Thrift version 0.14.0 + + ``` + - Install Thrift successfully +### 3.6 Compile and deploy + +* Start couchdb + - `$ sudo service couchdb start` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +1. To clean everything and install without running the tests + - `$ mvn clean install -DskipTests ` + +2. For deployment run the command + - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` + +#### 3.6.1 Start and Configure Liferay +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*` + +* Url SW360 : `https://localhost:8080` +#### 3.6.2 Configure Liferay Portal + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` + + +### 3.7 Version Management Table (sw360 14.0) + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.3.4 | +| Tomcat | 9.0.33 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.14.0 | +| SW360 | 14.0.0 | + + + +### 3.8 Config couchdb with Sw360 (sw360 14.0) + +* Create folder `sw360` in path `/etc/` + + - `sudo mkdir sw360` + +* Create 2 folder `authorization` and `rest` in path `/etc/sw360` + + - `sudo mkdir authorization` + - `sudo mkdir rest` + +* Create file `application.yml` in path `/etc/sw360/authorizaton` with content: +``` + # + # Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + # Port to open in standalone mode + server: + port: 8090 + + # Connection to the couch databases. Will be used to store client credentials + couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: password + + jwt: + secretkey: sw360SecretKey + + spring: + jackson: + serialization: + indent_output: true + + # Common SW360 properties + sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + + security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API + +``` +* Create file `application.yml` in path `/etc/sw360/rest` with content: +``` + # + # Copyright Siemens AG, 2017. Part of the SW360 Portal Project. + # Copyright Bosch.IO GmbH 2020 + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + server: + port: 8091 + + management: + endpoints: + enabled-by-default: false + web: + base-path: + endpoint: + health: + enabled: true + show-details: always + info: + enabled: true + web: + base-path: / + + spring: + servlet: + multipart: + max-file-size: 500MB + max-request-size: 600MB + + # logging: + # level: + # org.springframework.web: DEBUG + + security: + oauth2: + resource: + id: sw360-REST-API + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + + sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` + +* Create file `couchdb.properties` in path `/etc/sw360` with content: + +``` + # + # Copyright Siemens AG, 2020. Part of the SW360 Portal Project. + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + couchdb.url = http://localhost:5984 + couchdb.user = admin + couchdb.password = password + couchdb.database = sw360db + couchdb.usersdb = sw360users + couchdb.attachments = sw360attachments + lucenesearch.limit = 10000 + +``` +* Create file `sw360.properties` and `/etc/sw360` with content: + +``` + # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + # common property file for the backend services + backend.url= http://localhost:8080 + + licenseinfo.spdxparser.use-license-info-from-files=true + mainline.state.enabled.for.user=false + + # settings for the mail utility: + # if host is not set, e-mailing is disabled + MailUtil_host= + MailUtil_from=__No_Reply__@sw360.org + MailUtil_port=25 + MailUtil_enableStarttls= + MailUtil_enableSsl= + MailUtil_isAuthenticationNecessary= + MailUtil_login= + MailUtil_password= + MailUtil_enableDebug= + MailUtil_supportMailAddress= + + # text patterns for mail utility + defaultBegin = \ + *** This is an automatically generated email, please do not reply. ***\n\n\ + Dear SW360-user,\n\n + defaultEnd = \ + With best regards,\n\ + SW360-support + unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: + unsubscribeNoticeAfter =. *** + + subjectForNewModerationRequest= New moderation request + subjectForUpdateModerationRequest= Update on moderation request + subjectForAcceptedModerationRequest= Your moderation request has been accepted + subjectForDeclinedModerationRequest= Your moderation request has been declined + subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined + subjectForNewComponent= New component created + subjectForUpdateComponent= Component updated + subjectForNewRelease= New release created + subjectForUpdateRelease= Release updated + subjectForNewProject= New project created + subjectForUpdateProject= Project updated + subjectForNewClearingRequest= New clearing request <%s> for Project <%s> + subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s> + subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s> + subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s> + subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s> + subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated + + textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n + textForUpdateModerationRequest= \ + one of the moderation requests previously added to your \ + SW360-account has been updated.\n\n + textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n + textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n + textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n + textForNewComponent= a new component %s, in which you take part, has been created.\n\n + textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n + textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n + textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n + textForNewProject= a new project %s %s, in which you take part, has been created.\n\n + textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n + textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n + textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n + #attachment.store.file.system.location=/opt/sw360tempattachments + #enable.attachment.store.to.file.system=false + #attachment.store.file.system.permission=rwx------ + #attachemnt.delete.no.of.days=30 + + #Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. + #sw360changelog.config.file.location=/etc/sw360/log4j2.xml + enable.sw360.change.log=false + sw360changelog.output.path=sw360changelog/sw360changelog + +``` + +## References for more information +- [SW360] +- [CVE-Search] +- [Java] +- [Maven] +- [Thrift] +- [Liferay bundled with Tomcat] +- [PostgreSQL] +- [CouchDB] + + +## License + +[SPDX-License-Identifier: EPL-2.0] + +[//]: # (These are reference links used in the body of this instructions markdown file.) + [Check SW360]: + [Check CouchDB]: + [Check PostgreSQL]: + [SW360]: + [SW360 website]: + [CVE-Search]: + [Java]: + [Maven]: + [Thrift]: + [Liferay bundled with Tomcat]: + [PostgreSQL]: + [CouchDB]: + diff --git a/content/fr/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-17.0.0.md b/content/fr/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-17.0.0.md new file mode 100644 index 0000000..73306ef --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-17.0.0.md @@ -0,0 +1,999 @@ +--- +linkTitle: "Native-Install v17" +title: "Native Install v17" +weight: 100 +description: + Native-Install-Version-17 +--- + +# How to install and run SW360 v17.0.0 +# These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers. + +## This is a guide with detailed explanation of how to install and run SW360 natively on you local machine. +## It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run. + +SW360 is an Open Source project. The [SW360] repository and [SW360 website] repositories are published on GitHub. +## 1. Overview +### 1.1 SW360 Portal + +A software component catalogue application - designed to work with FOSSology. + +SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information. + +This material helps user to install SW360 17.0.0 + +### 1.2 Environment + +| Package Name | Version | +|:--------------|:--------:| +| Ubuntu | 20.04 | +| Apt | 2.0.2 | +| Wget | 1.20.3 | +| Curl | 7.68.0 | +| Git | 2.25.1 | +| Maven | 3.6.0 | +| OpenJDK | 11.0.5 | + +## 2.Install & Config proxy for Environment +``` +2.1 Apt +2.2 Wget +2.3 Curl +2.4 Git +2.5 Maven +2.6 OpenJDK +``` +### 2.1 Apt +#### Create file with name proxy.conf in folder `/etc/apt/apt.conf.d` + + - `$ sudo gedit /etc/apt/apt.conf.d/proxy.conf` + +#### Add the following line few files `proxy.conf` +``` + Acquire { + HTTP::proxy "http://username:password@server:port"; + HTTPS::proxy "http://username:password@server:port"; + } +``` +### 2.2 Wget +#### Create file `~/.wgetrc` + + - `$ sudo gedit ~/.wgetrc` + +#### Add the following line few files `~/.wgetrc` +``` + use_proxy=yes + http_proxy=http://username:password@server:port + https_proxy=http://username:password@server:port +``` +### 2.3 Curl +#### 2.3.1 Install Curl + - `$ sudo apt update` + - `$ sudo apt install curl` + +#### 2.3.2 Config proxy +* Create file `~/.curlrc` + + - `$ sudo gedit ~/.curlrc` + +* Add the following line few files `~/.curlrc` +``` + proxy=http://username:password@server:port/ +``` + +### 2.4 Git + +#### 2.4.1 Install Git +- `$ sudo apt update` +- `$ sudo apt install git` +#### 2.4.2 Config proxy +* Create file `~/.gitconfig` + + - `$ sudo gedit ~/.gitconfig` + +* Add the following line few files `~/.gitconfig` + ``` + [http] + proxy = http://username:password@server:port + sslverify = false + [https] + proxy = http://username:password@server:port + + ``` +### 2.5 Maven +#### 2.5.1 Install Maven +*Go to back Home in Terminal + +- `$ sudo apt update` +- `$ sudo apt install maven` + +#### 2.5.2 Config proxy for Maven + +* Create Folder with path `/home/user/.m2` +- `$ mkdir /home/user/.m2` + +* Create File in Folder `.m2` +- `$ touch /home/user/.m2/settings.xml` + +* Copy the following lines into tag + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + +### 2.6 OpenJDK 11 + +* And install OpenJDK 11 + - `$ sudo apt install openjdk-11-jdk` +* Check version: + - `$ java --version` + - Output: + ``` + openjdk version "11.0.15" 2022-04-19 + OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) + OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) + ``` + - Install JDK successfully +## 3. Native install 17.0.0 (without docker-compose) + +### The installation consists of some tasks:: +``` +3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules +3.2 Install Couchdb version 3.2.2 +3.3 Install Couchdb Lucene +3.4 Clone Project sw360 with version 17.0.0 +3.5 Install Thrift version 16.0 +3.6 Compiling and deploying +3.7 Version Management Table +``` +### 3.1 Install A Liferay Community Edition bundled with Tomcat + +* Make folder `work` in path of work: `/home/user` + + - `$ mkdir work` + +* Download Liferay Portal CE 7.4.3.18 GA18 + - `$ cd work` + - `$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Extract downloaded file + - `$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Create `portal-ext.properties` file in `liferay-ce-portal-7.4.3.18-ga18` folder + +* Copy content from https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties + +- Edit `portal-ext.properties`: uncomment below lines + + # default.admin.password=sw360fossy + + # default.admin.screen.name=setup + + # default.admin.email.address.prefix=setup + + # default.admin.first.name=Setup + + # default.admin.last.name=Administrator + +- Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password + +``` + # Postgres configuration + jdbc.default.driverClassName=org.postgresql.Driver + jdbc.default.url=jdbc:postgresql://localhost:5432/lportal + jdbc.default.username=${postgres_user} + jdbc.default.password=${postgres_password} +``` + +- Add lines to setup passsword policies +``` + # Passsword policies + passwords.default.policy.change.required=false + company.security.send.password.reset.link=false + company.security.auto.login=false + company.security.auth.type=emailAddress + company.security.strangers=false + company.security.strangers.with.mx=false + company.security.strangers.verify=false +``` + +* Remove files in folder `hypersonic` with path: `/home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic` + - `$ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*` + +* Move folder `liferay-ce-portal-7.4.3.18-ga18` to `/opt` + + - `$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt` + +### 3.2 Install Database + +#### 3.2.1 Install Couch DB + +* To install from aptitute type: + +```sh +$ sudo apt update +$ sudo apt install -y couchdb +``` + +* You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials. + +* After, run CouchDb service, check if it's working: + +```sh +$ sudo systemctl start couchdb.service +``` +* Check if CouchDB is responding: +```sh +$ curl localhost:5984 +``` +* This should return json containing version information +* You can use "start/stop/status/restart" command with systemctl for controlling CouchDB service. + + +#### Install Couchdb Lucene + +* SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene + +* Run command download Couchdb Lucene + - `wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz` + +* Note extract couchdb-lucene to folder `work` with path of work: `/home/user/work` + - `tar -xzf couchdb-lucene.tar.gz` + +* Run command: + - `cd couchdb-lucene-2.1.0` + - `sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini ` + - `sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini ` + - `wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch ` + - `patch -p1 < couchdb-lucene.patch ` + - `mvn clean install war:war` + - `cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war` + +### 3.2.2 Install PostgreSQL + +* Install PostgerSQL manually, you can install through "apt install" too: +```sh +$ sudo apt install zlib1g-dev -y +$ sudo apt install libreadline-dev -y +$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +$ tar -xvf postgresql-10.14.tar.gz +$ cd postgresql-10.14/ +$ mkdir -p /PATH_TO/sw360postgres +$ ./configure -prefix=/PATH_TO/sw360postgres +$ make +$ sudo make install +``` +* Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step. +```sh +$ vim ~/.bashrc +``` +* Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as "/home/username": +```sh +$ export PATH=$HOME/sw360postgres/bin:$PATH +$ export PGDATA=$HOME/sw360postgres/data +$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib +$ export PGPORT=5432 +``` +* Check if paths have been set, result must be the absolute paths: +```sh +$ echo $PATH +$ echo $PGDATA +$ echo $LD_LIBRARY_PATH +$ echo $PGPORT +``` +* After paths are set, postgres service can be run: +```sh +$ cd /PATH_TO/sw360postgres/bin +$ ./initdb --encoding=UTF8 --no-locale +$ ./pg_ctl start +``` +* You will see that the server has started. +* Note: If you installed through "apt install" then start the postgres service by following command, where after @ comes the installed version, if postgres isn't running you won't be able to connect to the server, and the error message is not explaining well that server isn't actually running at the moment: +```sh +sudo systemctl status postgresql@12-main.service +sudo systemctl start postgresql@12-main.service +``` +* Postgres will create an user with username ${ubuntu_user} (username login to ubuntu) +* Use theses command to change password of user ${ubuntu_user} in postgres sql. +```sh +$ psql postgres +postgres=# \du +postgres=# create database lportal; +postgres=# ALTER USER ${ubuntu_user} WITH PASSWORD 'sw360fossy'; +postgres=# ALTER ROLE ${ubuntu_user} with superuser; +postgres=# \q +``` +* Connect to postgres shell, and check users information +```sh +$ psql -d lportal +# \du +# \dt +# \l +``` +### 3.3 Install CVE-Search + +* Follow these detailed instructions: + +```sh +[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst] +``` + +* To connect it to SW360, see following instructions: + +```sh +https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +``` +##### Notes: +- In the instruction be careful with setting apt link for mongodb, if somehow it destroys your "sudo apt update" command, go to "/etc/apt/sources.list" file and comment out the broken line, that's probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions. + +### 3.4 Clone sw360 with version 17.0.0 + +* Clone sw360 source code to folder `work` with path: `/home/user/work` + + - `$ git clone https://github.com/eclipse/sw360` + +* Checkout to tag 17.0.0 version + - `$ cd sw360` + - `$ git checkout sw360-17.0.0-M1` + +* export path to repository sw360 + - `$ export SW360_REPOSITORY=/home/user/work/sw360` +### 3.5 Install Thrift version 0.16 + +* For thrift, we need version 0.16. The installation script in Path: `${SW360_REPOSITORY}/scripts/install-thrift.sh` + +* Run command to install libraries: + - `$ sudo apt-get install -y clang-tidy` + - `$ sudo apt-get install flex` + - `$ sudo apt-get install -y clang-tools` + - `$ sudo apt-get install bison` + - `$ sudo apt-get install cmake` + +* Run command: + - `$ chmod +x install-thrift.sh` + - `$ sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16 +* Check version thrift + + - `$ thrift --version` + + - Output: + ``` + Thrift version 0.16.0 + + ``` + - Install Thrift successfully + +### 3.6 Config properties files with Sw360 (sw360 17.0.0) + +* Create folder `sw360` in path `/etc/` + + - `sudo mkdir sw360` + +* Create 2 folder `authorization` and `rest` in path `/etc/sw360` + + - `sudo mkdir authorization` + - `sudo mkdir rest` + +* Create file `application.yml` in path `/etc/sw360/authorizaton` with content: +``` +# +# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: password + +jwt: + secretkey: sw360SecretKey + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API + +``` +* Create file `application.yml` in path `/etc/sw360/rest` with content: +``` +# +# Copyright Siemens AG, 2017. Part of the SW360 Portal Project. +# Copyright Bosch.IO GmbH 2020 +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +server: + port: 8091 + +management: + endpoints: + enabled-by-default: false + web: + base-path: + endpoint: + health: + enabled: true + show-details: always + info: + enabled: true + web: + base-path: / + +spring: + servlet: + multipart: + max-file-size: 500MB + max-request-size: 600MB + +# logging: +# level: +# org.springframework.web: DEBUG + +security: + oauth2: + resource: + id: sw360-REST-API + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + +sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` + +* Create file `couchdb.properties` in path `/etc/sw360` with content: + +``` +# +# Copyright Siemens AG, 2020. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +couchdb.url = http://localhost:5984 +couchdb.user = admin +couchdb.password = password +couchdb.database = sw360db +couchdb.usersdb = sw360users +couchdb.attachments = sw360attachments +lucenesearch.limit = 10000 + +``` +* Create file `sw360.properties` and `/etc/sw360` with content: + +``` +# Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# common property file for the backend services +backend.url= http://localhost:8080 + +licenseinfo.spdxparser.use-license-info-from-files=true +mainline.state.enabled.for.user=false + +# settings for the mail utility: +# if host is not set, e-mailing is disabled +MailUtil_host= +MailUtil_from=__No_Reply__@sw360.org +MailUtil_port=25 +MailUtil_enableStarttls= +MailUtil_enableSsl= +MailUtil_isAuthenticationNecessary= +MailUtil_login= +MailUtil_password= +MailUtil_enableDebug= +MailUtil_supportMailAddress= + +# text patterns for mail utility +defaultBegin = \ +*** This is an automatically generated email, please do not reply. ***\n\n\ +Dear SW360-user,\n\n +defaultEnd = \ +With best regards,\n\ +SW360-support +unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: +unsubscribeNoticeAfter =. *** + +subjectForNewModerationRequest= New moderation request +subjectForUpdateModerationRequest= Update on moderation request +subjectForAcceptedModerationRequest= Your moderation request has been accepted +subjectForDeclinedModerationRequest= Your moderation request has been declined +subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined +subjectForNewComponent= New component created +subjectForUpdateComponent= Component updated +subjectForNewRelease= New release created +subjectForUpdateRelease= Release updated +subjectForNewProject= New project created +subjectForUpdateProject= Project updated +subjectForNewClearingRequest= New clearing request <%s> for Project <%s> +subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s> +subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s> +subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s> +subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s> +subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated + +textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n +textForUpdateModerationRequest= \ +one of the moderation requests previously added to your \ +SW360-account has been updated.\n\n +textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n +textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n +textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n +textForNewComponent= a new component %s, in which you take part, has been created.\n\n +textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n +textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n +textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n +textForNewProject= a new project %s %s, in which you take part, has been created.\n\n +textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n +textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n +textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n +#attachment.store.file.system.location=/opt/sw360tempattachments +#enable.attachment.store.to.file.system=false +#attachment.store.file.system.permission=rwx------ +#attachemnt.delete.no.of.days=30 + +#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. +#sw360changelog.config.file.location=/etc/sw360/log4j2.xml +enable.sw360.change.log=false +sw360changelog.output.path=sw360changelog/sw360changelog + +``` + +* Configure the sw360ChangeLog path +#### 1. Create log4j2.xml file +- Based on log4j2.xml file from https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml, update the content as below, then place this file to etc/sw360 folder. + +``` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` +* Set the environment variable for the changelog directory (`${env:FILE_PATH}/sw360changelog.log`) + - Create Folder `sw360changelog` in `var/log/`: + - `$ sudo mkdir sw360changelog ` + - If `/var/log/sw360changelog` folder requires permission, set permission for this folder: + - `$ sudo chown -R $USER:$USER /var/log/sw360changelog` + + - `$ export FILE_PATH=/var/log/sw360changelog` + +* NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable + +#### 2. Enable changelog config + +Add the following lines to the sw360.properties file (or uncomment if they are existing) + +* `sw360changelog.config.file.location=/etc/sw360/log4j2.xml` +* `enable.sw360.change.log=true` + +#### 3. Compile and deploy + + * Set `sw360.liferay.company.id = 20099` in `sw360.properties` file + + * Set the environment variable for the LIFERAY_INSTALL directory + + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + + * Note: Should add -DskipTests when building sw360 to avoid test data write to log file + + * To clean everything and install without running the tests + + - `$ mvn clean install -DskipTests` + + * For deployment, run the command + + - `$ cd /home/user/work/sw360` + - `$ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -DskipTests` + +#### 4. Start and configure Liferay + +* Set the environment variable for the LIFERAY_INSTALL directory + + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Start liferay + + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh` + +* Log + + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/*` + +* SW360 URL: `https://localhost:8080` + +#### 5. How to check the logs +- Edit (update) a project, component, or release in SW360. +- Then check the logs in `${FILE_PATH}/sw360changelog/sw360changelog.log` file +\ + +### 3.7 Compile and deploy + +* Start Database +* Turn on the CouchDB and Postgres services + +```sh +$ sudo systemctl start couchdb.service +$ sudo systemctl start postgres@@12-main.service +``` + +* Check if both are running: + +```sh +$ sudo systemctl status couchdb.service +$ sudo systemctl status postgres@@12-main.service +``` + +* You should be able to see something like this: + +```sh +... systemd[1]: Started PostgreSQL Cluster 12-main. +... +... halt systemd[1]: Started Apache CouchDB. +``` +* install python and pip + - `$ sudo apt-get install python3 -y` + - `$ sudo -E apt-get install python3-pip -y` +* install mkdocs + - Without proxy: + + `$ sudo -E pip3 install mkdocs` + + `$ sudo -E pip3 install mkdocs-material` + - Via proxy: + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs` + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs-material` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +1. To clean everything and install without running the tests + - `$ mvn clean install -DskipTests ` + +2. For deployment run the command + - `mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false` + +#### 3.7.1 Start and Configure Liferay + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* After run command "mvn clean install -DskipTests" above, copy dependency in folder `/home/user/work/sw360/utils/jars` to `${LIFERAY_INSTALL}/osgi/modules` + + - `$ cd /home/user/work/sw360/utils/jars` + - `$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/` + +* We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360. + + - `$ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh` + - `$ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out` + +* Url SW360 : `https://localhost:8080` + +#### 3.7.2 Configure Liferay Portal + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` + +- Setup liferay: + +After successful , Then if you open the server with the URL `https://localhost:8080/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/1.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/2.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/3.png" >}} + +#### User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/4.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/6.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy74/7.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/8.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/9.png" >}} + +Finally, sice Liferay 7.4 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/10.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/11.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +#### Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/12.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/19.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/20.png" >}} + +#### Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/21.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/22.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy74/23.png" >}} + +#### Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/24.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/25.png" >}} + +### 3.8 Version Management Table (sw360 17.0.0) + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.4.3.18| +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | +| SW360 | 17.0.0 | + + + + +## References for more information +- [SW360] +- [CVE-Search] +- [Java] +- [Maven] +- [Thrift] +- [Liferay bundled with Tomcat] +- [PostgreSQL] +- [CouchDB] + + +## License + +[SPDX-License-Identifier: EPL-2.0] + +[//]: # (These are reference links used in the body of this instructions markdown file.) + [Check SW360]: + [Check CouchDB]: + [Check PostgreSQL]: + [SW360]: + [SW360 website]: + [CVE-Search]: + [Java]: + [Maven]: + [Thrift]: + [Liferay bundled with Tomcat]: + [PostgreSQL]: + [CouchDB]: diff --git a/content/fr/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-18.1.0.md b/content/fr/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-18.1.0.md new file mode 100644 index 0000000..8e7dc8c --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-18.1.0.md @@ -0,0 +1,976 @@ +--- +linkTitle: "Native-Install v18.1" +title: "Native Install v18.1" +weight: 100 +description: + Native-Install-Version-18.1 +--- + +# How to install and run SW360 v18.1.0 +# These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers. + +## This is a guide with detailed explanation of how to install and run SW360 natively on you local machine. +## It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run. + +SW360 is an Open Source project. The [SW360] repository and [SW360 website] repositories are published on GitHub. +## 1. Overview +### 1.1 SW360 Portal + +A software component catalogue application - designed to work with FOSSology. + +SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information. + +This material helps user to install SW360 18.1.0 + +### 1.2 Environment + +| Package Name | Version | +|:--------------|:--------:| +| Ubuntu | 20.04 | +| Apt | 2.0.2 | +| Wget | 1.20.3 | +| Curl | 7.68.0 | +| Git | 2.25.1 | +| Maven | 3.6.0 | +| OpenJDK | 11.0.5 | + +## 2.Install & Config proxy for Environment (if you are behind a proxy server) +``` +2.1 Apt +2.2 Wget +2.3 Curl +2.4 Git +2.5 Maven +2.6 OpenJDK +``` +### 2.1 Apt +##### Create file with name proxy.conf in folder `/etc/apt/apt.conf.d` + + - `$ sudo gedit /etc/apt/apt.conf.d/proxy.conf` + +##### Add the following line few files `proxy.conf` +``` +Acquire { + HTTP::proxy "http://username:password@server:port"; + HTTPS::proxy "http://username:password@server:port"; +} +``` +### 2.2 Wget +##### Create file `~/.wgetrc` + + - `$ sudo gedit ~/.wgetrc` + +##### Add the following line few files `~/.wgetrc` +``` +use_proxy=yes +http_proxy=http://username:password@server:port +https_proxy=http://username:password@server:port +``` +### 2.3 Curl +##### 2.3.1 Install Curl + - `$ sudo apt update` + - `$ sudo apt install curl` + +##### 2.3.2 Config proxy +* Create file `~/.curlrc` + + - `$ sudo gedit ~/.curlrc` + +* Add the following line few files `~/.curlrc` +``` +proxy=http://username:password@server:port/ +``` + +### 2.4 Git + +##### 2.4.1 Install Git +- `$ sudo apt update` +- `$ sudo apt install git` +##### 2.4.2 Config proxy +* Create file `~/.gitconfig` + + - `$ sudo gedit ~/.gitconfig` + +* Add the following line few files `~/.gitconfig` +``` +[http] + proxy = http://username:password@server:port + sslverify = false +[https] + proxy = http://username:password@server:port + +``` +### 2.5 Maven +##### 2.5.1 Install Maven +*Go to back Home in Terminal + +- `$ sudo apt update` +- `$ sudo apt install maven` + +##### 2.5.2 Config proxy for Maven + +* Create Folder with path `/home/user/.m2` +- `$ mkdir /home/user/.m2` + +* Create File in Folder `.m2` +- `$ touch /home/user/.m2/settings.xml` + +* Copy the following lines into tag + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + +### 2.6 OpenJDK 11 + +* And install OpenJDK 11 + - `$ sudo apt install openjdk-11-jdk` +* Check version: + - `$ java --version` + - Output: + ``` + openjdk version "11.0.15" 2022-04-19 + OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) + OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) + ``` + - Install JDK successfully + +## 3. Native install 18.1.0 (without docker-compose) + +**The installation consists of some tasks**: + +- [3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules](#ref1) + +- [3.2 Install databases](#ref2) + +- [3.3 Install CVE Search](#ref3) + +- [3.4 Clone Project sw360 with version 18.1.0](#ref4) + +- [3.5 Install Thrift version 16.0](#ref5) + +- [3.6 Config properties files with Sw360 (sw360 18.1.0)](#ref6) + +- [3.7 Compile and deploy](#ref7) + +- [3.8 Version Management Table (sw360 18.1.0)](#ref8) + + +### 3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules {#ref1} + +* Make folder `work` in path of work: `/home/user` + + - `$ mkdir work` + +* Download Liferay Portal CE 7.4.3.18 GA18 + - `$ cd work` + - `$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Extract downloaded file + - `$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Create `portal-ext.properties` file in `liferay-ce-portal-7.4.3.18-ga18` folder + +* Copy content from https://github.com/eclipse/sw360/blob/sw360-18.1.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties + +- Edit `portal-ext.properties`: uncomment below lines +```sh +# default.admin.password=sw360fossy + +# default.admin.screen.name=setup + +# default.admin.email.address.prefix=setup + +# default.admin.first.name=Setup + +# default.admin.last.name=Administrator +``` +- Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password + +```sh + # Postgres configuration + jdbc.default.driverClassName=org.postgresql.Driver + jdbc.default.url=jdbc:postgresql://localhost:5432/lportal + jdbc.default.username=${postgres_user} + jdbc.default.password=${postgres_password} +``` + +- Add lines to setup passsword policies +```sh + # Passsword policies + passwords.default.policy.change.required=false + company.security.send.password.reset.link=false + company.security.auto.login=false + company.security.auth.type=emailAddress + company.security.strangers=false + company.security.strangers.with.mx=false + company.security.strangers.verify=false +``` + +* Remove files in folder `hypersonic` with path: `/home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic` + - `$ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*` + +* Move folder `liferay-ce-portal-7.4.3.18-ga18` to `/opt` + + - `$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt` + +### 3.2 Install Database {#ref2} + +##### 3.2.1 Install CouchDB + +* To install from aptitute type: + +```sh +$ sudo apt update +$ sudo apt install -y couchdb +``` + +* You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials. + +* After, run CouchDb service, check if it's working: + +```sh +$ sudo systemctl start couchdb.service +``` +* Check if CouchDB is responding: +```sh +$ curl localhost:5984 +``` +* This should return json containing version information +* You can use "start/stop/status/restart" command with systemctl for controlling CouchDB service. + + +##### 3.2.2 Install PostgreSQL + +* Install PostgerSQL manually, you can install through "apt install" too: +```sh +$ sudo apt install zlib1g-dev -y +$ sudo apt install libreadline-dev -y +$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +$ tar -xvf postgresql-10.14.tar.gz +$ cd postgresql-10.14/ +$ mkdir -p /PATH_TO/sw360postgres +$ ./configure -prefix=/PATH_TO/sw360postgres +$ make +$ sudo make install +``` +* Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step. +```sh +$ vim ~/.bashrc +``` +* Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as "/home/username": +```sh +$ export PATH=$HOME/sw360postgres/bin:$PATH +$ export PGDATA=$HOME/sw360postgres/data +$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib +$ export PGPORT=5432 +``` +* Check if paths have been set, result must be the absolute paths: +```sh +$ echo $PATH +$ echo $PGDATA +$ echo $LD_LIBRARY_PATH +$ echo $PGPORT +``` +* After paths are set, postgres service can be run: +```sh +$ cd /PATH_TO/sw360postgres/bin +$ ./initdb --encoding=UTF8 --no-locale +$ ./pg_ctl start +``` +* You will see that the server has started. +* Note: If you installed through "apt install" then start the postgres service by following command, where after @ comes the installed version, if postgres isn't running you won't be able to connect to the server, and the error message is not explaining well that server isn't actually running at the moment: +```sh +sudo systemctl status postgresql@12-main.service +sudo systemctl start postgresql@12-main.service +``` +* Postgres will create an user with username ${ubuntu_user} (username login to ubuntu) +* Use theses command to change password of user ${ubuntu_user} in postgres sql. +```sh +$ psql postgres +postgres=# \du +postgres=# create database lportal; +postgres=# ALTER USER ${ubuntu_user} WITH PASSWORD 'sw360fossy'; +postgres=# ALTER ROLE ${ubuntu_user} with superuser; +postgres=# \q +``` +* Connect to postgres shell, and check users information +```sh +$ psql -d lportal +# \du +# \dt +# \l +``` +### 3.3 Install CVE Search {#ref3} + +* Follow these detailed instructions: + +```sh +[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst] +``` + +* To connect it to SW360, see following instructions: + +```sh +https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +``` +###### Notes: +- In the instruction be careful with setting apt link for mongodb, if somehow it destroys your "sudo apt update" command, go to "/etc/apt/sources.list" file and comment out the broken line, that's probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions. + +### 3.4 Clone sw360 with version 18.1.0 {#ref4} + +* Clone sw360 source code to folder `work` with path: `/home/user/work` + + - `$ git clone https://github.com/eclipse/sw360` + +* Checkout to tag 18.1.0 version + - `$ cd sw360` + - `$ git checkout sw360-18.1.0-M1` + +* export path to repository sw360 + - `$ export SW360_REPOSITORY=/home/user/work/sw360` +### 3.5 Install Thrift version 0.16 {#ref5} + +* For thrift, we need version 0.16. The installation script in Path: `${SW360_REPOSITORY}/scripts/install-thrift.sh` + +* Run command to install libraries: + - `$ sudo apt-get install -y clang-tidy` + - `$ sudo apt-get install flex` + - `$ sudo apt-get install -y clang-tools` + - `$ sudo apt-get install bison` + - `$ sudo apt-get install cmake` + +* Run command: + - `$ chmod +x install-thrift.sh` + - `$ sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16 +* Check version thrift + + - `$ thrift --version` + + - Output: + ``` + Thrift version 0.16.0 + + ``` + - Install Thrift successfully + +### 3.6 Config properties files with Sw360 (sw360 18.1.0) {#ref6} + +##### 3.6.1 Create folder `sw360` in path `/etc/` + + $ sudo mkdir sw360 + +##### 3.6.2 Create 2 folder `authorization` and `rest` in path `/etc/sw360` + + $ sudo mkdir authorization + $ sudo mkdir rest + +##### 3.6.3 Create file `application.yml` in path `/etc/sw360/authorizaton` with content (remember to replace couchdb username and password): +``` +# +# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: password + +jwt: + secretkey: sw360SecretKey + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API + +``` +* Create file `application.yml` in path `/etc/sw360/rest` with content: +``` +# +# Copyright Siemens AG, 2017. Part of the SW360 Portal Project. +# Copyright Bosch.IO GmbH 2020 +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +server: + port: 8091 + +management: + endpoints: + enabled-by-default: false + web: + base-path: + endpoint: + health: + enabled: true + show-details: always + info: + enabled: true + web: + base-path: / + +spring: + servlet: + multipart: + max-file-size: 500MB + max-request-size: 600MB + +# logging: +# level: +# org.springframework.web: DEBUG + +security: + oauth2: + resource: + id: sw360-REST-API + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + +sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` + +* Create file `couchdb.properties` in path `/etc/sw360` with content: + +``` +# +# Copyright Siemens AG, 2020. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +couchdb.url = http://localhost:5984 +couchdb.user = ${COUCHDB_USER} +couchdb.password = ${COUCHDB_PASSWORD} +couchdb.database = sw360db +couchdb.usersdb = sw360users +couchdb.attachments = sw360attachments +lucenesearch.limit = 10000 + +``` +* Create file `sw360.properties` and `/etc/sw360` with content: + +``` +# Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# common property file for the backend services +backend.url= http://localhost:8080 + +licenseinfo.spdxparser.use-license-info-from-files=true +mainline.state.enabled.for.user=false + +# settings for the mail utility: +# if host is not set, e-mailing is disabled +MailUtil_host= +MailUtil_from=__No_Reply__@sw360.org +MailUtil_port=25 +MailUtil_enableStarttls= +MailUtil_enableSsl= +MailUtil_isAuthenticationNecessary= +MailUtil_login= +MailUtil_password= +MailUtil_enableDebug= +MailUtil_supportMailAddress= + +# text patterns for mail utility +defaultBegin = \ +*** This is an automatically generated email, please do not reply. ***\n\n\ +Dear SW360-user,\n\n +defaultEnd = \ +With best regards,\n\ +SW360-support +unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: +unsubscribeNoticeAfter =. *** + +subjectForNewModerationRequest= New moderation request +subjectForUpdateModerationRequest= Update on moderation request +subjectForAcceptedModerationRequest= Your moderation request has been accepted +subjectForDeclinedModerationRequest= Your moderation request has been declined +subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined +subjectForNewComponent= New component created +subjectForUpdateComponent= Component updated +subjectForNewRelease= New release created +subjectForUpdateRelease= Release updated +subjectForNewProject= New project created +subjectForUpdateProject= Project updated +subjectForNewClearingRequest= New clearing request <%s> for Project <%s> +subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s> +subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s> +subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s> +subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s> +subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated + +textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n +textForUpdateModerationRequest= \ +one of the moderation requests previously added to your \ +SW360-account has been updated.\n\n +textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n +textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n +textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n +textForNewComponent= a new component %s, in which you take part, has been created.\n\n +textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n +textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n +textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n +textForNewProject= a new project %s %s, in which you take part, has been created.\n\n +textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n +textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n +textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n +#attachment.store.file.system.location=/opt/sw360tempattachments +#enable.attachment.store.to.file.system=false +#attachment.store.file.system.permission=rwx------ +#attachemnt.delete.no.of.days=30 + +#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. +#sw360changelog.config.file.location=/etc/sw360/log4j2.xml +enable.sw360.change.log=false +sw360changelog.output.path=sw360changelog/sw360changelog + +``` + +##### 3.6.4 Configure the sw360ChangeLog path +**Create log4j2.xml file:** +- Based on log4j2.xml file from https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml, update the content as below, then place this file to etc/sw360 folder. + +``` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` +**Set the environment variable for the changelog directory (`${env:FILE_PATH}/sw360changelog.log`):** + +- Create Folder **sw360changelog** in **var/log/**: + + `$ sudo mkdir sw360changelog ` +- If **/var/log/sw360changelog** folder requires permission, set permission for this folder: + + `$ sudo chown -R $USER:$USER /var/log/sw360changelog` + + `$ export FILE_PATH=/var/log/sw360changelog` + +* NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable + +**Enable changelog config:** + +Add the following lines to the sw360.properties file (or uncomment if they are existing) + +* `sw360changelog.config.file.location=/etc/sw360/log4j2.xml` +* `enable.sw360.change.log=true` + +### 3.7 Compile and deploy {#ref7} + +##### 3.7.1. Start Database: +* Turn on the CouchDB and Postgres services + +```sh +$ sudo systemctl start couchdb.service +$ sudo systemctl start postgres@@12-main.service +``` + +* Check if both are running: + +```sh +$ sudo systemctl status couchdb.service +$ sudo systemctl status postgres@@12-main.service +``` + +* You should be able to see something like this: + +```sh +... systemd[1]: Started PostgreSQL Cluster 12-main. +... +... halt systemd[1]: Started Apache CouchDB. +``` +##### 3.7.2. Install python and pip: + +```sh +$ sudo apt-get install python3 -y +$ sudo -E apt-get install python3-pip -y +``` + +##### 3.7.3. Install mkdocs: + - Without proxy: + + `$ sudo -E pip3 install mkdocs` + + `$ sudo -E pip3 install mkdocs-material` + - Via proxy: + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs` + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs-material` + +##### 3.7.4. Set Environment for `${LIFERAY_INSTALL}`: + +```sh +$ cd /home/user/work/sw360 +$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18 +``` + +##### 3.7.5. Config Couchdb Lucene: + +Run following commands to config Couchdb Lucene (remember to replace **COUCHDB_USER** and **COUCHDB_PASSWORD** by username and password of couchdb installed at step [3.2.1](#321-install-couchdb)): + +```sh +$ cd third-party/couchdb-lucene/ +$ sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini +$ sed -i "s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/" ./src/main/resources/couchdb-lucene.ini +``` + +##### 3.7.6. Clean everything and install without running the tests: + +```sh +$ mvn clean install -DskipTests +``` + +##### 3.7.7. Deploy: + +```sh +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false +``` + +##### 3.7.8 Start and Configure Liferay: + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* After run command "mvn clean install -DskipTests" above, copy dependency in folder `/home/user/work/sw360/utils/jars` to `${LIFERAY_INSTALL}/osgi/modules` + + - `$ cd /home/user/work/sw360/utils/jars` + - `$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/` + +* We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360. + + - `$ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh` + - `$ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out` + +* Url SW360 : `https://localhost:8080` + +##### 3.7.9 Configure Liferay Portal: + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` + +- Setup liferay: + +After successful , Then if you open the server with the URL `https://localhost:8080/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/1.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/2.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/3.png" >}} + +##### User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/4.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/6.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy74/7.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/8.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/9.png" >}} + +Finally, sice Liferay 7.4 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/10.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/11.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +##### Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/12.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/19.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/20.png" >}} + +##### Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/21.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/22.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy74/23.png" >}} + +##### Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/24.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/25.png" >}} + +### 3.8 Version Management Table (sw360 18.1.0) {#ref8} + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.4.3.18| +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | +| SW360 | 18.1.0 | + + + + +## References for more information +- [SW360] +- [CVE-Search] +- [Java] +- [Maven] +- [Thrift] +- [Liferay bundled with Tomcat] +- [PostgreSQL] +- [CouchDB] + + +## License + +[SPDX-License-Identifier: EPL-2.0] + +[//]: # (These are reference links used in the body of this instructions markdown file.) + [Check SW360]: + [Check CouchDB]: + [Check PostgreSQL]: + [SW360]: + [SW360 website]: + [CVE-Search]: + [Java]: + [Maven]: + [Thrift]: + [Liferay bundled with Tomcat]: + [PostgreSQL]: + [CouchDB]: diff --git a/content/fr/docs/Deployment/Legacy/NativeInstall/_index.md b/content/fr/docs/Deployment/Legacy/NativeInstall/_index.md new file mode 100644 index 0000000..eafb0fc --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/NativeInstall/_index.md @@ -0,0 +1,7 @@ +--- +title: "Native Install" +linkTitle: "Native Install" +weight: 20 +oem_ignore: true +description: SW360 Native Install Deployment +--- diff --git a/content/fr/docs/Deployment/Legacy/_index.md b/content/fr/docs/Deployment/Legacy/_index.md new file mode 100644 index 0000000..e4d9575 --- /dev/null +++ b/content/fr/docs/Deployment/Legacy/_index.md @@ -0,0 +1,7 @@ +--- +title: "Legacy Deployment Guides" +linkTitle: "Legacy Guides" +weight: 20 +oem_ignore: true +description: SW360 Legacy deployment guides +--- diff --git a/content/fr/docs/Deployment/Upgrading/Deploy-Upgrade-to-Liferay-7.3-and-Java-11.md b/content/fr/docs/Deployment/Upgrading/Deploy-Upgrade-to-Liferay-7.3-and-Java-11.md new file mode 100644 index 0000000..8bdbdbd --- /dev/null +++ b/content/fr/docs/Deployment/Upgrading/Deploy-Upgrade-to-Liferay-7.3-and-Java-11.md @@ -0,0 +1,358 @@ +--- +linkTitle: "Liferay 7.3 and Java 11" +title: "Liferay 7.3 and Java 11" +weight: 100 +description: + Upgrading previous sw360 instances to Liferay 7.3.x and Java 11 +--- + + +## Introduction + +We are covering the update for ubuntu here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. + +With the update to Java 11, we upgraded from Ubuntu 16.04 to Ubuntu 18.04, both LTS version. This OS is used for example by the https://github.com/sw360/sw360vagrant project. + +So the update covers the following: + +| orign | target | +|---|---| +| Ubuntu 16.04 LTS | Ubuntu 18.04 LTS | +| CoucbdDB 1.X (comes with Ubuntu) | CouchDB 2.X (not with Ubuntu anymore) | +| Postgresql 9.X (comes with Ubuntu) | Postgresql 10.X (comes with Ubuntu) | +| OpenJDK 8 (comes with Ubuntu) | openJDK 11 (comes with Ubuntu) | +| Apache Thrift 0.11/0.12 | Apache Thrift 0.13 | + +## Overview + +The upgrade consists of quite some tasks, as an overview: + +1. Make a backup +2. Execute sw360 migration scripts +3. Linux release upgrade +5. Java 11 +6. Postgresql +7. CouchDB 2.X +8. Thrift to 0.13 +9. Liferay ce 7.3.3 +10. Copy your existing `portal-ext.properties` to now liferay_install location +11. copy from old liferay installation the `data/document_library` to the new liferay +12. Adjust `/etc/ini.d/tomcat` with path of new liferay +13. Adjust `$liferay_install` variable +14. add Java prerequisites to OSGi container +15. Update couchdb-lucene +16. Deploy new version of sw360 +17. Adjust Liferay + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +`# sudo apt update` + +`# sudo apt upgrade` + +### Keeping More Settings Files + +**apache.conf:** Keep also the mod security conf files that are asked to update during installation + +**sshd:** Changes on the ssh / sshd conf files should be kept in case you have setup up dome remote public private key login (usually the case for server installation). Otherwise you re locked out maybe. + +**Maven:** if you change Maven, for example with your proxy settings, keep it too. + +In general, whenever there is functionality you need, consider keeping existing settings files. + +## Ubuntu Release Upgrade + +There is maybe the remark to overwrite the current apache configuration. We propose to keep the currently installed apache files. + +`# sudo do-release-upgrade` + +Answer "yes" for the download of packages and also confirm the update of the glibc, of course. Update the `system.conf`(install maintainer's version), depending on if you actually edited this. Some for `sysctl.conf`. + +## Migration of PostgreSQL + +The existing 9.5 will not be upgraded, instead this message comes: After the release upgrade, you can check again if postgresql is installed: + +`sudo apt list postgre* --installed` + +Postgresql 9.5 should be the only installed. The old postgresql 9.5 must stay in fact, because the migration tool needs to be executing on a running postgresql 9.5 instance. Just having popstgresql 10 and a database only from postgresql 9.5 will not work. You can go ahead install postgresql 10: + +`sudo apt install postgresql-10` + +Then, apply the instruction to update from 9.5 to 10.0 from this page: https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04 + +``` +# service postgresql stop +... +# pg_dropcluster --stop 10 main +... +# pg_upgradecluster -m upgrade 9.5 main +... +# pg_dropcluster 9.5 main --stop +... +# apt-get autoremove --purge postgresql-9.5 +... +# service postgresql start +``` +(note that # means you need to be root or execute with sudo) + +## Migration of CouchDB + +CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDb package repository to install it, first the key for signing: + +`curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -` + +The add the repo to the sources: + +`echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list` + +Then, add its contents to the package database by updating apt: + +`sudo apt-get update -y` + +Ultimately install CouchDB, we tried with 2.1.2 initiall not to make a too far jump from 1.X, later versions may work as well. Note that for upgrading to CouchDB 3.X you would need an upgrade to 2.X first. + +`sudo apt-get install -y couchdb=2.1.2~bionic` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly. +2. Admin user: **Warning** The couchdb migration utility does not support authentication! Please do not enter an admin password, but apply it later. You can set the password for CouchDB in `couchdb.properties` and place it centrally in `/etc/sw360` +3. Migration: yes you need to use `couchup` for migrating the databases + +In case you added an admin and need to remove it, try: + +`curl -X DELETE http://admin:password@127.0.0.1:5984/_config/admins/admin` + +where the two occurrences `admin` is the name of the admin user in the URL, whatever the user was called. + +### Migration of CouchDB Databases + +As a preparation: the CouchDB migration works by copying the databases, so the file system needs at least as much free space as the CouchDB databases use. + +CouchDB offers a migration utility. It is advised that you remove all test databases as they do not seem to work with the migration utility. Important links are: + +* https://docs.couchdb.org/en/2.3.1/install/upgrading.html +* https://github.com/apache/couchdb/pull/483 + +For some reason after installation, the `couchup`utility is not part of the path, so execute: + +`/opt/couchdb/bin/couchup list` + +It lists all DBs found. The go ahead with: + +`/opt/couchdb/bin/couchup replicate -a` + +It should replicate all databases in `/var/lib/couchdb`. Please refer to the couchup documentation, for the subsequent steps. A few remarks from our experience: + +1. The rebuold of the couchdb does not work for our test databases. Please refer to the documentation how to do this manually if you like. +2. The couchup utility crashes for large DB sizes with a time out error. Consider using the timeout option: `/opt/couchdb/bin/couchup replicate -a --timeout==10000` (with almost infinite timeout here) +3. On very large attachment database sizes (500GB), the couchdb configuration must be changed. We increased almost every related value by factor 10 (timeouts, memory, etc) in `/opt/couchdb/etc/default.ini` and good success with this. + +## Update Thrift + +For thrift, we need version 0.13. The installation script `scripts/install-thrift.sh`allows for uninstalling old versions: + +`sudo ./install-thrift.sh --uninstall` + +and then install + +`sudo ./install-thrift.sh` + +## From OpenJDK 8 to OpenJDK 11 + +First check, what is installed. + +`# sudo apt list openjdk* --installed` + +Then you could check what is available: + +`# sudo apt list openjdk*` + +It should be that OpenJDK 8 is installed and both OpenJDK 8 and 11 are available. Then, remove the OpenJDK 8 and install 11: + +``` +sudo apt remove openjdk-8-jdk +sudo apt remove openjdk-8-jre +sudo apt remove openjdk-8-jdk-headless +sudo apt remove openjdk-8-jre-headless +``` + +check if nothing is installed: + +`# sudo apt list openjdk* --installed` + +Then install the openjdk-11-jdk: + +`# sudo apt install openjdk-11-jdk` + +Then the `$JAVA_HOME` needs to be updated, most likely it is defined in `/etc/environment`. Please check for your installation how to set the `$JAVA_HOME` correctly. + +## Updating Liferay + +Download Liferay from this link + +https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz + +and unpack it, ideally in the `/opt` directory, so resulting path would look like `liferay-ce-portal-7.3.3-ga4`. + +Then, you need to update the `$LIFERAY_INSTALL` in `/etc/environment` from `LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ +` to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4`. + +First, you will need to copy the `portal-ext.properties` from the old liferay folder to the new liferay folder (or new `$LIFERAY_HOME`): + +`# cp /$old-liferay/portal-ext.properties $LIFERAY_INSTALL/portal-ext.properties` + +### Migration of existing database + +For a version upgrade from Liferay CE 7.2 to Liferay 7.3, migration scripts must be applied, they are located in `$LIFERAY_HOME/ +tools/portal-tools-db-upgrade-client`. From there the following files needs to be adapted: + +* `app-server.properties`: most likely uncomment tomcat, because we re using liferay with tomcat. +* `portal-upgrade-database.properties`: uncomment postgresql section and add database user, default from installation is `liferay/liferay`, or it is stored in `portal-ext.properties` right where the JDBC driver is selected. Please note that your `portal-ext.properties` file in `$LIFERAY_INSTALL`can have the following line `include-and-override=/etc/sw360/portal-ext.properties`. In this case, consider the `portal-ext.properties`at that location. +* `portal-upgrade-ext.properties`: just the liferay home, you can leave it as it is + +If everything is done (and the postgresql migration took place), execute: + +`# ./db_upgrade.sh` + +It should return a battery of `INFO` log level messages end with: + +``` +Completed Liferay core upgrade process in 96 seconds +Checking to see if all upgrades have completed... done. +``` + +### More Migration + +The liferay migration covers apparently only the database, but not the files in the `$LIFERAY_HOME/data` folder. It would have been nicer, if that would have been covered too. Instead these must be copied manually. In fact, for the migration, it is advised to copy only the `/old-liferay/data/document_library` to the new location. Something like (different pwd ...): + +`# cp -r _attic/liferay-portal-7.2.1-ga2/data/document_library/ liferay-ce-portal-7.3.3-ga4/data/` + +### Auto Start + +For auto start, you need an according init.d entry. It could be a file like `/etc/init.d/tomcat`. The file could be created if not there already, with the following contents: + +``` +#!/bin/bash + +### BEGIN INIT INFO +# Provides: tomcat7 +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop Tomcat server +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +start() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh +} + +stop() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh +} + +case $1 in + start|stop) $1;; + restart) stop; start;; + *) echo "Run as $0 "; exit 1;; +esac +``` + +Te user `siemagrant` is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server runs under in vagrant. Regardless how the user is named, it is important that liferay runs under an unprivileged user (for security reasons). + +### Adjust Memory + +When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in `$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh` should be adapted again. + +## Install Prerequisites + +For old installations, libthrift is not there (which causes an error at container startup), it should be downloaded and deployed: + +``` +wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar +mv libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ +``` + +The the existing prerequisites needs to be copied from the `osgi/modules` from the old liferay installation: + +``` +cp commons-lang-2.4.jar $LIFERAY_HOME/deploy +cp commons-io-2.6.jar $LIFERAY_HOME/deploy +cp commons-csv-1.4.jar $LIFERAY_HOME/deploy +cp commons-collections4-4.1.jar $LIFERAY_HOME/deploy +cp commons-codec-1.12.jar $LIFERAY_HOME/deploy +cp commons-logging-1.2.jar $LIFERAY_HOME/deploy +cp gson-2.8.5.jar $LIFERAY_HOME/deploy +cp guava-21.0.jar $LIFERAY_HOME/deploy +cp jackson-annotations-2.9.8.jar $LIFERAY_HOME/deploy +cp jackson-core-2.9.8.jar $LIFERAY_HOME/deploy +cp jackson-databind-2.9.8.jar $LIFERAY_HOME/deploy +``` + +note that with the [commit](https://github.com/eclipse/sw360/commit/71348b4fffa6e3e5fd761a3f63590a0a60663827) to sw360-13.0.0-M1 you need also another dependency for apache poi: + +``` +cp commons-compress-1.20.jar $LIFERAY_HOME/deploy +``` + +## Install Couchdb Lucene + +SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main thing is that it requires pathing for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container. + +Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be `couchdb-lucene`: + +`wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz` + +Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene: + +https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh + +Please note that the patching issue is well known in the project and it is unclear why it is not merged: + +* https://github.com/rnewson/couchdb-lucene/issues/161 "allow context-root other than "/" when running in servlet container" +* https://github.com/rnewson/couchdb-lucene/pull/162 +* https://github.com/rnewson/couchdb-lucene/pull/152 + +Now, for CouchDB 2.X the hook for integration of a search component has chaned compared to CouchDB 1.X. Accordingly, the old couchdb-lucene component must be replaced with the latest version. + +## Deploy New SW360 + +You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 or some few commits before that. Then build in the sw360 project root using: + +`mvn clean install -DskipTests` + +This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same: + +``` +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests +``` + +Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed: + +``` +cd rest +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +``` + +## Final Steps in Liferay + +Liferay CE 7.3 bring some changes that still require manually applied settings to the running liferay server. Thus, you could start the liferay server or just restart the entire machine. The following two things need to be adaptedin liferay after successful startup in order to get the migration done: + +1. The automatic verification of e-mail adresses maybe be needed to be switched off, because it kicks in also for existing users. This can be done in "Control Panerl" -> "Instance Settings" -> "User Authentication" -> "" + +2. The JavaScript components jquery and fontawesone (that come with liferay) must be manually enabled now. For this got into "Control Panel" -> "System Settings" -> "Thrid Party". and from then select the two JavaScript components from the left and enable them accordingly. + +## Known Issues + +### Database Availability Right after Update + +Right after updating, the sw360 will not show up data at all, but sometimes nothing or "portlet unavailable". The problem is the re-indexing of the DB and the search index which takes a while. You can trigger reindexing in the systems. A lazy way is call all (main) views so the database stumbles accross it and starts the indexing tasks (see job view in the couchdb admin interface of Futon). The sam eis for searches, the first searches will fail and the lucene will do some internal updates. leaving the system working for some time and follow the log will help. Could take 30 minutes. + +### E-Mail Verification Trap + +Liferay has automatically enabled password verification for all accounts right after migration. Not sure what motivates persons to enable such feature by default right after migration from an instance where it was not there? In case you have attached the system to an external login solution, but your liferay is not configured to send mails, then it is a trap, because you cannot verify the e-mail address and thus, cannot login. You need to disable the external login solution and use the original initial setup user to login (which is not asked for verification by e-mail) to disable this feature (see above). diff --git a/content/fr/docs/Deployment/Upgrading/Upgrade-SW360-from-14.0.0-to-15.0.0.md b/content/fr/docs/Deployment/Upgrading/Upgrade-SW360-from-14.0.0-to-15.0.0.md new file mode 100644 index 0000000..b3913b6 --- /dev/null +++ b/content/fr/docs/Deployment/Upgrading/Upgrade-SW360-from-14.0.0-to-15.0.0.md @@ -0,0 +1,90 @@ +--- +linkTitle: "Upgrade Sw360 from 14.0 to 15.0" +title: "Upgrade Sw360 from 14.0 to 15.0" +weight: 100 +description: + Upgrade Sw360 from 14.0 to 15.0 +--- + +# Upgrade SW360 version 15.0 + +## 1. Upgrade sw360 from 14.0 to 15.0 +``` +1.1 Checkout source code SW360 to Tag Version 15 +1.2 Version of libraries +1.3 Migrate database +1.4 Build and deploy Sw360 Version 15.0 +``` +### 1.1 Checkout source code SW360 to Tag Version 15 + +Link contains source: + +* Path `SW360_REPOSITORY` = `/home/user/work/sw360` + +* Source code sw360 is in master branch with commit version 14.0 . User into `${SW360_REPOSITORY}` use git checkout to tag version 15 on the master branch of SW360 +* Checkout to tag Version 15.0.0 + - `$ git checkout . ` + - `$ git checkout sw360-15.0.0-M1` + +### 1.2 Version of libraries + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.3.4 | +| Tomcat | 9.0.33 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.14.0 | +| SW360 | 14.0.0 | + +### 1.3 Migrate database + +* Check migrate scripts from 14.0 to 15.0 by + +- There is no migrate script, skip this step. + +### 1.4 Build and deploy SW360 Version 15.0 + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Stop SW360 version 14.0, ensure that couchdb is accessible (try to open `http://localhost:5984/_utils/`) + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh` + +## 2. Compile and deploy + +* Start couchdb + - `$ sudo service couchdb start` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +1. To clean everything and install without running the tests + - `$ mvn clean install -DskipTests ` + +2. For deployment run the command + - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` + +### 2.1 Start and Configure Liferay +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*` + +* Url SW360 : `https://localhost:8080` +### 2.2 Configure Liferay Portal + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` \ No newline at end of file diff --git a/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_15_To_16.md b/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_15_To_16.md new file mode 100644 index 0000000..4a1f459 --- /dev/null +++ b/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_15_To_16.md @@ -0,0 +1,145 @@ +--- +linkTitle: "Upgrade Sw360 from 15.0 to 16.0" +title: "Upgrade Sw360 from 15.0 to 16.0" +weight: 100 +description: + Upgrade Sw360 from 15.0 to 16.0 +--- + +# Upgrade SW360 version 16.0 + +## 1. Upgrade sw360 from 15.0 to 16.0 +``` +1.1 Checkout source code SW360 to Tag Version 16 +1.2 Version of libraries +1.3 Migrate database +1.4 Build and deploy Sw360 Version 16 +1.5 Start and Configure Liferay +``` +### 1.1 Create Folder contains source code SW360 to Tag Version 16 + +Link contains source: + +* Path `SW360_REPOSITORY` = `/home/user/work15to16/sw360` + +* Source code sw360 is in main branch with commit version 14.0 . User into `${SW360_REPOSITORY}` use git checkout to tag version 16 on the main branch of SW360 +* Checkout to tag Version 16.0.0 or checkout commit "d15db4a1b07112fff126016103c1a8d8dd03c230" + - `$ git checkout d15db4a1b07112fff126016103c1a8d8dd03c230 ` or `$ git checkout sw360-16.0.0-M1` + +* Upgrade Thrift from 0.14.0 to 0.16.0 + - Move to folder sw360 with path `/home/user/work15to16/sw360` + + Run command line: + + Uninstall thrift version 0.14.0 + + - `./scripts/install-thrift.sh --uninstall` + + Install thrift version 0.16.0 + + - `./scripts/install-thrift.sh` + + Check version thrift + + - `thrift --version` + +* Update Dependency for SW360 version 16 + + Download dependency: + - `wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.7/commons-io-2.7.jar -O commons-io-2.7.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.9/gson-2.8.9.jar -O gson-2.8.9.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/31.0.1-jre/guava-31.0.1-jre.jar -O guava-31.0.1-jre.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.13.2/jackson-annotations-2.13.2.jar -O jackson-annotations-2.13.2.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.13.2/jackson-core-2.13.2.jar -O jackson-core-2.13.2.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.13.2.2/jackson-databind-2.13.2.2.jar -O jackson-databind-2.13.2.2.jar` + - `wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar -O libthrift-0.16.0.jar` + + Move dependency to folder `/opt/liferay-ce-portal-7.3.4-ga5/deploy` + +### 1.2 Version of libraries + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.3.4 | +| Tomcat | 9.0.33 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | + +### 1.3 Migrate database + +* Check migrate scripts from 15.0 to 16.0 by + +* 3 file migration: + - `https://github.com/eclipse/sw360/blob/main/scripts/migrations/048_add_component_businessunit.py` + - `https://github.com/eclipse/sw360/blob/main/scripts/migrations/049_migrate_admin_obligation.py` + - `https://github.com/eclipse/sw360/blob/main/scripts/utilities/003_update_project_field_value_couchdb_2_x.py` + + Install enviroment for python 2.7 + - `$ sudo apt-add-repository universe` + - `$ sudo apt update` + - `$ sudo apt install python2-minimal` + + Check version + - `$ python2 --version` + + Install pip for python 2.7 + -`curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py` + -`sudo python2 get-pip.py --proxy=http://username:password@hostname` + -`pip --version` + + Import package couchdb + -`pip install --proxy=http://username:password@hostname couchdb` + + How to run migration data + 1. stop SW360 (i.e. the tomcat) + * Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + + * Stop SW360 version 15.0, ensure that couchdb is accessible (try to open `http://localhost:5984/_utils/`) + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh` + + 2. ensure that couchdb is accessible (try to open http://localhost:5984/_utils/) + + 3. run the migration scripts (i.e. for each script call python2 /PATH/TO/00?_some_migration_script.py) + be aware that some scripts are using an internal dry-run switch which you have to change manually in the script's code. + + 3.1 move to folder with path `/home/user/work15to16/sw360/scripts/migrations` + + Run command: + - `python2 048_add_component_businessunit.py` + - `python2 049_migrate_admin_obligation.py` + + Check data change in file log: + - 048_add_component_businessunit.log + - 049_migrate_admin_obligation.log + + 3.2 move to folder with path `/home/user/work15to16/sw360/scripts/utilities` + - `python2 003_update_project_field_value_couchdb_2_x.py` + + Check data change in file log: + - 003_update_project_field_value_couchdb_2_x.log + +### 1.4. Compile and deploy + + * Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + + To clean everything and install without running the tests + + - `mvn clean install -DskipTests ` + + For deployment run the command + - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` + +### 1.5 Start and Configure Liferay +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*` + +* Url SW360 : `https://localhost:8080` \ No newline at end of file diff --git a/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_16_To_17.md b/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_16_To_17.md new file mode 100644 index 0000000..e6b282e --- /dev/null +++ b/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_16_To_17.md @@ -0,0 +1,293 @@ +--- +linkTitle: "Upgrade SW360 from 16.0 to 17.0" +title: "Upgrade SW360 from 16.0 to 17.0" +weight: 100 +--- + + +[Checkout source code SW360 to Tag Version 17](#ref1) + +[Version of libraries](#ref2) + +[Migrate Database](#ref3) + +[Build and deploy SW360 Version 17](#ref4) + +[Start and Configure Liferay](#ref5) + + +## Prepare source code to use release 17 {#ref1} + +Link contains source: + +* Path `SW360_REPOSITORY` = `/home/user/work16to17/sw360` + +* Source code sw360 is in main branch with commit version 16.0.0 . User into `${SW360_REPOSITORY}` use git checkout to tag version 16 on the main branch of SW360 +* Checkout to tag Version 17.0.0 + + * `$ git checkout 6c1aeacea3b0c5f37dc1752b5409cce1433e40c2` + +* Check version thrift + + * `thrift --version` + +* If thrift version 0.14.0 then upgrade Thrift from 0.14.0 to 0.16.0 + + * Move to folder sw360 with path `/home/user/work16to17/sw360` + + To uninstall thrift version 0.14.0: + + * `./scripts/install-thrift.sh --uninstall` + + To install thrift version 0.16.0 + + * `./scripts/install-thrift.sh` + +* Download Liferay Portal CE 7.4.3.18 GA18 + + * `$ cd work16to17` + + * `$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Extract downloaded file + + * `$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Copy file `portal-ext.properties` from `liferay-ce-portal-7.3.4-ga5` folder to `liferay-ce-portal-7.4.3.18-ga18` folder + +* Remove files in folder `hypersonic` with path: `/home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic` + + `$ rm -rf /home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*` + +* Copy all file `liferay-ce-portal-7.3.4-ga5/osgi/configs` folder to `liferay-ce-portal-7.4.3.18-ga18/osgi/configs` folder + +## Liferay Database Migration + + +* Go to `liferay-ce-portal-7.4.3.18-ga18/tools/portal-tools-db-upgrade-client` folder + +* Edit `app-server.properties` to add the following parameters: + +``` + dir={LIFERAY_PATH_7.4}/tomcat-9.0.56 + extra.lib.dirs=/bin + global.lib.dir=/lib + portal.dir=/webapps/ROOT + server.detector.server.id=tomcat +``` + +* Edit `portal-upgrade-database.properties` to add the following parameters: + +``` + jdbc.default.driverClassName=org.postgresql.Driver + jdbc.default.url=jdbc:postgresql://{POSTGRE_HOST}:5432/lportal + jdbc.default.username={POSTGRES_USER} + jdbc.default.password={POSTGRES_PASSWORD} +``` + +* Edit `portal-upgrade-ext.properties` to add the following parameter: + +``` + liferay.home={LIFERAY_PATH_7.4} +``` + +* Finally, you can run the script with the following command: + +``` +$ ./db_upgrade.sh -j "-Xmx8000m -Dfile.encoding=UTF-8 -Duser.timezone=GMT" +``` + +* Move folder `liferay-ce-portal-7.4.3.18-ga18` to `/opt` + + `$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt` + +* Set Environment for `${LIFERAY_INSTALL_7_4}` + + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Move folder `/home/user/work16to17/sw360` run command + + `$ mvn clean install -DskipTests` + +* After run command "mvn clean install -DskipTests" above, copy dependency in folder `/home/user/work16to17/sw360/deploy/jars` to `${LIFERAY_INSTALL_7_4}/deploy` + + ```bash + $ cd /home/user/work16to17/sw360/deploy/jars + $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/deploy/ + ``` + +* We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360 or can reuse 7.3.4's setenv.sh. + + ```bash + $ sudo rm -rf ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/setenv.sh + $ sudo cp /home/user/work16to17/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/ + ``` + +## Install Couchdb Lucene + +* SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene + +* Run command download Couchdb Lucene + - `wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz` + +* Note extract couchdb-lucene to folder `work` with path of work: `/home/user/work` + - `tar -xzf couchdb-lucene.tar.gz` + +* Run command: + - `cd couchdb-lucene-2.1.0` + - `sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini ` + - `sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini ` + - `wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch ` + - `patch -p1 < couchdb-lucene.patch ` + - `mvn clean install war:war` + - `sudo cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war` + +## Version of libraries {#ref2} + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.4.3 | +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | + +* To check couchdb version: run `curl http://localhost_or_yourcouchdbserver:5984 | json_pp` +## Migrate database {#ref3} + +* Check migrate scripts from 16.0 to 17.0 by + +* File migration: + + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/050_cleanup_eccinformation_duplicate_attributes.py` + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/051_change_eccStatus.py` + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/052_migrate_clearing_request_status.py` + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/053_remove_whitespace_component_name.py` + + +* Install pip for python 3 + + if there is no proxy, skip option `--proxy=http://username:password@hostname:port` + + ```bash + $ sudo apt update + $ sudo apt install python3-pip + ``` + +* Import package couchdb + `pip3 install --proxy=http://username:password@hostname:port couchdb` + + How to run migration data + 1. stop SW360 (i.e. the tomcat) + * Set Environment for `${LIFERAY_INSTALL_7_4}` + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + + * Stop SW360 version 16.0 with path `LIFERAY_INSTALL_7_3= /opt/liferay-ce-portal-7.3.4-ga5` + `$ ${LIFERAY_INSTALL_7_3}/tomcat-9.0.33/bin/shutdown.sh` + + 2. Ensure that couchdb is accessible (try to open `http://localhost:5984/_utils/`) + + 3. run the migration scripts (i.e. for each script call python3 /PATH/TO/00?_some_migration_script.py) + be aware that some scripts are using an internal dry-run switch which you have to change manually in the script's code. + + * Move to folder with path `/home/user/work16to17/sw360/scripts/migrations` + * Edit file migration to add the following parameters: + + ``` + DRY_RUN = False + # set admin name and password for couchdb3 + DB_USER_NAME = 'admin' + DB_USER_PASSWORD = 'password' + # set credentials for couchdb3 + couch.resource.credentials=(DB_USER_NAME, DB_USER_PASSWORD) + ``` + * Need to update 052 for python script + - Python 2.x code with Python 3.x. In Python 2, print is a statement and can be used without parentheses. However, in Python 3, print is a function and therefore always requires parentheses. + - Install library `pandas` of python. + - ```$ pip3 install pandas ``` + + - Run command: + + ```bash + $ python3 050_cleanup_eccinformation_duplicate_attributes.py + $ python3 051_change_eccStatus.py + $ python3 052_migrate_clearing_request_status.py + $ python3 053_remove_whitespace_component_name.py + ``` + + Check data change in file log: + + * 050_cleanup_eccinformation_duplicate_attributes.py.log + * 051_change_eccStatus.py.log + * 052_migrate_clearing_request_status.log + * 053_remove_whitespace_component_name.log + +## Compile and deploy {#ref4} + +* Set Environment for `${LIFERAY_INSTALL_7_4}` + `$ cd /home/user/work16to17/sw360` + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + + To clean everything and install without running the tests + `mvn clean install -DskipTests` + +* For deployment run the command + `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true ` + +## Start and Configure Liferay {#ref5} + +* Set Environment for `${LIFERAY_INSTALL_7_4}` + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Start liferay + + * `$ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh` + +* Log + + * `$ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/*` + +* Url SW360 : `https://localhost:8080` + + +### Re-indexing search indexes is required for major version upgrades. Here’s how to re-index: + +``` +1. Click on the Global Menu (Global Menu icon) and select the Control Panel tab. The Control Panel appears. + +2. Click on Search in the Configuration section, select the Index Actions tab, and click Execute for Re-index all search indexes. The re-index executes and displays a success message when done. +``` + +{{< figure src="/sw360/img/sw360screenshots/ReIndexSearch.png" >}} + + +### Setup SW360 for Liferay: Import *.lar Files + +- ```You need over-import *.lar files to the portet can show the sw360 icons/images``` + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png" >}} + + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} diff --git a/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_17_To_18.md b/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_17_To_18.md new file mode 100644 index 0000000..d342ac1 --- /dev/null +++ b/content/fr/docs/Deployment/Upgrading/Upgrade_Version_SW360_17_To_18.md @@ -0,0 +1,155 @@ +--- +linkTitle: "Upgrade SW360 from 17.0 to 18.1.0" +title: "Upgrade SW360 from 17.00 to 18.1.0" +weight: 100 +--- + +[Version of libraries](#ref1) + +[Checkout source code SW360 to Tag Version 18.1.0](#ref2) + +[Config Couchdb Lucene](#ref3) + +[Build and deploy](#ref4) + +[Start and Configure Liferay](#ref5) + +[Setup SW360 for Liferay: Import *.lar Files](#ref6) + +## Version of libraries {#ref1} + +| Package Name | Version | +| :----------- | :-----: | +| Liferay | 7.4.3 | +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | + +To check couchdb version: run `curl http://localhost_or_yourcouchdbserver:5984 | json_pp` + +## Prepare source code to use release 18.1.0 {#ref2} + +Link contains source: + +Create folder to store new source code of version 18.1.0: + +```sh +$ mkdir /home/user/work17to18 +``` + +Clone source code from github: + +```sh +$ git clone https://github.com/eclipse/sw360.git +``` + +Checkout to tag Version 18.1.0 + +```sh +$ git checkout sw360-18.1.0-M1 +``` + +Set Environment for `${LIFERAY_INSTALL_7_4}` + +```sh +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18 +``` + +Move folder `/home/user/work17to18/sw360` run command + +```sh +$ mvn clean install -DskipTests +``` + +Copy dependencies from folder **/home/user/work17to18/sw360/deploy/jars** to **${LIFERAY_INSTALL_7_4}/osgi/modules** + +```sh +$ cd /home/user/work17to18/sw360/utils/jars +$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/ +``` + +## Config Couchdb Lucene {#ref3} + +Run following commands to config Couchdb Lucene (remember to replace **COUCHDB_USER** and **COUCHDB_PASSWORD** by username and password of couchdb): + +```sh +$ cd /home/user/work17to18/sw360/third-party/couchdb-lucene/ +$ sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini +$ sed -i "s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/" ./src/main/resources/couchdb-lucene.ini +$ mvn clean install war:war +$ cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war +``` + +## Build and deploy {#ref4} + +Set Environment for `${LIFERAY_INSTALL_7_4}` + +```sh +$ cd /home/user/work17to18/sw360 +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18 +``` + +To clean everything and install without running the tests + +```sh +$ mvn clean install -DskipTests +``` + +For deployment run the command + +```sh +$ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true +``` + +## Start and Configure Liferay {#ref5} + +Set Environment for `${LIFERAY_INSTALL_7_4}` + +```sh +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` +``` + +Start liferay + +```sh +$ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh +``` + +Log + +```sh +$ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/catalina.out +``` + +SW360 url : [https://localhost:8080](https://localhost:8080) + +## Setup SW360 for Liferay: Import \*.lar Files {#ref6} + +**You need over-import lar files to the portet can show the sw360 icons/images** + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the \*.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} diff --git a/content/fr/docs/Deployment/Upgrading/_index.md b/content/fr/docs/Deployment/Upgrading/_index.md new file mode 100644 index 0000000..0c280c5 --- /dev/null +++ b/content/fr/docs/Deployment/Upgrading/_index.md @@ -0,0 +1,7 @@ +--- +title: "Upgrade from previous instances" +linkTitle: "Upgrade" +weight: 11 +oem_ignore: true +description: SW360 Bare Metal Deployment +--- diff --git a/content/fr/docs/Deployment/_index.md b/content/fr/docs/Deployment/_index.md new file mode 100644 index 0000000..367ec84 --- /dev/null +++ b/content/fr/docs/Deployment/_index.md @@ -0,0 +1,158 @@ +--- +title: "Deployment" +linkTitle: "Deployment" +weight: 20 +icon: fas fa-truck +description: SW360 Deployment Guides +--- + +## Recommended SW360 Deployment + +For current SW360 deployment is recommended use docker compose, as base setup of the necessary third party tools are present. + +You can find [SW360 official docker-compose reference here](https://github.com/eclipse-sw360/sw360/raw/main/docker-compose.yml). + +This docker compose comes with default admin passwords for couchdb and postgres. Is recommended for production to customize this file. + +Donload the file mentioned above an just run: + +```bash +docker compose up -d +``` + +Three nested docker containers will be created for sw360, couchdb and postgres, and the respective volumes for the containers. They run in a closed sw360 docker network. + +## Next steps: Setup liferay + +After successful , Then if you open the server with the URL `https://localhost:8080/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/1.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. +The default sw360 login username is *setup@sw360.org* and default password is *sw360fossy*. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/2.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/3.png" >}} + +### User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/4.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/6.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy74/7.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/8.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/9.png" >}} + +Finally, since Liferay 7.4 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/10.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/11.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +### Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/12.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/19.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/20.png" >}} + +### Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/21.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/22.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy74/23.png" >}} + +### Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/24.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/25.png" >}} + +## General Topics + +* [Deployment Authorization Concept](deploy-authorization-concept) +* [Properties explained](deploy-configuration-files) +* [Deployment Requirements](deploy-requirements) +* [Secure Deployment Notes](deploy-secure-deployment) + +## Special Topics + +After install and setup sw360, this are possible topice to be considered: + +* [Special Coverage of Country Codes](deploy-configuration-country-codes), when countries are displayed, then it uses country codes in the DB +* [How to export data and import it to a new instance](deploy-export-and-import) diff --git a/content/fr/docs/Development/Dev-Adding-New-Fields-to-Existing-Classes.md b/content/fr/docs/Development/Dev-Adding-New-Fields-to-Existing-Classes.md new file mode 100644 index 0000000..b15c995 --- /dev/null +++ b/content/fr/docs/Development/Dev-Adding-New-Fields-to-Existing-Classes.md @@ -0,0 +1,54 @@ +--- +title: "How to add fields to an existing class" +linkTitle: "Class new fields" +weight: 10 +--- + +The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. +We will add the license text to licenses in the thrift file: +```thrift +13: optional string text; +``` + +To update the text we write a liferay Action in the LicensesPortlet: +```java + @UsedAsLiferayAction + public void changeText(ActionRequest request, ActionResponse response) throws PortletException, IOException { + String licenseId = request.getParameter(LICENSE_ID); + String text = request.getParameter(License._Fields.TEXT.name()); + + if(!Strings.isNullOrEmpty(licenseId)) { + + try { + User user = UserCacheHolder.getUserFromRequest(request); + LicenseService.Iface client = thriftClients.makeLicenseClient(); + final License license = client.getFromID(licenseId); + + license.setText(CommonUtils.nullToEmptyString(text)); + final RequestStatus requestStatus = client.updateLicense(license, user); + + renderRequestStatus(request,response,requestStatus); + } catch (TException e) { + log.error("Error updating license", e); + } + } + + response.setRenderParameter(LICENSE_ID, licenseId); + response.setRenderParameter(PAGENAME, PAGENAME_DETAIL); + response.setRenderParameter(SELECTED_TAB, "LicenseText"); + } +``` + +To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define: +```html + + + +``` +A good practice to name fields in jsps is to use the thrift field names: + +```html + +``` diff --git a/content/fr/docs/Development/Dev-Adding-a-new-portlet-Backend.md b/content/fr/docs/Development/Dev-Adding-a-new-portlet-Backend.md new file mode 100644 index 0000000..e6c4066 --- /dev/null +++ b/content/fr/docs/Development/Dev-Adding-a-new-portlet-Backend.md @@ -0,0 +1,107 @@ +--- +title: "How to add a backend portlet to sw360" +linkTitle: "Add backend portlet" +weight: 10 +--- + +This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations. + +This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary: + +1. Add methods to the thrift idl definition +1. Add methods to the data handler interface +1. Add implementation +1. Add tests + +#### Thrift + +First we add some methods to the thrift files, components.thrift +```java +//new Methods to ensure uniqueness of Identifiers +map > getDuplicateComponents(); +map > getDuplicateReleases(); +``` + +#### Datahandler + +then we install lib-datahandler. That way we see which methods we have to implement. +We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler. + +```java +@Override +public Map> getDuplicateComponents() throws TException { + return handler.getDuplicateComponents(); +} + +@Override +public Map> getDuplicateReleases() throws TException { + return handler.getDuplicateReleases(); +} +``` + +#### Implementation + +The methods there are only a reference to the ComponentDatabaseHandler.java. +In the ComponentHandler we only assert that the input is correct. +Since we implement methods without parameters, there is nothing else for us to do. +In the ComponentDatabaseHandler.java we actually do some work and implement the methods + +```java +public Map> getDuplicateComponents() { + ListMultimap componentIdentifierToComponentId = ArrayListMultimap.create(); + + for (Component component : componentRepository.getSummaryForExport()) { + componentIdentifierToComponentId.put(SW360Utils.printName(component), component.getId()); + } + return CommonUtils.getIdentifierToListOfDuplicates(componentIdentifierToComponentId); +} + +public Map> getDuplicateReleases() { + ListMultimap releaseIdentifierToReleaseId = ArrayListMultimap.create(); + + for (Release release : releaseRepository.getReleaseSummary()) { + releaseIdentifierToReleaseId.put(SW360Utils.printName(release), release.getId()); + } + + return CommonUtils.getIdentifierToListOfDuplicates(releaseIdentifierToReleaseId); +} +``` + +#### Tests + +We then write some tests in ComponentDatabaseHandlerTest.java + +```java +@Test +public void testDuplicateComponentIsFound() throws Exception { + String originalComponentId = "C3"; + final Component tmp = handler.getComponent(originalComponentId, user1); + tmp.unsetId(); + tmp.unsetRevision(); + String newComponentId = handler.addComponent(tmp, email1); + + final Map> duplicateComponents = handler.getDuplicateComponents(); + + assertThat(duplicateComponents.size(), is(1)); + assertThat(duplicateComponents.get(printName(tmp)), containsInAnyOrder(newComponentId,originalComponentId)); + +} + + +@Test +public void testDuplicateReleaseIsFound() throws Exception { + + String originalReleaseId = "R1A"; + final Release tmp = handler.getRelease(originalReleaseId, user1); + tmp.unsetId(); + tmp.unsetRevision(); + String newReleaseId = handler.addRelease(tmp, email1); + + final Map> duplicateReleases = handler.getDuplicateReleases(); + + assertThat(duplicateReleases.size(), is(1)); + assertThat(duplicateReleases.get(printName(tmp)), containsInAnyOrder(newReleaseId,originalReleaseId)); +} +``` + +Then we install the backend to make our methods available. diff --git a/content/fr/docs/Development/Dev-Adding-a-new-portlet-Frontend.md b/content/fr/docs/Development/Dev-Adding-a-new-portlet-Frontend.md new file mode 100644 index 0000000..21557b8 --- /dev/null +++ b/content/fr/docs/Development/Dev-Adding-a-new-portlet-Frontend.md @@ -0,0 +1,179 @@ +--- +title: "How to add a frontend portlet to sw360" +linkTitle: "Add frontend portlet" +weight: 10 +--- + +We create a class in +``` +sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/ +``` + +called +``` +DatabaseSanitation.java +``` + +Here are some code snippets that are important: + +```java +public class DatabaseSanitation extends Sw360Portlet +``` + +the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages. + +```java +@Override +public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException { + // Proceed with page rendering + super.doView(request, response); +} +``` + +This method is used to render different pages, a common pattern would be to have if/else tree like +```java +//! VIEW and helpers +@Override +public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException { + String pageName = request.getParameter(PAGENAME); + if (PAGENAME_EDIT.equals(pageName)) { + prepareVendorEdit(request); + include("/html/vendors/edit.jsp", request, response); + } else { + prepareStandardView(request); + super.doView(request, response); + } +} +``` + +but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in + +```java +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml +``` +but more on that later. + +The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls: +``` +@Override +public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { + String action = request.getParameter(PortalConstants.ACTION); + if (PortalConstants.DUPLICATES.equals(action)) { + serveDuplicates(request, response); + } +} +``` + +similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple. + + +Let's have a look at + +```java +private void serveDuplicates(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { + + Map> duplicateComponents=null; + Map> duplicateReleases=null; + try { + final ComponentService.Iface componentClient = thriftClients.makeComponentClient(); + duplicateComponents = componentClient.getDuplicateComponents(); + duplicateReleases = componentClient.getDuplicateReleases(); + } catch (TException e) { + log.error("Error in component client", e); + } + + if(duplicateComponents== null || duplicateReleases==null) { + renderRequestStatus(request,response, RequestStatus.FAILURE); + } else if(duplicateComponents.isEmpty() && duplicateReleases.isEmpty()) { + renderRequestStatus(request,response, RequestStatus.SUCCESS); + } else { + request.setAttribute(PortalConstants.DUPLICATE_RELEASES, duplicateReleases); + request.setAttribute(PortalConstants.DUPLICATE_COMPONENTS, duplicateComponents); + include("/html/admin/databaseSanitation/duplicatesAjax.jsp", request, response, PortletRequest.RESOURCE_PHASE); + } +} +``` + +The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend. +We call the methods that we wrote in the first part of the tutorial. +The error handling is reported with renderRequestStatus, also from Sw360Portlet. +When we have findings then we report them by rendering a jsp in the RESOURCE_PHASE. +This is then some html that our AJAX function gets as data. + +Then we have to register the portlets in some xml files: + +``` +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml +``` + +```xml +... + +``` + +``` +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml +``` + +```xml +... + + databaseSanitation + /icon.png + false + /css/main.css + /js/main.js + /js/external/jquery-1.11.1.min.js + +``` +Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts. + +``` +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml +``` + +```xml +... + + databaseSanitation + databaseSanitation + + com.siemens.sw360.portal.portlets.admin.DatabaseSanitation + + + view-template + /html/admin/databaseSanitation/view.jsp + + 0 + + text/html + view + + + databaseSanitation + databaseSanitation + + + + administrator + + +``` + +After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file. +We sign in as admin, +go to +``` +Admin -> Site administration +-> Private Pages + +``` +To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page. +Then we select the Private Pages under My Sites. +We can then go to the page we have just created. +On the left side there is a plus sign, which opens a side menu with the available portlets that we can add to our page. +Under SW360 we find the portlet DatabaseSanitation and we click add. +Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -> No and we save that. +Then we change the theme of Private Pages back to SW360-Theme. + +Now we can change the theme back and export a new lar file as described else where. diff --git a/content/fr/docs/Development/Dev-Branches.md b/content/fr/docs/Development/Dev-Branches.md new file mode 100644 index 0000000..96839e1 --- /dev/null +++ b/content/fr/docs/Development/Dev-Branches.md @@ -0,0 +1,14 @@ +--- +title: "SW360 Development Branches" +linkTitle: "Branches" +weight: 10 +description: "Helps to see who is responsible and to which issue the Pull Request corresponds" +--- + +## Branches structure +`//` + + +### Examples: +- maierthomas/#1/fix-dowload-bundle +- maierthomas/#3/sw360portal-specific-links diff --git a/content/fr/docs/Development/Dev-Database-Migration-using-Costco.md b/content/fr/docs/Development/Dev-Database-Migration-using-Costco.md new file mode 100644 index 0000000..23553d4 --- /dev/null +++ b/content/fr/docs/Development/Dev-Database-Migration-using-Costco.md @@ -0,0 +1,121 @@ +--- +title: "Database migration using Costco" +linkTitle: "Database Migration" +weight: 10 +--- + +### Praeamble + +Please note that database migrations are done now in python scripts at + +> https://github.com/eclipse/sw360/tree/master/scripts/migrations + +keeping the following page because Costco might be useful for development / testing / quick adaptations. + +### Problem + +The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible. + +### Solution + +Use costco, an open source project that + +* is a couchapp (right, this implies that you install the couchapp environment) +* offers a Web interface as sub path of the couchdb database +* allows to iterate through the documents of a database and then apply modifications on a particular document +* allows to perform modifications on documents using Java script + +More information + +* Project website: https://github.com/harthur/costco +* Useful examples: http://harthur.github.io/costco/ + +Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document 'schema' (not in the classic sense as there is no schema in couchdb). + +### Troubleshooting + +If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a 'not-so-obvious' python error during install of couchapp. The following line could be th dependencies that you might need: +```Bash +sudo apt-get install python-dev libxml2-dev libxslt-dev +``` + +### Cheat Sheet: Installing costco inside an sw360vagrant deployment + +OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant: + +```Bash +$ sudo apt-get install python-dev libxml2-dev libxslt-dev +$ sudo pip install couchapp +$ git clone http://github.com/harthur/costco.git +$ cd costco +$ couchapp push . http://localhost:5984/sw360db +``` + +### Examples in sw360 + +The following examples show some costco code from the use with sw360. + +#### Renaming a key + +In order to rename a field's key, the following code might be helpful. In the following example, the field's key ```developement``` into ```development``` (correcting a typo in the datamodel). + +```JavaScript +function(doc) { + if(doc.type == 'todo') { + doc.development = doc.developement; + delete doc.developement; + } + return doc; +} +``` + +#### Renaming a key in a subdocument + +Similar thing as above, rename a key from ```comment``` to ```createdcomment```, but this time inside a nested list of documents. + +```JavaScript +function(doc) { + if (doc.type == 'release') { + for (var f = 0, len = doc.attachments.length; f < len; f +=1 ) { + doc.attachments[f].createdComment = doc.attachments[f].comment; + delete doc.attachments[f].comment; + } + } + return doc; +} +``` + +### More JavaScript Examples with CouchDB + +In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets. + +The following example searched for attachments of type `SOURCE` at releases, which do not have the `createdBy` set: + +```JavaScript +function(doc) { + if ((doc.type == 'release') + && (doc.attachments)) { + for (var attachment in doc.attachments) { + if (!doc.attachments[attachment].createdBy) { + if (doc.attachments[attachment].attachmentType== 'SOURCE') { + emit(doc._id, doc.attachments[attachment].filename); + } + } + } + } +} +``` + +The following example looks into date fields, in this case `createdOn`, and checks if it uses dots (for changing them into dashes). + +```JavaScript +function(doc) { + if( + (doc.type == 'release') + && (doc.createdOn.indexOf('.') !== -1) + ) + { + emit(doc.name, doc) + } +} +``` diff --git a/content/fr/docs/Development/Dev-DoD-and-Style.md b/content/fr/docs/Development/Dev-DoD-and-Style.md new file mode 100644 index 0000000..319981f --- /dev/null +++ b/content/fr/docs/Development/Dev-DoD-and-Style.md @@ -0,0 +1,93 @@ +--- +title: "Definition of Done" +linkTitle: "Definition of Done" +weight: 10 +description: "The definition of done helps to set a common understanding for solving a ticket." +--- + +### Policy + +* Review points should involve one person from another angle (not just the person you were sitting together with anyways) +* No self merging of pull requests +* Limit items in review to 5, try to coordinate +* Using Github assignments to issues or pull requests +* Open review items require conversation +* Every change must be proposed in the form of a pull request (no commits to main without review) + +# Definition of Done + +* File headers in file OK + * EPL-2.0 license header + * Or, if the file is too small, configuration file: license note (see code style) + * Copyright and author + +* Create Branches for sw360 + * Please use conventional branch names for sw360 [Dev-Branches]({{< relref path="Dev-Branches.md">}}) + +* Avoid (serious) compiler warnings + * Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please + * Rebase onto current master so that a fast forward merge is possible + * That means that merge to main is prepared + +* No breaking test + * Unit testing as it is already present + * You have more - use them! + +* New test + * For new / added functionality + +* Documentation + * In the GitHub Wiki-Section, if you have done something new + * At least a technical note for newly added functionality + +* Commit style + * try to squash commits. In the ideal case, a feature is contained in one commit. + * try to use conventional changelog for commit messages. [Dev-Semantic-Commits]({{< relref path="Dev-Semantic-Commits.md" >}}) + +# Review + +Review basically checks for the D-o-D items, in particular + +* Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful. +* Design / architecture issues +* Community contribution suitability +* Issue coverage (does it actually solve the problem?) + +# Licensing and File Header + +All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all +contributions must have the same license as the original source. + +If a file has relevant functionality, note that we should move to Eclipse 2.0 + +```Java +/* + * Copyright COPYRIGHT HOLDER, 2017. + * Copyright NEXT COPYRIGHT HOLDER, 2017. + * Part of the SW360 Portal Project. + * + * SPDX-License-Identifier: EPL-2.0 + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v20.html + */ +``` +(please adapt comment characters usage) + +For small files such as property files, configuration files or standard XML files: + +```Bash +# Copyright , . Part of the SW360 Portal Project. +# +# All rights reserved. This configuration file is provided to you under the +# terms and conditions of the Eclipse Distribution License v1.0 which +# accompanies this distribution, and is available at +# http://www.eclipse.org/org/documents/edl-v10.php +``` + +# Code style + +Just use the standard Java formatting rules of your IDE and **do not reformat** code from others, because you like to +correct formatting of other's code. diff --git a/content/fr/docs/Development/Dev-External-Documents-with-CouchDB.md b/content/fr/docs/Development/Dev-External-Documents-with-CouchDB.md new file mode 100644 index 0000000..8f0c748 --- /dev/null +++ b/content/fr/docs/Development/Dev-External-Documents-with-CouchDB.md @@ -0,0 +1,294 @@ +--- +title: "CouchDB External Documents" +linkTitle: "CouchDB External Documents" +weight: 10 +--- + +## Motivation +In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. +Projects, components and releases contain attachments. The metadata of these attachments are stored as inline documents inside its parent document (which is the project, component or release). +However these attachments may be used by other documents as well, e.g. license info files which are attached to releases are used by projects to generate the overall license information for that project. +In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update. + +## Advantages of external documents +* single documents with a clear separation to other documents +* easy identification +* might be loaded and updated standalone + +## Advantages of internal documents +* Very fast loading along with the owner +* Easy handling since only the owner must be loaded or updated + +In any case it is highly dependent on the use case whether external documents are to be favored over internal documents. + +## Possible implementations for linked documents +### Special ResponseHandler with special views from CouchDB + +| Easy to use? | Performance? | Effort to use in existing code | +| ------------ | ------------ | ----------------------------- | +| :star::star: Middle, special views have to be created, fields of data objects has to be annotated. | :star::star::star: Very good, fetching of multiple documents with a single request. | :star: High, since existing code has to be changed | + +#### Couch-DB theory +At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents: +```javascript +project = { + _id: "p1", + type: "project", + name: "Testproject", + attachments: [ + { _id: "a1" }, + { _id: "z2" } + ] +} +attachment1 = { + _id: "a1", + type: "attachment", + name: "SourceFile", + sha1: "abc1234" +} +attachment2 = { + _id: "a2", + type: "attachment", + name: "LicenseFile", + sha1: "fed9876" +} +``` +Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request: +```javascript +function(doc) { + if(doc.type === "attachment") { + emit(doc._id, null); + for(var in in doc.attachments) { + emit(doc._id, { _id: doc.attachments[i]._id }); + } + } +} +``` +You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project: +```javascript +{ + "total_rows":5, + "offset":0, + "rows":[{ + "id":"p1", + "key": "p1", + "doc":{ + "_id":"p1", + "attachments":[ + "a1", "a2" + ], + "name":"Testproject", + ... + }, + ... + }, { + "id":"p1", + "doc":{ + "_id":"a1", + name: "SourceFile", + ... + }, + ... + }, { + "id":"p1", + "key": "p1", + "value":null, + "doc":{ + "_id":"a2", + name: "LicenseFile", + ... + }, + ... + } + ] +} +``` +**Note** is will only work if you query the view with `include_docs` set to `true`. +**Note** include_docs will only work at the top level of a value. In other words it will only recognize the following to situations: +* null: if the value is null, the document which is identified by the key is included +* { _id: "..." }: the document identified by the given id is included. +To be clear: transitive inclusions will not work! +**Note** See also https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents. + +### Implementation with Ektorp +https://github.com/eclipse/sw360/pull/596 show an implementation to transparently read such results from Couch-DB. It consists of: +* new methods in the database connector which are aware of loading linked documents +* a response handler used for parsing the results when requesting linked documents +* two annotation classes to mark fields which contain ids for linked documents +After the branch was merged, the new feature can be used in only three steps. You need: +1. A view that loads the "main" documents along with there linked documents +1. A special method in your database handler / database repository which calls the new method from the connector +1. A mixin for your data object which annotates the fields which contain ids to linked documents + +#### Notes for 1. +Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. +You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic. +#### Notes for 2. +You should write methods in your repository as well as in your database handler that uses the new methods from the database connector. +#### Notes for 3. +Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code. + +## Usage with Ektorp + +| Easy to use? | Performance? | Effort to use in existing code | +| ------------ | ------------ | ----------------------------- | +| :no_entry: does not work | :no_entry: | :no_entry: | + +Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. +However Ektorp has a linking feature as well: You may annotate fields with the `@DocumentReference`-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type `Set` at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the `@DocumentReference`-annotation to work was not possible with a reasonable effort. + +Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work. + +### Own serializer/deserzialer + +| Easy to use? | Performance? | Effort to use in existing code | +| ------------ | ------------ | ----------------------------- | +| :star::star::star: Quite easy, just some Jackson configuration necessary | :star::star: Good, but every type of linked objects needs an additional request | :star::star::star: Low, existing code does not have to be changed | + +This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. +The following classes are needed: +1. Repository for the new external documents +1. DatabaseHandler for the new external documents +1. Mixin-Class to add annotations to the field with external documents +1. A new mapper factory to properly configure the custom serializer +1. Custom serializers/deserializer + +#### Example for externalizing attachments +##### Mixin-Class +This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every +```java +public abstract class SplitAttachmentsMixin extends DatabaseMixIn { + @JsonSerialize(using = AttachmentSetSerializer.class) + @JsonDeserialize(using = AttachmentSetDeserializer.class) + public abstract void setAttachments(Set attachments); +} +``` + +##### Mapper factory +```java +public class SplitAttachmentsMapperFactory extends MapperFactory { + + private final AttachmentHandlerInstantiator handlerInitiator; + + public SplitAttachmentsMapperFactory(Supplier httpClient, String dbName) throws MalformedURLException { + handlerInitiator = new AttachmentHandlerInstantiator(httpClient, dbName); + } + + @Override + public ObjectMapper createObjectMapper() { + ObjectMapper objectMapper = super.createObjectMapper(); + + objectMapper.addMixInAnnotations(Project.class, SplitAttachmentsMixin.class); + objectMapper.setHandlerInstantiator(handlerInitiator); + + return objectMapper; + } + + private static class AttachmentHandlerInstantiator extends HandlerInstantiator { + private final AttachmentSetSerializer attachmentSetSerializer; + private final AttachmentSetDeserializer attachmentSetDeserializer; + + public AttachmentHandlerInstantiator(Supplier httpClient, String dbName) throws MalformedURLException { + attachmentSetSerializer = new AttachmentSetSerializer(httpClient, dbName); + attachmentSetDeserializer = new AttachmentSetDeserializer(httpClient, dbName); + } + + @Override + public JsonDeserializer deserializerInstance(DeserializationConfig config, Annotated annotated, Class deserClass) { + if (deserClass.isInstance(attachmentSetDeserializer)) { + return attachmentSetDeserializer; + } + return null; + } + ... + } + +} +``` + +##### Serializer +```java +public class AttachmentSetSerializer extends JsonSerializer> { + + private final AttachmentDatabaseHandler handler; + + public AttachmentSetSerializer(Supplier httpClient, String dbName) throws MalformedURLException { + this.handler = new AttachmentDatabaseHandler(httpClient, dbName); + } + + @Override + public void serialize(Set attachments, JsonGenerator jsonGenerator, SerializerProvider provider) + throws IOException, JsonProcessingException { + + try { + List results = handler.bulkCreateOrUpdateAttachments(attachments); + if (!results.isEmpty()) { + throw new IOException("Cannot create or update attachments. Some failed: " + results); + } + } catch (SW360Exception exception) { + throw new IOException("Cannot create or update attachments.", exception); + } + + jsonGenerator.writeStartArray(); + for (Attachment attachment : attachments) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeStringField("_id", attachment.getId()); + jsonGenerator.writeEndObject(); + } + jsonGenerator.writeEndArray(); + } +} +``` + +#### Deserializer +```java +public class AttachmentSetDeserializer extends JsonDeserializer> { + + private final AttachmentDatabaseHandler handler; + + public AttachmentSetDeserializer(Supplier httpClient, String dbName) throws MalformedURLException { + this.handler = new AttachmentDatabaseHandler(httpClient, dbName); + } + + @Override + public Set deserialize(JsonParser jsonParser, DeserializationContext context) throws IOException, JsonProcessingException { + Set attachments = Sets.newHashSet(); + + if (!jsonParser.isExpectedStartArrayToken()) { + throw new IllegalStateException("Expected array token but found: " + jsonParser.getCurrentToken().asString()); + } + + Set attachmentIds = Sets.newHashSet(); + JsonToken token = jsonParser.nextToken(); + while (!JsonToken.END_ARRAY.equals(token)) { + switch (token) { + case START_OBJECT: + Attachment attachment = jsonParser.readValueAs(Attachment.class); + if (attachment.isSetId() && !attachment.isSetRevision()) { + attachmentIds.add(attachment.getId()); + } else { + attachments.add(attachment); + } + break; + + default: + throw new IllegalStateException( + "Unexpected token. Expected object or string but found: " + jsonParser.getCurrentToken().asString()); + } + + token = jsonParser.nextToken(); + } + + if (!attachmentIds.isEmpty()) { + try { + attachments.addAll(handler.retrieveAttachments(attachmentIds)); + } catch (SW360Exception exception) { + throw new IOException("Cannot load attachments (" + attachmentIds + ")", exception); + } + } + + return attachments; + } + +} +``` diff --git a/content/fr/docs/Development/Dev-Filtering-in-Portlets.md b/content/fr/docs/Development/Dev-Filtering-in-Portlets.md new file mode 100644 index 0000000..e0b96d5 --- /dev/null +++ b/content/fr/docs/Development/Dev-Filtering-in-Portlets.md @@ -0,0 +1,13 @@ +--- +title: "Filtering in Portlets" +linkTitle: "Filtering in Portlets" +weight: 10 +--- + +For the filters that are shown for components and listings, there are some options: + +1. The **Keyword search** works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp. + +2. The **filters** actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, `ProjectPortlet` calls the thrift service `refineSearch()`, which is handled in `ProjectHandler`. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in `ProjectSearchHandler.java`. This is called with the `LuceneAwareDatabaseConnector.java`. After filtering, the visibility constraints for the requesting user are applied. + +3. Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser). diff --git a/content/fr/docs/Development/Dev-Fossology-Integration.md b/content/fr/docs/Development/Dev-Fossology-Integration.md new file mode 100644 index 0000000..a7136fe --- /dev/null +++ b/content/fr/docs/Development/Dev-Fossology-Integration.md @@ -0,0 +1,55 @@ +--- +title: "Fossology Integration" +linkTitle: "Fossology Integration" +weight: 10 +description: "Basis of communication between SW360 and FOSSology" +--- + +Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server. + +The commands that are executed are the bash scripts found inside `src-fossology/src/main/resources/scripts/`, they are copied into the home directory of the ssh user (either manually or through the admin portlet). +See [Setup of connection with Fossology](Fossology-Setup) for configuration details. + +``` +\- src-fossology/src/main/resources/ + \- scripts/ + |- duplicateUpload + |- folderManager + |- getStatusOfUpload + |- uploadFromSW360 + \- utilsSW360 +``` + +These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as `cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...`). + +* `utilsSW360` contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes +* `folderManager` (uses FO:`fo_folder`): get information about the folder structure of FOSSology to allow sharing of uploads between groups +* `getStatusOfUpload` (uses FO:`fossupload_status`): to get the clearing status given an uploadId and a group +* `uploadFromSW360` (uses FO:`cp2foss fossjobs`): to create a new upload from the standard input and schedule scanners +* `duplicateUpload` (uses FO:`fo_chmod` SW:`folderManager`): to make a previously uploaded file available for another group + +### Java libraries and settings + +The java code utilizes the package `com.jcraft.jsch` to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB. + +### Conventions + +the sw360 user in FOSSology (the actual name is configured in `utilsSW360`) **must be a member of every group** to which it should be able to send Releases to be cleared. +File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss). + +### Datamodel and thrift service + +* each Release object in SW360 can have only one attachment of type SOURCE. +* when a Release is sent *for the first time* to FOSSology through the Thrift method `sendToFossology(1: string releaseId, 2: string clearingTeam )` its SOURCE attachement is sent as stdin to the script `uploadFromSW360`. + + The field `map clearingTeamToFossologyStatus` is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing). +* when the same Release is *sent again for another team* a new *link* in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:`fo_chmod`). + + At the moment this gives access only to the files, not to the relative clearing decision. + In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ] +* when the current status is requested using the Thrift method `Release getStatusInFossology(1: string releaseId, 2: string clearingTeam )` the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam + +### Notes + +* Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface. +* Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects. diff --git a/content/fr/docs/Development/Dev-Liferay-Friendly-URL.md b/content/fr/docs/Development/Dev-Liferay-Friendly-URL.md new file mode 100644 index 0000000..f00abd7 --- /dev/null +++ b/content/fr/docs/Development/Dev-Liferay-Friendly-URL.md @@ -0,0 +1,93 @@ +--- +title: "Liferay Friendly" +linkTitle: "Liferay Friendly" +weight: 10 +description: "Basis of communication between SW360 and FOSSology" +--- + +The normal generated portlet URLs containing a set of internal Liferay request parameters.
+These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else. + +General Liferay portlet URL:
+``` +http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_example_WAR_ExamplePortlet_javax.portlet.action=new +``` + +Explanation of the Liferay request parameters:
+**p_p_id:** The portlet ID (example_WAR_ExamplePortlet)
+**p_p_state:** Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize)
+**p_p_mode**: Mode of the portlet look like - (view) (edit) (help)
+**p_p_lifecycle:** This is life cycle of portlet - 0 (render) 1 (action) 2 (server)
+**p_p_col_id:** The reference ID of the column in Liferay template
+**p_p_col_pos:** Specifiy the column position if the the layout having more than one columns
+**p_p_col_count:** Shows the no of columns in the current layout + +### Friendly URL Mapper configuration + +Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature.

+How to configure the friendly URL Mapper in Liferay?

+**Configuration of URL routes in XML files**
+ +_CREATE example-friendly-url-routes.xml_
+```Xml + + + + + /action/{actionName} + {actionName} + + + 1 + normal + view + + +``` + +Explanation of the Liferay Friendly Mapper route parameters:
+**routes:** Routes element which contains all route entries
+**route:** Single route element entry
+**pattern:** Pattern of the mapped friendly URL (visible in address bar)
+**generated-parameter:** These parameters will be generated from parameters in the request URL
+**ignored-parameter:** These parameters will be igored and not included in generated URLs
+**implicit-parameter:** Used for static attributes which can be ignored by recognition
+**overridden-parameter:** Parameter that should be set to a certain value when a URL is recognized
+
+It is necessary to order the parameters as described above.
+These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay.
+
+**Configuration of friendly URL Java class**
+
+_MODIFY liferay-portlet.xml_ +
+```Xml +com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper +example +com/.../example-friendly-url-routes.xml +``` +
+In the next step we need one java implementation class to generate the Liferay friendly URLs.
+ +Liferay provides the _DefaultFriendlyURLMapper_ class to create the URLs based on our rules.
+ +The Liferay Friendly URL Mapper configuration is placed after `` and before `` +tag. + +### Friendly URL Mapper outcome + +**Liferay will generate the following friendly URL**
+```Bash +http://localhost:8080/web/guest/examples/-/example/action/new +``` +
+ +1. The liferay framework will add "-" (dash) +1. Friendly URL mapper name which is configured in `` (liferay-portlet.xml) element +1. Pattern name with generated parameters which is same as in `` (example-friendly-url-routes.xml) defined. + +### Additional + +Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript.
+It is helpful to generate `` placeholder and replace them by using dummy values. diff --git a/content/fr/docs/Development/Dev-Moderation-Requests.md b/content/fr/docs/Development/Dev-Moderation-Requests.md new file mode 100644 index 0000000..be925d0 --- /dev/null +++ b/content/fr/docs/Development/Dev-Moderation-Requests.md @@ -0,0 +1,72 @@ +--- +title: "Moderation Requests" +linkTitle: "Moderation Requests" +weight: 10 +--- + +The concept of moderation is good for two things: + +* to cope with a large number of potential edits on documents. +* to allow every user to propose edits. + +Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved. + +## Application Flow + +A user changes a moderated document, which are component, release, project and todo's of licenses (and the white list): + +* The user switches in edit mode and applies a change. +* The user submits the change by clicking "Update ..." +* The application checks, if the permissions are sufficient +* For sufficient permissions, see here: https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model +* If the permissions do not allow the edit right away, a moderation request is created. + +* Moderators can see the moderation request in the moderation portlet +* Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators + +## Technical Description +### Checking Document Permissions + +If a moderation requests needs to be created, because the user does not have sufficient permissions: + +* The request goes through the stack, for example: project portlet, project handler, project database handler. +* Then the project database handler checks for permissions using `makePermission()` (`DocumentPermission` is the base class, then `ProjectPermissions` is the referring here for projects) and `isActionAllowed()`. +* For moderation requests, we assume that this action is not allowed. Then, the `ProjectModerator` is called (see package `...sw360.datahandler.entitlement`). +* This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client. + +Every moderation request is created using the thrift-based API. + +### Writing a Moderation Request to the Database + +The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way: + +* The requests arrives in the `ModerationDatabaseHandler`. +* This handler writes the request to the database. + +### Creation Details in the Service + +The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created. + +Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the `ModerationDatabaseHandler` class. At the same location the check for deletion is performed. + +### What is in the Database? + +The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary. + +The following screen shot shows an example for a moderation request for a project. + +![Example Moderation Request in Database](https://raw.githubusercontent.com/wiki/siemens/sw360portal/images/036-oss-sw360-20160310-screenshot-moderation-reqeust-document-example.png) + + +### Evaluating the Moderation Request + +On the moderation portlet all moderations will be shown, for which the user is a moderator. +Only open moderation requests can be selected. Approved and declined moderation requests will only be shown. +On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the `merge.jsp` and all differences will be shown to the moderator. This is done via tags such as the `sw360:CompareProject`-tag. Opening the detailed view of the moderation request changes the state to `in progress` to show other moderators that the moderation request is in work. + +The following actions are possible: +* `Accept request`: the document within the moderation request will be accepted and written to the DB via e.g. the `ProjectService`. The state is set to `ACCEPTED`. +* `Remove Me from Moderators`: the state of the moderation requests is set to `PENDING` again and the logged in moderator will be removed from the moderation list. +* `Decline request`: the moderation requests will be set to `REJECTED` and still shown in the list +* `Postpone request`: the state will be `IN PROGRESS`. +* `Cancel`: the moderation state is set to `PENDING` and the moderation request will still be shown in the moderation request list diff --git a/content/fr/docs/Development/Dev-Releasing-SW360.md b/content/fr/docs/Development/Dev-Releasing-SW360.md new file mode 100644 index 0000000..307ed53 --- /dev/null +++ b/content/fr/docs/Development/Dev-Releasing-SW360.md @@ -0,0 +1,109 @@ +--- +title: "Release and Versioning" +linkTitle: "Release and Versioning" +weight: 10 +description: "Our Versioning and Release Principles" +--- + +We have the following main principles for versioning and releases. We consider [semantic versioning](http://semver.org/): + +> Given a version number MAJOR.MINOR.PATCH, increment the: +> +> - MAJOR version when you make incompatible API changes, +> - MINOR version when you add functionality in a backwards-compatible manner, and +> - PATCH version when you make backwards-compatible bug fixes or security fixes. +> +> Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format. + +with the following implementation in our project: + +### Major Version + +* API breaking changes are considered for the upcoming REST API. +* Breaking change is *also* if a migration script is required for the database. +* Thrift API is not considered a public API anymore. +* Therefore, milestones cannot correspond to our versions like `1.4`, `1.5`, etc. anymore: we do not know which feature + or issue will cause a version jump according to semantic versioning guidelines. +* While preparing for a new major release, the repository should go into freeze mode: + * No new features can be merged. + * No dependency updates. + * Add decided bug fixes/issues closed. + * The main branch is stable and tested. + * **Only exception** for the freeze are security vulnerability fixes. + +### Minor Version + +* Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests. +* New functionality should come with appropriate test cases either in code (unit or functional) or in the + [TestCases document]({{< relref path="TestCases">}}). +* Minor versions requires also tagging in the repo. + +### Patch Level + +* Minor improvements which are backwards compatible and does not require a migration (qualifies as a breaking change). +* A group of pull requests updating outdated dependencies (at least a minor version update of dependency). +* Pull request merge which closes a GitHub issue. + +### Release code freeze cycle + +* **Major release:** A strict code freeze cycle to be followed with an expected release date. + * During the freeze cycle, no other pull request to be merged unless it fixes/closes decided issue. + * New test cases can always be merged. + * Dependencies are frozen at the announcement of expected release date. + * Exceptions to update a dependency: + * **Major vulnerability:** Must be updated even if the release date needs to be shifted. + * **Medium vulnerability:** Test the update, if validated, merge. If it can't be validated in reasonable period, the + decision on what to do goes to core team. + * **Minor vulnerability:** Can be merged only if it does not break compatibility, otherwise not be updated. +* **Minor release:** The code freeze can be relaxed and a release date is not expected. + * No new **major** feature to be added or changed. + * Minor bug fixes/patches can be merged. + * Dependencies can be updated. + * If a dependency update breaks a minor release, a patch release to be created with the fix. +* **Patch release:** No code freeze for patch release. + +## Naming and Meaning of Milestones + +* We are no longer following milestones in favour of simple semantic versioning. + +## Technical Implementation + +* Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo. +* Currently, the versioning is "manual maven based", we look for a cleaner more automated approach. + +# Technical: Maven Universe How to make/tag a release⁽¹⁾: + +The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system +which is not leading to a temporary change in the repo, commit, and then reverting changes. + +Let us assume, that we want to tag the version **1.2.0** and that the current version in the pom.xml is **1.1.13**. + +### 0. Work in a clean environment +Especially all poms should be without uncommitted changes. The safe way is to start with: +```shell +$ cd /tmp/ +$ git clone https://github.com/eclipse-sw360/sw360.git +$ cd sw360 +``` + +### 1. Write the version of the release into the poms +
+$ mvn versions:set -DnewVersion=1.2.0
+$ git add pom.xml **/pom.xml
+$ git commit -sS -m "chore(release): set version to 1.2.0"
+
+This will actually edit all pom.xml files and change the versions to **1.2.0**. + +### 2. Test the project +```shell +$ mvn install +``` + +### 3. Create and push the tag +```shell +$ mvn scm:tag +``` +This creates the tag and **pushes it to GitHub**. + +-- +⁽¹⁾ based on: https://axelfontaine.com/blog/final-nail.html diff --git a/content/fr/docs/Development/Dev-Role-Authorisation-Model.md b/content/fr/docs/Development/Dev-Role-Authorisation-Model.md new file mode 100644 index 0000000..6efc08e --- /dev/null +++ b/content/fr/docs/Development/Dev-Role-Authorisation-Model.md @@ -0,0 +1,126 @@ +--- +title: "Roles and Authorization" +linkTitle: "Roles and Authorization" +weight: 10 +description: "SW360 Roles and Authorization" +--- + +Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application. + +For setting roles of a user, the Liferay control panel is being used (Admin menu -> Control Panel -> Users and Organisations -> Users -> select one user and Edit -> Roles). Setting access at individual records happens in the edit view of that record. + +## Roles Overview + +SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI. + +#### Setup Admin (Liferay Role) + +The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page. + +#### SW360 Admin (Liferay Role) + +The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role `CLEARING_ADMIN`. This role can change data from other groups, limited by visibility setting of a project. + +#### Clearing Admin (Liferay Role) + +The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator. + +#### Security Admin (Liferay Role) + +In addition to the user rights, the security admin can set security vulnerabilities to irrelevant + +#### ECC Admin (Liferay Role) + +In addition to the user rights, the ECC admin can manipulate ECC data. + +#### User + +A user can create, modify and delete all own (=self created) records. A user cannot change records of others + +### Moderation Requests + +If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record. + +In addition there are ACL-style roles, meaning that per data item access settings can be made: + +1. **creator** - a creator can modify in addition to the user's read abilities, a user can be creator of a data item +2. **moderator** - a creator can define moderators for a data item. Moderators can change a data item as a creator can. +3. **contributor** (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). +In contrast, the contributor cannot delete data items. +5. **project responsible** (Project) - is a contributor, just named differently to identify the responsible person. +6. **lead architect** (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions. +7. **contact** (Release) - deprecated, should be renamed to contributor see #100. + +`group (department)`, `contributor`, `moderator` and `owner` roles are entity specific, `user`, `clearing admin` and `admin` are roles assigned to a user. + +### Additional Project Visibility + +In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels: + +1. Private - no one but the creator can read. +2. Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors) +3. Department / business unit (should be renamed) - refer to the group the users are in. +4. Public - all registered users of the liferay / sw360 application (login required). + +The access rules are implemented in`lib-datahandler`. In the package, `com.siemens.sw360.datahandler.permissions` this is implemented in `ProjectPermissions`. See methods `isVisible` and `userIsEquivalentToModeratorinProject()` for the actual rules. + +### Overall Access Matrix + +The following table presents the SW360 Role-Authorisation-Model. + +The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon. + +| | creator | moderator | contributor | user | clearing admin | (sw360)admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| create | - | - | - | PCRV | PCRVL | PCRVL | +| read | P | P | P | (P²)CRVL | (P²)CRVL | PCRVL | +| edit | PCR | PCR | PCR | (all created ones) | PCRVL | PCRVL | +| delete | PCR | PCR | - | (all created ones) | L | PCRVL | + +P² : only if the user is member of the group of the project (or has created the project) + +Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users. + +#### Legend + +| acronym | description | +| ------- | ----------- | +| P | project | +| C | component| +| R | release | +| V | vendor | +| L | license | + +## Technical Info + +The role access rules are put into `lib-datahandler`. In the package, `com.siemens.sw360.datahandler.permissions` there are implementing classes of a template class `DocumentPermissions`. As an example, `ProjectPermissions` extends abstract class `DocumentPermissions`. + +At run time, a permissions object consisting of a document and a user is created: In `PermissionUtils` (same package) there is a static method `makePermissions()` that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed. + +Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of `PermissionUtils` for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the `lib-datahandler` library. + +## Further plans + +1. Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: [Issue #106](https://github.com/siemens/sw360portal/issues/106) + +2. [Issue #101](https://github.com/siemens/sw360portal/issues/101) for + +| | contributor | moderator | creator | user | clearing admin | admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| download OSS sources | - | - | - | R | R | R | +| download internal sources | R | R | R | - | - | R | + +3. [Issue #102](https://github.com/siemens/sw360portal/issues/102) for + +| | contributor | moderator | creator | user | clearing admin | admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| send to clearing | - | P | P | - | - | PCRL | + +4. [Issue #103](https://github.com/siemens/sw360portal/issues/103) for + +| | contributor | moderator | creator | user | clearing admin | admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| edit clearing report | - | R | R | - | R? | PCRL | + + + diff --git a/content/fr/docs/Development/Dev-Semantic-Commits.md b/content/fr/docs/Development/Dev-Semantic-Commits.md new file mode 100644 index 0000000..f8cc406 --- /dev/null +++ b/content/fr/docs/Development/Dev-Semantic-Commits.md @@ -0,0 +1,64 @@ +--- +title: "Semantic Commits" +linkTitle: "Semantic Commits" +weight: 10 +--- + +## The reason and benefit of semantic commit messages +- automatic generating of the changelog +- simple navigation through git history (e.g. ignoring style changes) + +## Semantic commit message structure +``` +(): + +Signed-off-by: Name +``` + +## The following are supported +- feat (new feature for the user, not a new feature for build script) +- fix (bug fix for the user, not a fix to a build script) +- docs (changes to the documentation) +- style (formatting, missing semi colons, etc; no production code change) +- refactor (refactoring production code, eg. renaming a variable) +- test (adding missing tests, refactoring tests; no production code change) +- chore (updating grunt tasks etc; no production code change) + +Example values: +- ui (user interface) +- rest (REST API) +- thrift (apache thrift services) +- project (project portlet) +- component (component portlet) +- user (user portlet) +- etc. + +## Example of semantic commit message +``` +fix(rest): change maven plugin order to generate the documentation correctly + +Signed-off-by: John Doe +``` + +## Referencing issues +Please reference in the pull request to the open issue + +`closes eclipse/sw360#` + +`closes eclipse/sw360#758` + +## Breaking changes +If a commit is introducing a breaking change in a functionality or an endpoint, +it must be documented in the commit message by adding an exclamation `!` after +the commit type. Additional documentation for the break can be added to the +commit footer with a `BREAKING CHANGE:` message. + +### Example of commit with breaking change +``` +fix(rest)!: migrate health endpoint + +BREAKING CHANGE: Move the health endpoint from `/resource/health` to +`/resource/api/health`. + +Signed-off-by: John Doe +``` diff --git a/content/fr/docs/Development/Dev-Testing-Frameworks.md b/content/fr/docs/Development/Dev-Testing-Frameworks.md new file mode 100644 index 0000000..7ddf27d --- /dev/null +++ b/content/fr/docs/Development/Dev-Testing-Frameworks.md @@ -0,0 +1,14 @@ +--- +title: "Testing Frameworks" +linkTitle: "Testing Frameworks" +weight: 10 +description: "Behaviour testing" +--- + +The implementation of complicated rules is not always easy to read. +A good way to document and explain the behaviour of rule engines are natural language tests. +A frame work we use for that is [jgiven](http://jgiven.org/). +We write the tests using the [dataprovider] (https://github.com/TNG/junit-dataprovider) runner. +This is basically a runner that allows to use parametrized tests. + +The basic testing frame work is still [JUnit4](http://junit.org/), assertions are made using [hamcrest](https://code.google.com/p/hamcrest/wiki/Tutorial) and we mock complicated input classes with [mockito](http://mockito.org/). diff --git a/content/fr/docs/Development/Dev-Troubleshooting.md b/content/fr/docs/Development/Dev-Troubleshooting.md new file mode 100644 index 0000000..04ba42a --- /dev/null +++ b/content/fr/docs/Development/Dev-Troubleshooting.md @@ -0,0 +1,145 @@ +--- +title: "Troubleshooting" +linkTitle: "Troubleshooting" +weight: 10 +description: "List of small issues / tips when developing for SW360" +--- + +### Development: problems building sw360portal with maven? + +Before building the sw360portal with maven, ensure that the following components are installed in the development environment: +* A git client +* Apache Maven 3.0.X +* Apache Thrift 0.9.3 +* Java 1.8.X +* CouchDB, at least 1.5 (only if the tests will be executed locally) + +### Development: problems using Eclipse? + +Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. +Recommended is IntelliJ IDEA or NetBeans. + +### Liferay: problems with displaying changes to page? + +When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters: + +``` +js_fast_load=0&css_fast_load=0&strip=0 +``` + +### Liferay: where are the initial admin user settings? + +It is the file ```portal-ext.properties``` in sw360/opt. + +### Maven: build generally fails + +You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either "mvn install" on top level or inside build configuration. + +#### Backend: problems with company proxy? + +maybe try instead: + +``` +/opt/apache-tomcat-/bin/startup.sh +``` +just this: +``` +CATALINA_OPTS="-Dhttps.proxy..." /opt/apache-tomcat-/bin/startup.sh +``` +for lucene it might be necessary to add: +``` +[httpd_global_handlers] +_fti = {couch_httpd_proxy, handle_proxy_req, <<"http://127.0.0.1:8085/couchdblucene">>} +``` +in lucene.ini of local.d of your CouchDB installation + +#### Backend: are thrift services up? + +1. Check tomcat manager (if the services are there) +2. Check if the service is accessible: + ``` + http://your.url.to.server.com:8085/components + ``` + Should return "Welcome to ...". +3. Check if the service thrift page is there: + ``` + http://your.url.to.server.com:8085/components/thrift + ``` + Should return HTTP status code 500, because in the browser, no valid thrift message was formed. + +#### Backend: org.ektorp.DbAccessException + +What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "_id" + +You add the class you have been trying to serialize to +THRIFT_CLASSES in +sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java + +#### Backend: maven failed tomcat7 deploy + +If the deployment via maven of the backend does fail with an error like this + +```Bash +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2302/17930 KB +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2102/17930 KB +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2064/17930 KB +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2064/17930 KB +[INFO] ------------------------------------------------------------------------ +[INFO] Reactor Summary: +[INFO] +[INFO] backend ........................................... SUCCESS [2.579s] +[INFO] backend-src ....................................... SUCCESS [0.058s] +[INFO] src-licenses ...................................... SUCCESS [10.544s] +[INFO] src-users ......................................... SUCCESS [1.485s] +[INFO] src-vendors ....................................... SUCCESS [6.929s] +[INFO] src-search ........................................ SUCCESS [5.837s] +[INFO] src-components .................................... SUCCESS [19.439s] +[INFO] src-projects ...................................... SUCCESS [14.280s] +[INFO] src-attachments ................................... SUCCESS [6.188s] +[INFO] src-moderation .................................... SUCCESS [1.169s] +[INFO] src-fossology ..................................... SUCCESS [6.259s] +[INFO] backend-svc ....................................... SUCCESS [0.038s] +[INFO] svc-licenses ...................................... FAILURE [3.630s] +[INFO] svc-users ......................................... SKIPPED +[INFO] svc-vendors ....................................... SKIPPED +[INFO] svc-search ........................................ SKIPPED +[INFO] svc-components .................................... SKIPPED +[INFO] svc-projects ...................................... SKIPPED +[INFO] svc-attachments ................................... SKIPPED +[INFO] svc-moderation .................................... SKIPPED +[INFO] svc-fossology ..................................... SKIPPED +[INFO] backend-utils ..................................... SKIPPED +[INFO] ------------------------------------------------------------------------ +[INFO] BUILD FAILURE +[INFO] ------------------------------------------------------------------------ +[INFO] Total time: 1:19.836s +[INFO] Finished at: Mon May 04 15:57:46 CEST 2015 +[INFO] Final Memory: 24M/311M +[INFO] ------------------------------------------------------------------------ +[ERROR] Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy (default-cli) on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -> [Help 1] +[ERROR] +[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. +[ERROR] Re-run Maven using the -X switch to enable full debug logging. +[ERROR] +[ERROR] For more information about the errors and possible solutions, please read the following articles: +[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException +[ERROR] +[ERROR] After correcting the problems, you can resume the build with the command +[ERROR] mvn -rf :svc-licenses +voyager:backend sam$ +``` + +One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a ```mvn tomcat7:redeploy``` command. + +#### Deployment: liferay not accessible + +If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are: + +```Bash +/opt/apache-tomcat-.../bin/.startup.sh +/opt/liferay-.../tomcat-.../bin/.startup.sh +``` diff --git a/content/fr/docs/Development/Dev-Using-RequireJS-for-javascript-modules.md b/content/fr/docs/Development/Dev-Using-RequireJS-for-javascript-modules.md new file mode 100644 index 0000000..a26535f --- /dev/null +++ b/content/fr/docs/Development/Dev-Using-RequireJS-for-javascript-modules.md @@ -0,0 +1,111 @@ +--- +title: "Using RequireJS fro Javascript Modules" +linkTitle: "Using RequireJS" +weight: 10 +--- + +Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets. + +# Goal +We want to use RequireJS (http://requirejs.org/) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages: +- libraries like jquery or datatables can be imported by name but without a specified version +- if necessary, specific versions can be imported for parts of the page +- it is very easy to only load needed dependencies +- good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS. + +# How to use - example +There is a new jspf-file to be included in jsps to enable RequireJS support: + + <%@ include file="/html/utils/includes/requirejs.jspf" %> + +When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped: + + require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) { + // code goes here, libraries can be used through the variables $, quickfilter and confirm + // Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object + }); + +**NOTE/WARNING**: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern: + + <%@ include file="/html/utils/includes/requirejs.jspf" %> + + +**Explanation**: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once. + +# Migration +## Migrate a JSP +To migrate a JSP to use RequireJS the following steps have to be done: + +1. Enable RequireJS support by including `requirejs.jspf`. Do it JUST before the script tag with the main code (see NOTE above). +1. Enclose the existing code in a `require`-function (**Attention:** Also read "Co-existence with AUI().use()" below) +1. Remove existing `script`-tags that loads the javascript files "manually" +1. Rewrite code that access functions inside the new `require`-function from outside (e.g. click handlers, see below) + +## Co-existence with AUI().use() +If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call `require` inside. Otherwise the code may not be executed correclty if the 'Drag&Drop' error occurs to early during page loading: + + AUI().use('liferay-portlet-url', function () { + require(['jquery', 'module/quickfilter') { + // AUI and require modules loaded and available + }); + }); + +## Migrate click-handlers +Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead: + + $('#exportSpreadsheetButton').on('click.components', exportSpreadsheet) + +This click handler is added inside the RequireJS-scope where the function `exportSpreadsheet` is defined. +You may also attach handler for distinct elements in each row of a table: + + $('#componentsTable').on('click.components', 'img.delete', function(event) { + // do stuff + }); + +## Make a module out of a jspf-include +There are many jspf-includes which contain html as well as javascript code. They should be converted as followed: + +1. Move the javascript code to an own file. Place it below the 'html/js'-folder, following the same structure as the jspf-file. If the jspf-file is `html/components/includes/vendors/addVendor.jspf` place the javascript code in the file `js/components/includes/vendors/addVendor.js`. + +1. Enclose the code in a define statement to define a new module: + + define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() { + // define module code + }); + +In order to use the new module include the jspf-file and load the js-code via RequireJS: + + <%@ include "html/components/includes/vendors/addVendor.jspf" %> + + require(['components/includes/vendors/addVendor'], function(addVendor) { + // use addVendor + }); + +## Make a module out of a javascript file or function +There are several javascript files and functions below `/html/js'. They can be make compatible to RequireJS as follows: + +1. Create a new file inside `/html/js/component` with a proper name that describes the functionality for the new component +1. Define the module and point to the legacy function, e.g. + + define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) { + return { + confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */ + }; + }); + +1. Afterwards the module can be loaded using the name `component/confirm`, e.g. + + require(['module/confirm'], function(confirm) { + confirm.confirmDeletion(/*...*/); + }); + +**Note** The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. +**Note** You can also require legacy javascript files if you need them as dependency as pointed out in the examples above. + + + + \ No newline at end of file diff --git a/content/fr/docs/Development/RestAPI/Dev-REST-API.md b/content/fr/docs/Development/RestAPI/Dev-REST-API.md new file mode 100644 index 0000000..5c9514c --- /dev/null +++ b/content/fr/docs/Development/RestAPI/Dev-REST-API.md @@ -0,0 +1,377 @@ +--- +title: "SW360 Rest API" +linkTitle: "SW360 Rest API" +weight: 30 +--- + +The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module `rest` in the sw360 distribution. + +# Module Structure + +The `rest` module provides a REST API infrastructure for sw360 including: +* Module `authorization-server` - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow. +* Module `resource-server` - REST API Gateway, providing access to the data for authenticated and authorized users / clients. +* Module `rest-common` - only library code that is shared between the other rest modules. + +The REST API implementation uses: +* Module `authorization-server` uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data. +* Module `resource-server` uses thrift backend services for accessing sw360 data to deliver it to the external clients. + +# API Principles + +## Security Principles + +The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user's name. +With this OAuth2 access token the client can query the resource server which will restrict access to the given authorities. +Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user. + +There are currently three different possibilities for an OAuth2 authorization server implemented: +* Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users. +* Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top. +* Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration. + +## Data Principles + +The REST API provides Hypermedia using [HAL](http://stateless.co/hal_specification.html) (Hypertext Application Language). +The following example shows some ideas of the REST API. It can be obtained by + +``` +https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +``` +Note that the response below is maybe not the exact same response of your current version: +```json +{ + "_links": { + "sw360:attachments": { + "href": "https://dev.sw360.siemens.com/resource/api/attachments{?sha1}", + "templated": true + }, + "sw360:components": { + "href": "https://dev.sw360.siemens.com/resource/api/components" + }, + "sw360:licenses": { + "href": "https://dev.sw360.siemens.com/resource/api/licenses" + }, + "sw360:licenseinfo": { + "href": "https://dev.sw360.siemens.com/resource/api/licenseinfo" + }, + "sw360:projects": { + "href": "https://dev.sw360.siemens.com/resource/api/projects" + }, + "sw360:releases": { + "href": "https://dev.sw360.siemens.com/resource/api/releases" + }, + "sw360:users": { + "href": "https://dev.sw360.siemens.com/resource/api/users" + }, + "sw360:vendors": { + "href": "https://dev.sw360.siemens.com/resource/api/vendors" + }, + "sw360:vulnerabilities": { + "href": "https://dev.sw360.siemens.com/resource/api/vulnerabilities" + }, + "profile": { + "href": "https://dev.sw360.siemens.com/resource/api/profile" + }, + "curies": [ + { + "href": "https://dev.sw360.siemens.com/resource/docs/{rel}.html", + "name": "sw360", + "templated": true + } + ] + } +} +``` + +# API Installation + +Both, the `authorization-server` and the `resource-server` can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat. + +# API Configuration + +Since the `authorization-server` and the `resource-server` are Spring Boot servers, they are configured as usual via `/src/main/resources/application.yml`. In addition some configuration comes historically from `sw360.properties`. Please note that all configurations could be provided centrally in the `/etc/sw360/` directory. As such, the `sw360.properties` sits directly in `/etc/sw360/`. For rest-specific configurations the application considers the location `/etc/sw360/rest`. + +## Authorization Server Configuration + +### Special Liferay Credentials Configuration + +In addition to the general properties in [here](#general-config) the following needs to be configured in the `application.yml` when the authentication via Liferay username/password credentials should be possible: + +| Key | Values | Default | +| --- | --- | --- | +| sw360:sw360-portal-server-url | the url of the Liferay instance | n/a (but could be given if environment variable is used like `${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}`) | +| sw360:sw360-liferay-company-id | the id of the company in Liferay that sw360 is run for |(but could be given if environment variable is used like `${SW360_LIFERAY_COMPANY_ID:20155}`) | + +### Special SSO Configuration + +In addition to the general properties in [here](#general-config) the following needs to be configured in the `application.yml` when the authentication via SSO should be possible: + +| Key | Values | Default | +| --- | --- | --- | +| security:customheader:enabled | Flag if the components needed for SSO should be active | false | +| security:customheader:headername:intermediateauthstore | the name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal only | custom-header-auth-marker | +| security:customheader:headername:email | the name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients) | authenticated-email | +| security:customheader:headername:extid | the name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients) | authenticated-extid | + +:heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed! + +#### Removing Headers in Apache + +In Apache you may use the [`mod_headers`](https://httpd.apache.org/docs/current/mod/mod_headers.html) module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the `authorization-server`: + +``` +RequestHeader unset custom-header-auth-marker +RequestHeader unset authenticated-email +RequestHeader unset authenticated-extid +``` + +### General Configuration + +Possible properties in `sw360.properties` file are: + +| Key | Values | Default | +| --- | --- | --- | +| backend.url | the url where the thrift services can be found | http://127.0.0.1:8080 | +| rest.write.access.usergroup | the user group level (`USER|CLEARING_ADMIN|...`) that is at least required for getting `WRITE` authority (if client has this scope as well) | `ADMIN` | +| rest.admin.access.usergroup | the user group level (`USER|CLEARING_ADMIN|...`) that is at least required for getting `WRITE` authority (is required for managing OAuth2 clients | `ADMIN` | + +The values in `sw360.properties` should be migrated to the `application.yml` in the future. + +Further important properties in `application.yml` file are: + +| Key | Values | Default | +| --- | --- | --- | +| couchdb:url | the url of the CouchDB to use as client store | n/a | +| couchdb:database | the database name of the CouchDB database to use as client store | n/a | +| couchdb:username | if the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty value | null | +| couchdb:password | if the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty value | null | +| sw360:cors:allowed-origin | value for cross origin resource sharing | n/a | +| security:oauth2:resource:id | should just be the same then in the resource server | n/a | + +After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the `ADMIN` authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now. + +# Client Management + +In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-`ADMIN` privileges are needed for client management, an authentication is needed to work with this API. + +For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow): +1. Open a browser with developer tools capabilities +2. Open + ``` + https://[hostname]:[port]/authorization/client-management + ``` + This page always shows the currently configured clients and can be refreshed after every manipulation of a client. + +3. To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs + ``` + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('POST', '/authorization/client-management', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(JSON.stringify( + { + "description" : "my first test client", + "authorities" : [ "BASIC" ], + "scope" : [ "READ" ], + "access_token_validity" : 3600, + "refresh_token_validity" : 3600 + } + )); + console.log(xmlHttpRequest.responseText); + ``` +4. to manipulate an existing client, do the same but add the clientid to the data object + ``` + "client_id" : "9e358ca832ce4ce99a770c7bd0f8e066" + ``` +5. to remove an existing client, enter the following javascript in the dev tools console + ``` + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(); + console.log(xmlHttpRequest.responseText); + ``` + +This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth. + +### Client Management via Curl + +The above described call to create a rest client can also be done directly via one curl call: + +```bash +SW360_USER=[admin sw360 user] +SW360_PW=[corresponding sw360 admin user password] +curl -s -S \ + --user "${SW360_USER}:${SW360_PW}" \ + --header "Content-Type: application/json" \ + --header "Accept: application/json" \ + -X POST https://[hostname]:[port]/authorization/client-management \ + -d @- < +``` +The client must pass its credentials via basic authentication. Though a user authentication is not necessary. +If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the 'grant_type=refresh_token' query parameter may be used. + +## Example Apache configuration +The following example shows the relevant part for an Apache proxy to configure +authentication of the `authorization-server` properly: +```apache + + Order allow,deny + Allow from all + + + # No authentication needed + + + # Configure your authentication here + + + ProxyPass https://localhost:8443/authorization/oauth/token + ProxyPassReverse https://localhost:8443/authorization/oauth/token + +``` + +# Resource Server Configuration + +Now that access tokens can be generated, the resource server has to be configured. The same general ideas of [general config](#general-config) apply. The properties of the `application.yml` are + +| Key | Values | Default | +| --- | --- | --- | +| sw360:thrift-server-url | the url where the thrift services can be found, e.g. http://localhost:8080 | | +| sw360:test-user-id | only for developing, simple test user short cut, must be pulled off for productive | | +| sw360:test-user-passwors | see above | | +| sw360:couchdb-url | the url of the CouhDB server for attachment handling, e.g. https://localhost:5984 | | +| sw360:cors:allowed-origin | value for cross origin resource sharing | n/a | + +The REST API is now completely usable via an own client or testwise with integrated tools. + +# Tools + +To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is: + +``` +https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +``` +An example for a screenshot is as follows: + +![rest-hal-explorer](https://user-images.githubusercontent.com/29916928/39576770-90b2b576-4edf-11e8-9d1b-742c10d88b8e.png) + +When using other tools the access token has to be set as header parameter in the REST request. Please add a new header: +- Key: Authorization +- As value you need to enter: `Bearer [ACCESS_TOKEN]` where `[ACCESS_TOKEN]` actually contains the token + +## Example – Get a list of projects + +Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request: +``` +https://sw360.org/resource/api/projects (or /resource/api/projects) +``` +will return the following response: + +![rest-explorer2](https://user-images.githubusercontent.com/29916928/39579586-6b1d1736-4ee7-11e8-8faf-da71c8776680.png) + +# API Documentation + +sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance + +| URL | Description | +| --- | --- | +| https://[hostname]:[port]/resource/docs/index.html | Small overview page | +| https://[hostname]:[port]/resource/docs/api-guide.html | The API description for the currently running server | +| https://[hostname]:[port]/resource/api/browser/index.html#/resource/api | Integrated HAL browser to directly use the API | + +# Known Problems + +If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses: + +```json +"_links": { + "self": { + "href": "https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d" + } +} +``` + +The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the `http` protocol and port - which is a problem if the server should be contacted over `https`only. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to `https`. + +Solution is to set for example in Nginx HTTP 'X-Forward-*' headers on a reverse proxy, for example: + +```nginx + location / { + ... + proxy_set_header X-Forwarded-Port 443; + proxy_set_header X-Forwarded-Proto https; + } +``` + +For other Web severs, there might a similar solution. diff --git a/content/fr/docs/Development/RestAPI/_index.md b/content/fr/docs/Development/RestAPI/_index.md new file mode 100644 index 0000000..6810fab --- /dev/null +++ b/content/fr/docs/Development/RestAPI/_index.md @@ -0,0 +1,25 @@ +--- +title: "SW360 RESTful API" +linkTitle: "RESTful API" +weight: 2 +--- + +Using the Web interface makes sense for some use cases, for some other cases the tool integration is more useful. The SW360 software offers a RESTful API. It has been initially developed by a colleague of the BT division - an excellent example of how Inner Source works for projects. Now it has been integrated to the official main project as component that can be deployed along with a SW360 solution. + +## Methods of Authentication + +1. OAuth workflow involving consumer / client secret and user token using user name and password from LDAP / Exchange accounts (very early) +2. Access key obtained in the SW360 UI +3. OAuth workflow involving consumer token / client secret and signed Java Web Tokens involving user authentication from OpenID Connect service for the first token and then using the OAuth refresh tokens. + +API Documentation is available on the instances deployed: + +- `https:///resource/docs/api-guide.html` + +## Brief Specs +| | | +| --- | --- | +| Implementation Technology | Java-based Spring-framework based | +| REST Flavor | Hypermedia-driven | +| Authentication | Now: Token by user token store. Previously: Spring Security using JWT and SW360 user management. Note that technically, both ways are possible | +| More Technical Information | [Rest API]({{< ref "Dev-REST-API.md" >}} "Rest API") | diff --git a/content/fr/docs/Development/RestAPI/access.md b/content/fr/docs/Development/RestAPI/access.md new file mode 100644 index 0000000..ba24fa2 --- /dev/null +++ b/content/fr/docs/Development/RestAPI/access.md @@ -0,0 +1,142 @@ +--- +title: "API Access" +linkTitle: "API Access" +weight: 10 +--- + +## How to get Access + +There are the following steps + +1. Open a browser with developer tools + +2. Go to + `https:///authorization/client-management` + +3. To add a new client, enter the following javascript in the dev tools +console + + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('POST', '/authorization/client-management', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(JSON.stringify( + { + "description" : "my first test client", + "authorities" : [ "BASIC" ], + "scope" : [ "READ" ], + "access_token_validity" : 3600, + "refresh_token_validity" : 3600 + } + )); + console.log(xmlHttpRequest.responseText); + +4. To manipulate an existing client, do the same but add the clientid to +the data object + + `"client_id" : "9e358ca832ce4ce99a770c7bd0f8e066"`
+to remove an existing client, enter the following javascript in the +dev tools console + + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(); + console.log(xmlHttpRequest.responseText); + +5. You receive the token from such request, which looks like + + { + "access_token" : "eyJhbGciOiJSUzI...", + "token_type" : "bearer", + "refresh_token" : "eyJhbGciOiJSUzI1...", + "expires_in" : 599, + "scope" : "READ WRITE", + "jti" : "42539b0d-..." + } + +6. You can try a request which uses for example the tool curl: +`curl -X GET -H "Authorization: Bearer [token]" -H "Content-Type: application/json"` + +7. You can get a new token (you must get a new token) after expiration using client id and secret: +`https:///authorization/oauth/token?grant_type=refresh_token&refresh_token=[refresh_token]` + +## Deprecated Method: Access Tokens from the SW360 UI +Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time. + +Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you: + +- No interaction with authorization service is necessary. +- The token needs to be provided as with the JWT. + +Please find attached, where to obtain the token: + +{{< figure src="/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke.png">}} + +And then find the interface for issuing the tokens: + +{{< figure src="/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png">}} + +### Token into which Header? +If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above): + +`Authorization: Token ` + +Previously, when you got the authentication info via the authorization service, it was: + +`Authorization: Bearer ` + +### Example: PowerShell Script +This is an example Thomas Graf has sent around one - might be good to see how this works in general: + +```powershell +$baseUri = "https:///resource/" +$uri = $baseUri + "api/projects" $data = @" +{ "name" : "My 5th Dummy Project", + "description" : "Read/write test", + "version": "1.0", + "tag": "my tag", + "ownerGroup": "GROUP", + "projectType": "PRODUCT", + "linkedProjects": {}, + "linkedReleases": {} +} "@ +$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" +$headers.Add('Content-Type', 'application/hal+json') +$headers.Add('Authorization', 'Token ' + $env:SW360StageToken) +$headers.Add('Accept', 'application/hal+json') +Invoke-WebRequest $uri -Method POST -Body $data -Headers $headers +``` + +## Deprecated Method: Authentication with Username and Password + +### If I am not using token, but SW360 elsewhere: how do I obtain tokens? +There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be: + +```bash +curl -X POST --user 'trusted-sw360-client:sw360-secret' \ +-d grant_type=password&username=user@sw360.org&password=12345 \ +https:///authorization/oauth/token -k +``` + + Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different. + + Second you need to parameterize your request with this token. Pls. see the link at the very top 'Technical Information': [Rest API]({{< ref "Dev-REST-API.md" >}} "Rest API") for more information. + +### FAQ +- When I use the JWT approach I used curl to retrieve the token and get + + {"error":"unauthorized","error_description":"No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken"} + +- Your password seems to be wrong. + + Note, that with curl - you have to escape special characters in your password. E.g. password +123$abc +results in the following request + +```bash +curl -X POST --user 'trusted-sw360-client:sw360-secret' \ +-d grant_type=password&username=user@sw360.org&password=123\$abc \ +https:///authorization/oauth/token -k +``` diff --git a/content/fr/docs/Development/TestCases/Test-Cases-Components.md b/content/fr/docs/Development/TestCases/Test-Cases-Components.md new file mode 100644 index 0000000..d88ce2e --- /dev/null +++ b/content/fr/docs/Development/TestCases/Test-Cases-Components.md @@ -0,0 +1,202 @@ +--- +title: "Component / Release" +linkTitle: "Component / Release" +weight: 10 +--- + +## TC01: Add a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Components_ tab | _Components_ page is displayed +3 | Click _Add Component_ button | - _New Component_ page is displayed with mandatory fields marked with red star: Name, Categories, Component Type.
- A message _Success:New Component_ is displayed +4 | Fill in a component _Name_, _Categories_ and _Component Type_ fields.
_Eg:_
- Name: Component 1@1
- Categories: Categories_1@1
- Component Type: OSS | Values are entered in the fields +5 | Click _Create Component_ button | - Create component successfully.
- Redirect to the edit component page.
-Show message: _Success:You are editing the original document._ +6 | Click _Releases_ tab
Click _Add Release_ button | Redirect to Add Release page +7 | Fill in a release _Version_ and _CPE ID_
_Eg:_
- Version: version1.0.0.x
- CPE ID: UUID_1002 | Values are entered in the fields:
- Version: version1.0.0.x
- CPE ID: UUID_1002 +8 | Click _Create Release_ button | - Create a release successfully.
- Redirect to the edit new release page.
- The message _Success:You are editing the original document._ is displayed +9 | Click _Vendor_ field | _Search Vendor_ dialog is displayed +10 | Click _Add Vendor_ button | _Create new Vendor_ dialog display +11 | Input data in fields
- Full Name: add vendor 01
-Short Name: add vendor01
-URL: https://github.com/eclipse-sw360/sw360 | Values are entered in the fields. +12 | Click _Add Vendor_ button | The vendor is added in Vendor field of the release with full name is _add vendor 01_ +13 | Click _Attachments_ tab | _Attachments_ page is displayed +14 | Click _Add Attachment_ button | _Upload Attachment_ dialog is displayed +15 | Click _Browse_ and select the attachment.
Eg: attachment1.xlsx | File name is displayed in the dialog +16 | Click _Upload_ button | The file is uploaded and dialog is closed. Also the attached file is listed in the _Attachment_ page +17 | Change the attachment _Type_ to real type.
Eg: Component license information (Combined) | Type changed successfully +18 | Click _Update Release_ button | Message: _Success:Release {name} ({version}) updated successfully!_ is displayed + +## TC02: Verify data after add a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Search for the component is created in TC01:
- Click _Components_ portlet
- At Advanced Search area, input _Component 1@1_ in the _Component Name_ textbox.
- Click _Search_ button | The new component display in the table with:
- Vendor: add vendor01
- Component Name: _Component 1@1_ is displayed with hyper link.
- Main licenses: blank
- Component Type: OSS +2 | Click hyper link of name _Component 1@1_ | Redirect to view component _Component 1@1_ page +3 | Click _Release Overview_ tab | The release display with:
- Name: Component 1@1
- Version displays with hyper link: version1.0.0.x
- Clearing State: New
- Clearing Report: no report
- Release Mainline State: Open +4 | Click hyper link _version1.0.0.x_ | Redirect to view screen of release _Component 1@1 version1.0.0.x_
Data of the release:
- Summary tab:
+ display text with: COMPONENT 1@1 VERSION1.0.0.X
+ CPE ID: UUID_1002
+ Created on: date of created.
+ Created by: user created.
+ Modified On: date of modified.
+ Modified By: user modified.
+ Clearing State: New
+ Release Mainline State: Open
+ Release Vendor with:
  Full Name: add vendor 01
  Short Name: add vendor01
  URL: https://github.com/eclipse-sw360/sw360 +5 | Click _Attachments_ tab | Display file name _attachment1.xlsx_ in the table. + +## TC03: Modify a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component (e.g. created in TC01: _Component 1@1_) and click _Edit_ icon | _Success:You are editing the original document_ message is displayed +2 | Click _Releases_ tab | Release list is displayed +3 | Click _Add Release_ button | Redirect to Add Release page +4 | Fill in a release _Version_ and _CPE ID_
_Eg:_
- Version: v1.0.0.1
- CPE ID: cpe:id:123456 | Values are entered in the fields:
- Version: v1.0.0.1
- CPE ID: cpe:id:123456 +5 | Click _Create Release_ button | - Redirect to the edit new release page.
- The message _Success:You are editing the original document._ is displayed +6 | Click _Vendor_ field | _Search Vendor_ dialog is displayed +7 | Click _Search_ button.
Select a vendor (eg: select vendor with full name _VendorUp_)
Click _Select Vendor_ button. | Dialog is closed and selected Vendor is added under _Vendor_ field: VendorUp +8 | Click _Attachments_ tab
Click _Add Attachment_ button
Click _Browse_ and select the attachment. Eg: attachment2.img
Click _Upload_ button | The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page +9 | Click _Update Release_ button | Message _Success:Release Component 1@1 (v1.0.0.1) updated successfully!_ is displayed + +## TC04: Verify data after modify a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Continue TC03 | +2 | Click _Summary_ tab | Data in the tab:
- Modified On: date of modified.
- Modified By: user modified.
Data of other fields in the tab is same data before updated. +3 | Click _Release Overview_ tab | New release with version _v1.0.0.1_ is added in the release table. +4 | Click _v1.0.0.1_ hyper link | Text display with: _COMPONENT 1@1 V1.0.0.1_ at the right corner.
- At Summary tab:
+ CPE ID: cpe:id:123456
+ Release Vendor: display with Full Name, Short Name and URL correctly with vendor _VendorUp_
- At Attachments tab: attachment _attachment2.img_ display in the attachment table with correct information. +5 | Click _Component 1@1_ hyper link | Redirect to view screen of _Component 1@1_ component. +6 | Click _Attachments_ tab | Data in the tab is same data before updated. +7 | Click _Vulnerabilities_ tab | Data in the tab is same data before updated. + +## TC05: Add and modify a component and release with all fields filled in + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab
Click _Add Component_ button
Fill in all editable fields
Click _Create Component_ button | - Redirect to edit component screen with the message _Success:You are editing the original document._ is displayed in the left corner.
- Create component successfully. Data match with input data. +2 | Click _Releases_ tab.
Click _Add Releases_ button.
At _Summary_ tab, fill in all editable fields under _Release Summary_ and _Release Repository_.
Click _Create Release_ button.
| Redirect to edit release screen.
Created release successfully. Data match with input data. +3 | Click _Linked Releases_ tab
Click _Click to add Releases_ button | The dialog _Link Releases_ is displayed. +4 | Input search name into textbox
Click _Search_ button
Select 3 releases.
Click _Link Releases_ button | Dialog is closed and selected release is displayed under _Linked Releases_ section. +5 | Click _Linked Packages_ tab
Click _Add Packages_ button | The dialog _Link Packages_ is displayed. +6 | Input an exist orphan package name into textbox.
Click _Search_ button.
Select a package.
Click _Link Packages_ button. | Dialog is closed and selected package is displayed under _Linked Packages_ table +7 | Click _Clearing Details_ tab
Fill in all editable fields | Values are entered in the fields +8 | Click _ECC Details_ tab
Fill in all editable fields | Values are entered in the fields +9 | Click _Attachments_ tab
Click _Add Attachment_ button
Click _Browse_ and select the attachment. _Eg_: attachment3.xlsx
Click _Upload_ button | The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page +10 | Click _Update Release_ button | - _Success:Release {componentName} ({version}) updated successfully!_ message is displayed.
- Redirect to the view release screen. +11 | Check all fields of the release by click tabs: _Summary, Linked Releases, Linked Packages, Clearing Details and Attachments_. | Values are filled in correctly, match with input data. +12 | Click _Edit Release_ button, modify some fields.
Eg:
- _Version_ field ( in _Summary_ tab): rename version name_updated
- _ECC Status_ field (in _ECC Details_ tab): Approved.
Click _Update Release_ button. | Values are updated successfully + +## TC06: Delete a component that is first linked to a project and then not, and a project + +Step | Action | Result +---:|:-----|:---- +1 | Create a new component
_Eg:_ component with name _Component @1234_ | Component is created successfully +2 | Add a new release to this component
_Eg:_ release _Rel1_ | Release is added successfully +3 | Create a new project _P1_ | Project is created successfully +4 | Add the linked release _Rel1_ to project _P1_. | Release linked successfully +5 | Click _Components_ portlet.
Search component _Component @1234_ by name at advanced search. | Component _Component @1234_ display on the result table. +6 | Click delete icon of component _Component @1234_ | A warning _The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first._ +7 | Click _OK_ button in the warning dialog. | The dialog is closed, component is not deleted +8 | Click _Components_ portlet.
Search for the component _Component @1234_ and click hyper link of component _Component @1234_. | View screen of _Component @1234_ component is display +9 | Click _Release_ Overview.
Click Delete icon button of release _Rel1_.
Click _Delete Release_ button in the dialog. | - Dialog _Delete Releases_ is displayed.
- Delete the release is failure.
- The message: _I could not delete the release, since it is used by another component (release) or project_ display. +10 | Go to project _P1_, delete project _P1_. | The project is deleted successfully +11 | Go to component _Component @1234_, at _Release Overview_ tab, click Delete icon button of release _Rel1_. | Show message: _Do you really want to delete the release {componentName} ({version}) ?_ +12 | Click _Delete Release_ button | Release is deleted successfully +13 | Click _Edit Component_ button.
Click _Delete Component_ button. | The dialog is displayed with message: _Do you really want to delete the component {componentName} ?_ +14 | Click _Delete Component_ button | Component is deleted successfully + +## TC07: Add new attachments to an existing release and delete attachments + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component (e.g. created in TC01) and click _Release Overview_ tab | The list of releases are displayed +2 | Click edit icon in the Action column of release version that needs a new attachment. _Eg:_ release _Rel1_. | Edit release _Rel1_ page is displayed. +3 | Click _Attachments_ tab
Click _Add Attachment_ button
Click _Browse_ and select several attachments.
_Eg:_ 5 attachment files (att1, att2, att3, att4, att5) | File names are displayed in the dialog +4 | Click _Delete_ button near some files not to be added.
_Eg:_ delete 2 attachment files (att1, att3) | File names are removed from the list +5 | Click _Upload_ button for the remaining files. | The attached file are listed in the _Attachment_ page: att2, att4, att5 +6 | Change some _Attachment type_ to real type, e.g. _source file, clearing report, CLI,..._ | Type changed successfully +7 | Click _Update Release_ button | Release _Ree1_ is updated correctly. +8 | Click _Edit Release_ button | _Success:You are editing the original document._ message is displayed +9 | Click _Attachments_ tab | _Attachments_ page is displayed +10 | Click delete icon to delete an attachment | Show message: _Do you really want to delete attachment {attachmentName}({attachmentId})?_ +11 | Click _Delete Attachment button_ | Attachment is deleted successfully, data of attachment is removed from attachment table. +12 | Click _Update Release_ button | Release Ree1 is updated correctly with message _Success: Release {componentName}({version}) updated successfully!_ + +## TC08: Duplicate an existing release + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with release with all fields filled in (Eg: created in TC05) and click _Release Overview_ | The list of releases are displayed +2 | Click _Duplicate_ button under Action column | The page changes to create duplicate release screen +3 | Check all fields from copied release | - _Summary_ tab:
+ _CPE ID_ field: blank
+ Remain fields are unchanged (exclude disable fields).
- _Linked Releases_ tab: there is no linked release. +4 | Change the _Version_ field and fill in a _CPE ID_.
_Eg:_  Version: ver_duplicate
CPE ID: CPE ID_duplicate
Click _Create Release_ button | - Redirect to edit release screen.
- Create duplicate release is success with message: _Success:You are editing the original document._
- Data of duplicate release is correct. +5 | Modify some other fields.
_Eg:_ Release Date: 2023-06-12.
Click _Clearing Details_ tab | _Clearing Details_ page is displayed and does not contain any field from copied release +6 | Click _Update Release_ button | The release is updated successfully with data correctly +7 | Click component name link on top of the page | Summary page for the component is displayed +8 | Click _Release Overview_ tab | The new copied release is listed among previous releases + +## TC09: Search for and create a new vendor for a new release + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ portlet
At advanced Search, search for an existing component.
_Eg:_ input _Comp1_ in the Component Name text box.
Click _Search_ button. | Component _Comp1_ display in the result table. +2 | Click edit icon in Actions column of component _Comp1_. | Edit screen of component _Comp1_ is displayed with message: _Success:You are editing the original document_ +3 | Click _Releases_ tab
Click _Add Releases_ button | The page changes to _New Release Edit_ page +4 | Fill in a release _Version_ and _CPE ID_
_Eg:_
+ Version: @1.0.2
+ CPE ID: moshiano_002 | Values are entered in the fields +5 | Click _Vendor_ field | _Search Vendor_ dialog is displayed +6 | Click _Add Vendor_ | _Create New Vendor_ dialog is displayed +7 | Fill in _Full name_, _Short name_ and _URL_
_Eg:_
Full Name: Fullvendor_0909
Short Name: Short_ven090
URL: https://github.com/ | Values are entered in the fields +8 | Click _Add Vendor_ | Dialog closes and the new vendor is displayed in release _Vendor_ field with full name _Fullvendor_0909_ +9 | Click _Create Release_ | Redirect to edit release page with the message _Success:You are editing the original document._ is displayed +10 | Click component name link on top of the page | Summary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under _Vendors_ field for the component + +## TC10: Link a release to the project in view component page and check used by projects + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with release and click _Release Overview_ tab | The list of releases are displayed +2 | Click _Link Project_ button under Action column | The dialog _Link Release to Project_ is displayed with _Link to Project_ button is disabled +3 | Click _Search_ button then choose a project to link | _Link to Project_ button on the dialog is enabled +4 | Click _Link to Project_ button | _The release {component name} ({version}) has been successfully linked to project {project name}_
_Click here_ _to edit the release relation as well as the project mainline state in the project._ message is displayed +5 | Click _here_ hyperlink in the dialog | Redirect to the _edit project_ page with the release was linked (displayed on _License Clearing_ page) +6 | Re-open the release at view page and click _Summary_ tab | Used by project information is updated correspondingly + +## TC11: Link a release to a project in the view release page + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with release and click _Release Overview_ tab | The list of releases are displayed +2 | Click _a release name_ hyperlink. Eg: release R1 | Redirect to the _view release_ page +3 | Click _Link to Project_ button | The dialog _Link Release to Project_ is displayed with _Link to Project_ button is disabled +4 | Click _Search_ button then choose a project to link | _Link to Project_ button on the dialog is enabled +5 | Click _Link to Project_ button | _The release {component name} ({version}) has been successfully linked to project {project name}_
_Click here_ _to edit the release relation as well as the project mainline state in the project._ message is displayed +6 | Click _here_ hyperlink in the dialog | Redirect to the _edit project_ page with the release was linked (displayed on _License Clearing_ page) + +## TC12: Import a new component by .spdx/.xml/ .rdf file + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab | _Components_ page is displayed +2 | Click _Import SBOM_ button | A dialog _Upload SBOM_ is displayed +3 | Choose a **_.spdx_** or **_.xml_** or **_.rdf_** file by clicking on the _Browse_ button or drop/draft a file into the dialog | The message is displayed in the dialog:
_The new Component and new Release will be created, do you want to import?
New Component: {new component names}
New Release: {new release names}_ +4 | Click _Import_ button | The dialog is closed. New releases and new components are imported successfully + +## TC13: Export components without releases + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab | _Components_ page is displayed +2 | Click _Export Spreadsheet_ button and choose _Components only_ option | - A new file with name's format _components-{yyyy}-{mm}-{dd}.xlsx_ is downloaded
- The content of the downloaded file includes information of all components in the system + +## TC14: Export components with releases + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab | _Components_ page is displayed +2 | Click _Export Spreadsheet_ button and choose _Components with releases_ option | - New file with name _components-{yyyy}-{mm}-{dd}.xlsx_ is downloaded.
- The content of the downloaded file includes information of all components and releases in the system + +## TC15: Create a clearing request for a release + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with releases and click _Release Overview_ tab | The list of releases are displayed +2 | Click _Edit_ button under _Action_ column. Eg: edit release R1 | Redirect to _view release_ page and the message _Success:You are editing the original document._ is displayed +3 | Click _Attachments_ tab, then add a source file (Eg: .rdf file) with _Type_ is _Source file_ | The data is updated correspondingly +4 | Click _Update Release_ button | The message _Success:Release {release name} updated successfully!_ is displayed +5 | Click _Clearing details_ tab, then click _Fossology Process_ icon beside _Clearing State_ field and wait for the process to finish | The message _The FOSSology process already finished. You should find the resulting report as attachment at this release._ is displayed in the _Fossology Process_ dialog +6 | Click _Close_ button in the dialog | The dialog is closed +7 | Reload this page, then click _Attachments_ tab | A new file is listed in _Attachments_ page with name's format _{component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf_ \ No newline at end of file diff --git a/content/fr/docs/Development/TestCases/Test-Cases-Licenses.md b/content/fr/docs/Development/TestCases/Test-Cases-Licenses.md new file mode 100644 index 0000000..2a72e6a --- /dev/null +++ b/content/fr/docs/Development/TestCases/Test-Cases-Licenses.md @@ -0,0 +1,75 @@ +--- +title: "Licenses" +linkTitle: "Licenses" +weight: 10 +--- + +## TC01: Create a license with mandatory fields then edit External link + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Licenses_ tab | _Licenses_ page is displayed +3 | Click _Add License_ button | _New License_ page is displayed +4 | Fill in _Fullname_ and _Shortname_ fields
_Eg:_
- Fullname: Open Logistics Foundation License v1.3
- Shortname: OLFL-1.3 | Values are entered in the fields +5 | Click _Create License_ button | - Navigate to the license list page and the message "Success:License added successfully!" is displayed
- The new license should be added to the licenses list +6 | At _Details_ tab, update _External link for more information_ field
_Eg:_ https://eclipse.dev/sw360/docs/development/testcases/test-cases-licenses/
Click _Save_ button| - The page remains the same and the message _"Success:SUCCESS"_ is displayed
- Data of the _"External link for more information"_ field is updated correctly + +## TC02: Create a license with all fields + +Step | Action | Result +---:|:-----|:---- +1 | Sign in with a known _clearing admin_ user
Click _Licenses_ tab
Click _Add License_ button | _New License_ page is displayed +2 | Fill in all editable fields
_Eg:_
- Fullname: JAM License
- Shortname: Jam
- License Type: select a license type
- OSI Approved?: Yes
- Note: take a note!
- License Text: Copyright (C) YEAR by AUTHOR EMAIL Permission to use, copy and modify. | Values are entered in the fields +3 | Click _Linked Obligation_ tab | _Linked Obligation_ page is displayed +4 | Click _Add Obligation_ button | Screen display a dialog: _"Select License Obligations to be added."_ +5 | Select some obligations and click _Add_ button | The selected obligations have been added to the obligation table +6 | Click _Create License_ button | - Navigate to the license portlet and the message _"Success:License added successfully!"_ is displayed
- The new license should be added to the licenses list +7 | Click the newly created license name hyperlink | The details page of license is displayed +8 | Check data of License in _Details_ tab
Click _Text_ tab and check data of License in _Text_ tab
Click _Obligations_ tab and check data of License in _Obligations_ tab | The displayed data matches the input data + +## TC03: Create a license with linked obligations then edit whitelist + +Step | Action | Result +---:|:-----|:---- +1 | Sign in with a known _clearing admin_ user
Click _Licenses_ tab
Click _Add License_ button | _New License_ page is displayed +2 | Fill in _Fullname_ and _Shortname_
_Eg:_
- Fullname: Apache License 2.0
- Shortname: Apache-2.0 | Values are entered in the fields +3 | Click _Linked Obligation_ tab | _Linked Obligation_ page is displayed +4 | Click _Add Obligation_ button | Screen display a dialog: _"Select License Obligations to be added"_ +5 | Select some obligations and click _Add_ button | The selected obligations have been added to the obligation table +6 | Click _Create License_ button | - Navigate to the license list screen
- The new license should be added to the licenses list +7 | Search for new created license, then click _hyper link of new created license_ | The details page of license is displayed +8 | Click _Obligations_ tab | _Obligation_ page is displayed +9 | Click _Edit Whitelist_ button | _Update whitelist_ page is displayed +10 | Unselect the first obligation then click _Update Whitelist_ button | - Redirect to view license page with the message _"Success:License updated successfully!"_ is displayed
- The unselected obligation is not displayed anymore on obligations table + +## TC04: Edit License and remove/ add Obligations + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Licenses_ tab
At _Quick Filter_ area, input existed license with obligations. E.g: _JAM License_ in the textbox
Click _JAM License_ license name
Click _Edit License_ button | The update license page is displayed +3 | Edit some editable fields
_Eg:_
- Fullname: JAM License 2.0
- OSI Approved?: (n/a)
- FSF Free/Libre?: Yes
- License Text: | Values are entered in the fields +4 | Click _Linked Obligation_ tab
Click _Delete_ icon of the first obligation in _Action_ column | The _"Delete Obligation?"_ dialog is displayed with message: _"Do you really want to delete the obligation {deleted obligation name}?"_ +5 | Click _"Delete Obligation"_ button in the dialog | The chosen obligation is removed from the obligations table +6 | Click _Add Obligation_ button | Screen display a dialog: _"Select License Obligations to be added."_ +7 | Select some obligations and click _Add_ button | The selected obligations have been added to the obligation table +8 | Click _Update License_ button | - Navigate to the license details page
- Data of the obligation is updated successfully +9 | Click the edited license name (_JAM License 2.0_) | The details page of license is displayed +10 | Check data of License in _Details_ tab, _Text_ tab and _Obligation_ tab | The displayed data matches the input data + +## TC05: Delete an existing license + +Step | Action | Result +---:|:-----|:---- +1 | Sign in with a known _clearing admin_ user
Click _Licenses_ tab
At _Quick Filter_ area, input existing license in the textbox
  _Eg:_ "License_delete"
Click _"License_delete"_ license name in the result table
Click _Edit License_ button | The update license page is displayed +2 | Click _Delete License_ button | Screen display dialog with message: _"Do you really want to delete the license {licenseFullName ({licenseShortName})}?"_ +3 | Click _Delete License_ button in the dialog | - Navigate to the license portlet and the message _"Success:License removed successfully!"_ is displayed
- The removed license has been removed to the license table + +## TC06: Check Export Licenses +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Licenses_ tab | _Licenses_ page is displayed +3 | Click _Export Spreadsheet_ button | A dialog for opening _Licenses.xlsx_ is displayed +4 | Open the newly downloaded _Licenses.xlsx_ file in the local
Compare the number of rows with total number of entries from _Licenses_ tab | All licenses names are exported successfully \ No newline at end of file diff --git a/content/fr/docs/Development/TestCases/Test-Cases-Moderations.md b/content/fr/docs/Development/TestCases/Test-Cases-Moderations.md new file mode 100644 index 0000000..e465493 --- /dev/null +++ b/content/fr/docs/Development/TestCases/Test-Cases-Moderations.md @@ -0,0 +1,58 @@ +--- +title: "Moderation" +linkTitle: "Moderation" +weight: 10 +--- + +## TC01: Accept moderation request, for visible projects by other users + +Step | Action | Result +---:|:-----|:---- +1 | Open a first browser instance (Eg: "firefox.exe -p "profile1" -no-remote") and sign in with a known _First_ user | User successfully signed in and _Home_ page is displayed +2 | Open a second browser instance (Eg: "firefox.exe -p "profile2" -no-remote") and sign in with a known _Second_ user | User successfully signed in and _Home_ page is displayed +3 | Activate _First_ browser instance | Instance is active +4 | Create a new project visible for _Second_ user
Eg:
- Name: Project is created by First user
- Project visibility: Everyone | Project is created successfully +5 | Activate _Second_ browser instance | Instance is active +6 | Search for the above created project and click _Edit_ button | _"Success: You will create a moderation request if you update"_ message is displayed +7 | Edit _Description_ field or other fields
Eg:
Description: "Update description to create a moderation request!!"
Click _Update Project_ button| Create moderation request dialog is displayed +8 | Fill in _Please comment your changes_ field
Eg: I want to update this project. Please accept for me. Thanks @@.
Click _Send moderation request_ button | Show message: _"Success: Moderation request was sent to update the Project {nameProject} {(version)}!"_ +9 | Activate _First_ browser instance | Instance is active +10 | Check status of project in the _MY TASK ASSIGNMENTS_ table on _Home_ page | The above project that needs moderation is displayed with status _Pending_ +11 | Click _Requests_ page | The moderation request of _Second_ user is displayed with state _Pending_ +12 | Click the project name in the _Document Name_ column | - _"Success: You have assigned yourself to this moderation request."_ message is displayed
- _Moderation Request Information_ page is displayed, with proposed changes from step 7 listed +13 | Input a comment in the _Comment on Moderation Decision_ box. Eg: _The request is approved_
Click _Accept Request_ button | Request page display and show message: _"Success: You have accepted the moderation request"_ +14 | Click _Closed Moderation Requests_ tab
Check state of _Project is created by First user_ project | State changed to _Approved_ +15 | Check status of project in the _MY TASK ASSIGNMENTS_ table on _Home_ page | The request is removed from the table +16 | Activate _Second_ browser instance | Instance is active +17 | Check status of project in the _MY TASK SUBMISSIONS_ table on _Home_ page | Status is _Approved_ +18 | Open the _Projects_ page and click on previously modified project on step 7 | Project _Summary_ page displayed successfully +19 | Check the moderation requested changes | Changes are visible in the corresponding fields: _Description_ field was changed to _"Update description to create a moderation request!!"_ + +## TC02: Decline moderation request, for visible projects by other users + +Step | Action | Result +---:|:-----|:---- +1-11 | Same as in TC01 +12 | Input a comment in the _Comment on Moderation Decision_ box. Eg: _The request is declined_
Click _Decline Request_ button| Requests page display and show message: _"Success: You have rejected the moderation request"_ +13 | Click _Closed Moderation Requests_ tab
Check state of the above rejected project | State changed to _Rejected_ +14 | Check status of project in the _MY TASK ASSIGNMENTS_ table on _Home_ page | The request is removed from the table +15 | Activate _Second_ browser instance | Instance is active +16 | Check status of project in the _MY TASK SUBMISSIONS_ table on _Home_ page | Status is _Rejected_ +17 | Open the _Projects_ page and click on previously modified project on step 7 | Project _Summary_ page displayed successfully +18 | Check the moderation requested changes | Changes are not visible in the corresponding fields: data of the project is not changed. + +## TC03: Remove Me from Moderators for moderation request, for visible projects by other users + +Step | Action | Result +---:|:-----|:---- +1-11 | Same as in TC01 +12 | Click _Remove Me from Moderators_ button | - _"Warning: You are the last moderator for this request, you are not allowed to unsubscribe !"_ message is displayed (assuming only _First_ user was listed under _Moderators_ column in step 10)
- Can't remove from Moderators. Nothing to change +13 | Input a comment in the _Comment on Moderation Decision_ box. Eg: _Decline the request._
Click _Decline Request_ button| Requests page display and show message: _"Success: You have rejected the moderation request"_ +14 | Edit the project and add a new moderator (Eg: _Third_ user) under _Moderators_ field | Project updated successfully +15 | Activate _Second_ browser instance | Instance is active +16 | Edit the project and create a new moderation request | Moderation request was sent +17 | Activate _First_ browser instance | Instance is active +18 | Click _Moderation_ page | The moderation request of _Second_ user is displayed with state _Pending_ +19 | Click the project name which the moderation was created in step 16 | - _"Success: You have assigned yourself to this moderation request."_ is displayed
- _Moderation Request Information_ page is displayed, with proposed changes from step 16 listed +20 | Click _Remove Me from Moderators_ button| _"Success: You have unassigned yourself from the moderation request"_ message is displayed. Also the document is deleted from moderation list. +21 | Login with the _Third_ user and check the _Moderation request_ in _Request_ page | The moderation request of _Second_ user is displayed with state _Pending_ \ No newline at end of file diff --git a/content/fr/docs/Development/TestCases/Test-Cases-Packages.md b/content/fr/docs/Development/TestCases/Test-Cases-Packages.md new file mode 100644 index 0000000..b64b6ef --- /dev/null +++ b/content/fr/docs/Development/TestCases/Test-Cases-Packages.md @@ -0,0 +1,69 @@ +--- +title: "Packages" +linkTitle: "Packages" +weight: 10 +--- + +## TC01: Create a package with required fields + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Packages_ tab
Click _Add Package_ button| The _Create Package_ page is displayed +3 | Input valid data into required fields
_Eg:_
- Name: package1
- Version: 1.0.0
- Package Type: Framework
- PURL (Package URL): pkg:npm/angular-sanitize@1.8.2 | Values are entered in the fields +4 | Click _Create Package_ button | - The message: _"Success: Package created successfully"_ is displayed at the left corner
- Redirect to the _Package list_ page
- The new package is added to the package list +5 | Search for the new project then click the hyperlink of the newly created package name | Redirect to view page of the created package +6 | Check data of all fields | Data in all fields match with input values + +## TC02: Create a package with all fields + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Packages_ tab
Click _Add Package_ button | The _Create Package_ page is displayed +2 | Input valid data into all editable fields | Values are entered in the fields +3 | Click _Create Package_ button | - The message: _"Success: Package created successfully"_ is displayed at the left corner
- Redirect to the _Package list_ page
- The new package is added to the package list +4 | Search for the new package then click the hyperlink of the newly created package name | Redirect to view page of the created package +5 | Check data of all fields | Data in all fields match with input values + +## TC03: Update some fields for package + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Component_ tab
Create a component with name is _ComponentA_
Create a release with name is _ComponentA (1.0.1)_ | Release _ComponentA (1.0.1)_ is created successfully +2 | Click _Packages_ tab
Create a new package with name and version are _Package1 (1.0.1)_ | Package _Package1 (1.0.1)_ is created successfully +3 | At advanced Search, search for newly created package
_Eg:_ Package1 (1.0.1)
Click _Edit Package_ icon at _Actions_ column | _Update Package_ page is displayed +4 | Update data of some fields
_Eg:_
- Version: 1.0.2
- Homepage URL: pkg:npm/@microsoft/applicationinsights-web@2.5.11
- Release: ComponentA (1.0.1) | Data is filled in fields match with input values +5 | Click _Update Package_ button | - The message: _"Success: Package updated successfully"_ is displayed at the left corner
- Redirect to the package list page +6 | Search for the updated project then click the hyperlink of the package name | Redirect to view page of the updated package +7 | Check data of all fields | Data in all fields match with data at update page + +## TC04: Link package to project with release of the package has not linked to the project yet + +Step | Action | Result +---:|:-----|:---- +1 | Create Component with name is _ComponentA_
Create a release with name is _ComponentA (1.0.1)_| Release is created successfully +2 | Click _Packages_ tab
Click _Add Package_ button
Create a new package with:
- Name: _PackageA_
- Version: _(1.0.1)_
- Release: _ComponentA (1.0.1)_| Package is created successfully +3 | Click _Project_ tab
Create project with name is _ProjectA_ | Project is created successfully +4 | In _Edit ProjectA project_ page then click _Linked Packages_ tab
Click _Add Packages_ button | Dialog _Link Packages_ is displayed +5 | Input _PackageA_ in textbox then click _Search_ button
Choose _PackageA_ package then click _Link Packages_ button | Information of the _PackageA_ package is displayed correctly in the table +6 | Click _Update Project_ button | - Redirect to the _ProjectA_ project view screen
- Information of _Linked Package_ tab is correct with input data +7 | Click _License Clearing_ tab, check information of the table | Display data of _ComponentA (1.0.1)_ release with correctly information + +## TC05: Unlink package from the project + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Packages_ tab
Create a new package with name and version are _PackageA (1.0.1)_| Package is created successfully +2 | Click _Project_ tab
Create a project with name is _ProjectA_ and then add _PackageA_ newly created as linked package of _ProjectA_ project | Project is created successfully +3 | In edit project page, click _Linked Packages_ tab
Click _Delete_ icon of PackageA (1.0.1) package
Click _Delete Link_ button | Data of _PackageA (1.0.1)_ package is removed from package table +4 | Click _Update Project_ button | - Redirect to view _ProjectA_ page
- Project _ProjectA_ is updated successfully
- Data in the _Linked Packages_ tab: _PackageA (1.0.1)_ package information is removed + +## TC06: Delete a package that is first linked to a project and then not + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Packages_ tab
Create a new package with name and version are _PackageA (1.0.1)_| Package is created successfully +2 | Click _Projects_ tab
Create a project with name is _ProjectA_ and then add _PackageA_ newly created as linked package of _ProjectA_ project | Project is created successfully +3 | Click _Packages_ tab
At advanced Search, search for newly created package
_Eg:_ PackageA(1.0.1)
Click _Delete Package_ icon in _Actions_ column of this package | Dialog _"Delete Package?"_ display with message: _"Do you really want to delete the package {packageName} ({package version})?"_ +4 | Click _Delete Package_ button | Error message is displayed: _"Package cannot be deleted!"_ +5 | Unlink _PackageA_ package from _ProjectA_ project
Re-delete _PackageA(1.0.1)_ package follow steps from 3-4| - Delete _PackageA_ package successfully with message "Deleted successfully!" in the dialog
- Package _PackageA(1.0.1)_ is not display in the package list table \ No newline at end of file diff --git a/content/fr/docs/Development/TestCases/Test-Cases-Projects.md b/content/fr/docs/Development/TestCases/Test-Cases-Projects.md new file mode 100644 index 0000000..b344ff1 --- /dev/null +++ b/content/fr/docs/Development/TestCases/Test-Cases-Projects.md @@ -0,0 +1,115 @@ +--- +title: "Projects" +linkTitle: "Projects" +weight: 10 +--- + +## TC01: Add a simple project with no relations and no releases + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Projects_ tab | _Projects_ page is displayed +3 | Click _Add Project_ button| _New Project_ page is displayed with mandatory fields marked with red star:
- Summary tab: Name, Visibility, Project Type, Group
- Administration tab: Project State +4 | Fill mandatory _Name_ with a project name, change other fields if needed
Eg:
- Name: PROJECT_REQUIRED_FIELDS| Values are entered in the fields +5 | Click _Create Project_ button| - Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed
- New project _Summary_ page is displayed +6 | Click _Projects_ tab | - The new project _"PROJECT_REQUIRED_FIELDS"_ should be added to the projects list
- Data of the project correctly, matches with input data + +## TC02: Add a full project with relations, releases and send to clearing process + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Projects_ tab
Click _Add Project_ button
Input Name as "A_FULL_PROJECTS"
Fill in all editable fields in _Summary_ and _Administration_ links | Values are entered in the fields +2 | Click _Linked Releases And Projects_ link | _Linked Releases And Projects_ page is displayed +3 | Click _Add Projects_ button | _Search Project_ dialog is displayed +4 | Click _Search_ button then select a project to be linked (Eg: created in TC01 "PROJECT_REQUIRED_FIELDS")
Click _Link Projects_ button| Dialog is closed and selected project is displayed under _Linked Projects_ section +5 | Click _Add Releases_ button | _Search Release_ dialog is displayed +6 | Click _Search_ button
Select releases to be linked
Click _Link Releases_ button| Dialog is closed and selected release is displayed under _Linked Releases_ section +7 | Click _Linked Packages_ link | _Linked Packages_ page is displayed +8 | Click _Add Packages_ button | _Search Package_ dialog is displayed +9 | Click _Search_ button in the dialog
Select an orphan package to be added then click _Link Packages_ button | Dialog is closed and selected release is displayed under _Linked Packages_ section +10 | Click _Create Project_ button | - Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed
- New project _Summary_ page is displayed +11 | Click _Projects_ tab
At _Advanced Search_ area, input _"A_FULL_PROJECTS"_ in the _"Project Name"_ textbox
Click _Search_ button| The new project should be added to the projects list with data correctly, matches with input data +12 | In new project, check _Clearing Status_ by hovering mouse over the numbers | The message should be _{number} Releases out of {total number} have approved clearing reports (including sub-projects)._ +13 | Click _Create Clearing Request_ icon under _Actions_ column | The dialog _Create Clearing Request_ is displayed +14 | Choose clearing team email id, _Clearing Type_ and _Preferred Clearing Date_ | The data in the fields is displayed as the selected data +15 | Click _Create Request_ button | The message:
_Clearing Request {clearing request id} created successfully!
Clearing team will confirm on the agreed clearing date._
is displayed in the dialog +16 | Click _Close_ button in the dialog | The dialog is closed +17 | Re-click the _Create Clearing Request_ icon under _Actions_ column | The _View Clearing Request_ dialog is displayed with:
- Requesting User: {requested user}
- Created on: {created request date}
- Preferred Clearing Date: {displayed as input data}
- Clearing Team: {email of chosen clearing team}
- Priority: LOW
- Request Status: NEW +18 | Click _Close_ button in the dialog | The dialog is closed + + +## TC03: Add a project with releases, no relations, remove a release + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Projects_ tab
Click _Add Project_ button
Fill mandatory Name with a project name, change other fields if needed
Click _Linked Releases And Projects_ link
Click _Add Projects_ button | _Search Project_ dialog is displayed +2 | Click _Search_ and select the project to be linked (Eg: created in TC01 "PROJECT_REQUIRED_FIELDS")
Click _Link Projects_ button | Dialog is closed and selected project is displayed under _Linked Projects_ section +3 | Click _Delete_ icon to delete the linked project | Message is displayed: _"Do you really want to remove the link to project {linked project name}?"_ +4 | Click _Delete Link_ button | The project is removed from the list of _Linked Projects_ +5 | Click _Add Releases_ button | _Search Release_ dialog is displayed +6 | Click _Search_ by name and select a release to be added then click _Link Releases_ button| Dialog is closed and selected release is displayed under _Linked Releases_ section +7 | Click _Delete_ icon to delete the linked release | Message is displayed: _"Do you really want to remove the link to release {linked release name}?"_ +8 | Click _Delete Link_ button | The release is removed from the list of _Linked Releases_ +9 | Click _Linked Packages_ link
Click _Add Packages_ button | Search Release dialog is displayed +10 | Click _Search_ button in the dialog
Select an orphan package to be added then click _Link Packages_ button | Dialog is closed and selected release is displayed under _Linked Packages_ section +11 | Click _Delete_ icon to delete the linked package | Message is displayed: _"Do you really want to remove the link to package {linked package name}?"_ +12 | Click _Delete Link_ button | The release is removed from the list of _Linked Packages_ +13 | Click _Create Project_ button | Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed +14 | Click _Projects_ tab | The new project should be added to the projects list +15 | In newly created project, check _Clearing Status_ by hovering mouse over the numbers of the project | The message should be 0 Releases out of 0 have approved clearing reports (including sub-projects) + +## TC04: Delete a project that is first linked to another project and then not linked + +Step | Action | Result +---:|:-----|:---- +1 | Create a new project with name is _Child Project_ | _Child Project_ project is created successfully +2 | Create another project with name is _Parent Project_ and add previously created _Child Project_ as linked project of _Parent Project_ | _Parent Project_ project is created successfully with linked project is _Child Project_ project +3 | Click _Projects_ tab
At _Advanced Search_ area, input _Child Project_ in the _Project Name_ textbox
Click _Search_ button| _Child Project_ project display in the result table +4 | Click _Delete_ icon to delete _Child Project_ project | Screen display dialog with message: _"Do you really want to delete the project Child Project?"_ +5 | Click _Delete Project_ button | Display message in the dialog: _"The project cannot be deleted, since it is used by another project!"_ +6 | Click _Cancel_ button | Dialog is closed and _Child Project_ project wasn't deleted in the table +7 | Go to _Parent Project_ project in the project table and delete it
Click _Delete_ button | _Parent Project_ project is deleted successfully +8 | Go to _Child Project_ project in the project table and re-delete it | _Child Project_ project is deleted successfully + +## TC05: Modify an existing project with relations, releases and send to clearing process + +Step | Action | Result +---:|:-----|:---- +1 | Create a new project. Eg: _PROJECT_REQUIRED_FIELDS_ | The project is created successfully +2 | Click _Project_ tab
At _Advanced Search_ area, search for a simple project
Eg: project created in TC01: input "PROJECT_REQUIRED_FIELDS" in the "Project Name" textbox
Click _Search_ button
Click _Edit_ icon of "PROJECT_REQUIRED_FIELDS" project | _Summary_ page is displayed
Screen display message: _"Success: You are editing the original document."_ +3 | Update project name to _PROJECT_REQUIRED_FIELDS_updated_ | Values are entered in the field +4 | Click _Linked Releases And Projects_ link | _Linked Releases And Projects_ page is displayed +5 | Click _Add Projects_ button | _Search Project_ dialog is displayed +6 | Click _Search_ and select the project to be linked (Eg: created in TC02 "A_FULL_PROJECTS")
Click _Link Projects_ button | Dialog is closed and selected project is displayed under _Linked Projects_ section +7 | Click _Add Releases_ button | _Search Release_ dialog is displayed +8 | Click _Search_ button
Select an release to be added then click "Link Releases" button | Dialog is closed and selected release is displayed under _Linked Releases_ section +9 | Click _Linked Packages_ link | _Linked Packages_ page is displayed +10 | Click _Add Packages_ button | _Search Release_ dialog is displayed +11 | Click _Search_ button in the dialog
Select an orphan package to be added then Click _Link Packages_ button | Dialog is closed and selected release is displayed under _Linked Packages_ section +12 | Click _Update Project_ button | - Navigate to the project's viewing screen with the message _"Success: Project {project name} updated successfully!"_ is displayed
- The project is updated according to the input data +13 | Click _Projects_ tab
At _Advanced Search_ area, input "PROJECT_REQUIRED_FIELDS_updated" in the _Project Name_ textbox
Click _Search_ button | The project name _PROJECT_REQUIRED_FIELDS_updated_ is displayed in the project list table +14 | Click _Create Clearing Request_ icon under _Actions_ column | The dialog _Create Clearing Request_ is displayed +15 | Choose clearing team emaild id, _Clearing Type_ and _Preferred Clearing Date_ | The data in the fields is displayed as the selected data +16 | Click _Create Request_ button | The message:
_Clearing Request {clearing request id} created successfully!
Clearing team will confirm on the agreed clearing date._
is displayed in the dialog +17 | Click _Close_ button in the dialog | The dialog is closed +18 | Re-click the _Create Clearing Request_ icon under _Actions_ column | The _View Clearing Request_ dialog is displayed with:
- Requesting User: {requested user}
- Created on: {created request date}
- Preferred Clearing Date: {displayed as input data}
- Clearing Team: {email of chosen clearing team}
- Priority: LOW
- Request Status: NEW +19 | Click _Close_ button in the dialog | The dialog is closed + +## TC06: Add and modify a project with all project fields filled in + +Step | Action | Result +---:|:-----|:---- +1 | Click _Projects_ tab
Click _Add Project_ button
Input Name as _A_FULL_BASIC_PROJECT_
Fill in all editable fields in _Summary_ and _Administration_ links | _Projects_ page is displayed | Values are entered in the fields +2 | Click _Create Project_ button | Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed +3 | Click _Edit Project_ button | Summary page is displayed with message: _"Success: You are editing the original document."_ +5 | Modify some fields
Eg:
- Name: A_FULL_BASIC_PROJECT_changed
- Clearing state (in Administration tab): In Progress
Click _Update Project_ button | - Screen is display view page and the message _"Success: Project A_FULL_BASIC_PROJECT_changed updated successfully!."_ is displayed
- Values are updated successfully + +## TC07: Duplicate an existing project + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing project with all fields filled in (Eg: created in TC02 A_FULL_PROJECTS project) and click _Duplicate_ button under _Actions_ column | Project _Information_ page is displayed +2 | Check all fields from copied project | - In the Administration tab, the default for the _Clearing State_ field is _Open_
- Other fields are duplicated, including _Linked Projects_, _Linked Releases_ and _Linked Packages_ +3 | Change version. Eg: 1.0.5-duplicate
Click _Create Project_ button| Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed +4 | Check all fields | All fields were copied successfully, except the new name and _Project Clearing State_ of the project diff --git a/content/fr/docs/Development/TestCases/_index.md b/content/fr/docs/Development/TestCases/_index.md new file mode 100644 index 0000000..2c0ed13 --- /dev/null +++ b/content/fr/docs/Development/TestCases/_index.md @@ -0,0 +1,7 @@ +--- +title: "Test Cases" +linkTitle: "Test Cases" +weight: 3 +oem_ignore: true +description: SW360 Assorted Test Cases +--- diff --git a/content/fr/docs/Development/_index.md b/content/fr/docs/Development/_index.md new file mode 100644 index 0000000..eb76527 --- /dev/null +++ b/content/fr/docs/Development/_index.md @@ -0,0 +1,83 @@ +--- +title: "Development" +linkTitle: "Development" +weight: 30 +icon: fab fa-github +description: SW360 Development Information +--- + +# Developing sw360 + +The sw360 is Java-based application consisting of two main parts: + +1. A Liferay/based front end application that allows users to work with sw360 +1. A Java-based servlet infrastructure Thrift interfaces that allows the Liferay part and other applications to manage and store data +1. In the backend, couchdb is used for storing project, component, release and license information as well as attachments. + +### Submitting Issues + +Please report issues to the issue tracker, but please keep also in mind that someone else has to read them! Issues should include: + +* What you intended to do? +* What did you observe? +* Why do you think it is wrong? +* Screenshots of what you have observed presumably gone wrong or link to pages where another person can follow +* Version where you have observed this. +* Common written English and use of line breaks!!! Use the preview function! + +Please refer to the following pages for writing issues: + +* https://issues.apache.org/bugwritinghelp.html +* https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines +* https://www.joelonsoftware.com/2000/11/08/painless-bug-tracking/ + +### Contribution Workflow + +As basic introduction, the dev ops works as following: + +1. We are issue-based, please do not hesitate to create issues - also for _questions_ (and set the issue tag) +1. The issues are organised by milestones which [do not represent releases anymore](Dev-Releasing-SW360). Milestone are meant to be useful packages of work done +1. Contributions are made through pull requests +1. We do conversations directly on issues and pull requests + +More topics regarding "how" to develop: + +1. [Definition of done and code style](Dev-DoD-and-Style) +1. [Creating a sw360 release](Dev-Releasing-SW360) +1. [Brief notes on the jgiven testing](Dev-Testing-Frameworks) +1. [For help with problems, you might want to check that](Dev-Troubleshooting) + +### Architecture + +sw360 is a server application using Java servlets. It did some faint steps towards micro services (ie. one maintaining licenses, another for vulnerabilities), the front end is a portlet applications using good old JSPs. + +1. [Introduction and Scope](Dev-Arch-General) +2. [High Level View](Dev-Arch-View) +3. [Architecture Topics](Dev-Arch-Topics) + +### General + +1. [How to write a new portlet]({{< relref path="Dev-Adding-a-new-portlet-Frontend.md" >}}) +1. [Adding a new backend service]({{< relref path="Dev-Adding-a-new-portlet-Backend.md" >}}) +1. [Changing the data model](Dev-Adding-New-Fields-to-Existing-Classes) +1. [REST API overview](Dev-REST-API) +1. [Migrating to Javascript modules](Dev-Using-RequireJS-for-javascript-modules) + +### Special + +1. [Filtering in portlets](Dev-Filtering-in-Portlets) +1. [The FOSSology integration](Dev-Fossology-Integration) +1. [How moderation requests work](Dev-Moderation-Requests) +1. [Roles and access rights](Dev-Role-Authorisation-Model) +1. [Attachment Types Description](Dev-Attachment-File-Types) +1. [Our ideas of Google-Summer-of-Code 2019](https://wiki.eclipse.org/Google_Summer_of_Code_2019_Ideas#Eclipse_SW360) +1. [How Friendly URLs work with the Liferay Portlets](Dev-Liferay-Friendly-URL) + +# Testing sw360 + +Generally, all modules have unit tests and these are executed (including deployment of couchdb) at CI times. In addtion, to test the front end, there are defined integration test cases for a manual check, if the sw360 is working properly in general: + +1. [Test Cases: Components Functionality](Test-Cases-Components) +1. [Test Cases: Licenses Functionality](Test-Cases-Licenses) +1. [Test Cases: Moderations Functionality](Test-Cases-Moderations) +1. [Test Cases: Projects Functionality](Test-Cases-Projects) diff --git a/content/fr/docs/Userguide/BestPractices/User-Attachment-File-Types.md b/content/fr/docs/Userguide/BestPractices/User-Attachment-File-Types.md new file mode 100644 index 0000000..c23ddf5 --- /dev/null +++ b/content/fr/docs/Userguide/BestPractices/User-Attachment-File-Types.md @@ -0,0 +1,31 @@ +--- +linkTitle: "Attachment File Types" +title: "Attachment File Types" +Weight: 22 +--- + +SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments. + +Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now. + +In summary, the following the types currently are as follows: + +| Type name | Functionality | Description | +|:-------------|:------------------------|:--------------| +| SOURCE | for sending to tools | Source packages of a release as found on the Internet | +| COMPONENT_LICENSE_INFO_XML | for project documentation generation | An XML-based description of the licenses and coprights involved | +| DESIGN | n.a. | Just nomenclature to name this not document | +| REQUIREMENT | n.a. | Just a general placeholder for an attachment | +| DOCUMENT | n.a. | Just a general placeholder for an attachment | +| CLEARING_REPORT | Setting clearing status | Reporting information for component license state | +| COMPONENT_LICENSE_INFO_COMBINED | (should be) for project documentation generation | Multiple components with component license information | +| SCAN_RESULT_REPORT | n.a. | Just description what scanners found without conclusions | +| SCAN_RESULT_REPORT_XML | n.a. | Just description what scanners found without conclusions in XML | +| SOURCE_SELF | (should be) for sending to tools | Source packages build self, because not available in the Internet | +| BINARY | future: for sending to tool doing binary analysis | Binary from the publisher | +| BINARY_SELF | future: for sending to tool doing binary analysis | Self built binary | +| DECISION_REPORT | n.a. | Decision information ref. the component | +| LEGAL_EVALUATION | n.a. | Internally created legal evaluation | +| LICENSE_AGREEMENT | n.a. | Document describing the license agreement | +| SCREENSHOT | n.a. | If licensing information is captured with screenshot | +| OTHER | n.a. | If not document | diff --git a/content/fr/docs/Userguide/BestPractices/_index.md b/content/fr/docs/Userguide/BestPractices/_index.md new file mode 100644 index 0000000..3d9984d --- /dev/null +++ b/content/fr/docs/Userguide/BestPractices/_index.md @@ -0,0 +1,83 @@ +--- +title: "SW360 Best Practices" +linkTitle: "Best Practices" +--- + +## SW360 Usage and Handling of Components +The above mentioned data model has consequences for the usage of SW360: + +- If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell +- Uploading source packages / actual software as attachment makes sense at the release, not at the component +- If you have created a component and release entry, you can go ahead and assign a vendor to a release. + +This very clear approach enables a number of issues, please keep the following goals in mind: + +- Duplicate entries need to be removed +- Separating vendor from components names and release tags brings clarity to component naming +- Interaction with other systems is a must today. As such we need to support the CPE standard which also implement this 3-parts separation +- Having the clear modeling of data enables better search and filtering abilities of the component catalogue. + +## How to Create (Component) Entries? +In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules: + +- What is the name of the vendor, the name of the component and what is the release designator? +- For the Vendor + - Does a CPE entry exist? + - Look here: [ https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm) or [ http://scap.nist.gov/specifications/cpe/dictionary.html](http://scap.nist.gov/specifications/cpe/dictionary.html) + - Use the same writing as found in the CPE dictionary + - A CPE does not exist? + - Who is the copyright holder: an organization? + - Use this organization name without "inc", "Gmbh", etc. + - A person + - Look at the CPE dictionaries for example + - They use first name last name with "_", for example "Wedge_Antilles +- For a component + - Again, does a CPE entry exist? + - Separate Component name from release designation +- For a release + - Do not repeat the component name + - Use the release designation as provided by the software package + - Avoid prefixes, such as "version", "v" etc +- For special cases: + - If you upload a part of a release software package, create a **separate** release for this + - For example "2.0-MODIFIED" + - Consider that leaving items out from a software release is actually a modification + +## How to Create Vendors +In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real "manufacturer" independently from where you download it. + +There are different cases: + +1. COTS: + + - Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple) + + - You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name. + + - Consider the following link: [ https://nvd.nist.gov/products/cpe/search](https://nvd.nist.gov/products/cpe/search) + + - Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360. + + - **General rule**: Vendor is meant to be manufacturing party not distributing / delivering party. + +2. Freeware + + - Problem is that freeware has an author, but also different "vendors" in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions. + +3. OSS: + + - Community name, e.g. zlib project for zlib. + + - Or the org name of the github orgname or sourceforge group name + + - Do not use "Github" or "Sourceforge" as vendor + + - However, foundations, publishing the software would be a vendor, e.g. "Apache", "Eclipse" + + - But eclipse has a github organization anyway, for example + + - With single author projects should you take the author name. A "john_doe" from John Doe as short name. + +Note that very release has its own vendor. as a consequence: + +- There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution. diff --git a/content/fr/docs/Userguide/BestPractices/component-naming.md b/content/fr/docs/Userguide/BestPractices/component-naming.md new file mode 100644 index 0000000..65b2baa --- /dev/null +++ b/content/fr/docs/Userguide/BestPractices/component-naming.md @@ -0,0 +1,115 @@ +--- +title: "Naming a Component" +linkTitle: "Naming a Component" +weight: 21 +--- + +**The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.** + +## Usage and Handling of Components + +- If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell +- Uploading source packages / actual software as attachment makes sense at the release, not at the component +- If you have created a component and release entry, you can go ahead and assign a vendor to a release. + +This very clear approach enables a number of issues, please keep the following goals in mind: + +- Duplicate entries need to be removed +- Separating vendor from components names and release tags brings clarity to component naming +- Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation +- Having the clear modelling of data enables better search and filtering abilities of the component catalogue. + +## Checklist + +- Does the component already exist on SW360 (think about possible different names)? +- What is the name of the component homepage? +- What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding! +- How is component called on repositories like Maven, NuGet, etc.? +- Take care: use the name and not the id! +- Search SW360 for the component repository id. +- Search SW360 for all possible name variations. +- Ask your local software clearing expert for help. + +## Naming a Component - Special Cases + +### .Net Component from GitHub + +![draft_30](SW360_NamingaComponentimage/draft_30.png) In some case it is difficult to determine the real name of a component, like for example *Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore)*. In these cases it might be the best way to use that package name as specified on Nuget, in this case **Microsoft.EntityFrameworkCore**. + +### Java Components + +The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page. + +Examples: + +- 'Spring Framework' (from project home page [ https://spring.io/projects](https://spring.io/projects) or also from source code repository [ https://github.com/spring-projects/spring-framework](https://github.com/spring-projects/spring-framework)) +- 'Spring Data Redis' (from project home page [ https://spring.io/projects/spring-data](https://spring.io/projects/spring-data) or also from source code repository [ https://github.com/spring-projects/spring-data-redis](https://github.com/spring-projects/spring-data-redis)) +- 'Thymeleaf' (from project home page [ https://www.thymeleaf.org/](https://www.thymeleaf.org/); source code repository [ https://github.com/thymeleaf/thymeleaf](https://github.com/thymeleaf/thymeleaf)) +- 'Thymeleaf Spring 5 Integration' (from project home page [ https://www.thymeleaf.org/download.html](https://www.thymeleaf.org/download.html) or source code repository page [ https://github.com/thymeleaf/thymeleaf-spring](https://github.com/thymeleaf/thymeleaf-spring) → [ thymeleaf-spring5](https://github.com/thymeleaf/thymeleaf-spring/tree/3.0-master/thymeleaf-spring5) +- 'Commons Codec' (from project home page [ https://commons.apache.org/proper/commons-codec/](https://commons.apache.org/proper/commons-codec/) or source code repository page [ https://github.com/apache/commons-codec](https://github.com/apache/commons-codec)) [or better 'Apache Commons Codec'? But 'Apache' is already the vendor'] + +Do not use jar names or Gradle/Maven artifactIds, like 'spring-framework'. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-.jar (which is only a subset of the Spring Framework)! + +Hierarchical Java components: + +Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for 'Spring Framework' there is one repository [ https://github.com/spring-projects/spring-framework](https://github.com/spring-projects/spring-framework) with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents. + +In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like 'Thymeleaf Spring 5 Integration' above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like 'Thymeleaf Spring Integration') and have seprate releases for the subset ('3.0.9.RELEASE Spring 5'). + +Identifying a (new or existing) SW360 component for a java archive: + +Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name). + +*Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.* + +## Component Scope + +We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source. + +### Example + +There is a Java component called Logback ([ https://logback.qos.ch/](https://logback.qos.ch/)). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In **SW360 there should be only one component Logback!** It is confusing to have also "Logback core", "logback-core", "logback core", "logback classic" and "logback-classic". + +## Naming a Component – Bad Examples + +### Json.Net + +There is a component that is available on NuGet by the name 'Json.NET' and the id 'Newtonsoft.Json'. On the component homepage [ http://www.newtonsoft.com/json](http://www.newtonsoft.com/json) it is called 'Json.NET'. + +Just some examples of naming and how it could be improved: + +- 14 x Vendor = 'Open Source Software', Name = 'Json.NET' => **wrong**! +- 1 x Vendor = 'Newtonsoft', Name = 'Json.NET (COTS)' => **wrong**! +- 2 x Vendor = 'NuGet Gallery', Name = Json.NET' => **wrong**! +- 1 x Vendor = 'CodePlex', Name = Json.NET' => **wrong**! +- 4 x Vendor = 'Open Source Software', Name = 'Newtonsoft Json.NET' => **wrong**! + +The proper identification (Vendor = 'Newtonsoft', Name = 'Json.NET') has to be used! + +### Oracle JavaBeans Activation Framework + +Just some examples of naming and how it could be improved: + +- 3 x Vendor = 'Open Source Software', Name = 'Activation' => **wrong**! +- 3 x Vendor = 'Open Source Software', Name = 'Oracle JavaBeans Activation Framework' + +### Oracle Java Mail + +Just some examples of naming and how it could be improved: + +- 3 x Vendor = 'Open Source Software', Name = 'Mail' => **wrong**! +- 5 x Vendor = 'Open Source Software', Name = 'Oracle JavaMail API' => **wrong**! +- 4 x Vendor = 'Oracle', Name = 'Oracle JavaMail API' + +### Moment.js + +Just some examples of naming and how it could be improved: + +- 7 x Vendor = 'GitHub', Name = 'moment' => **wrong**! +- 2 x Vendor = 'Open Source Software', Name = 'moment' => **wrong**! +- 2 x Vendor = 'Open Source Software', Name = 'Moment JS' => **wrong**! +- 3 x Vendor = 'Open Source Software', Name = 'MomentJS' => **wrong**! +- 3 x Vendor = 'Open Source Software', Name = 'Moment.js' + +Just look on the community homepage: there is the name in bold letters: +Moment.js – consider this name. diff --git a/content/fr/docs/Userguide/BestPractices/good-record-creation-structure.md b/content/fr/docs/Userguide/BestPractices/good-record-creation-structure.md new file mode 100644 index 0000000..0a87a29 --- /dev/null +++ b/content/fr/docs/Userguide/BestPractices/good-record-creation-structure.md @@ -0,0 +1,168 @@ +--- +title: "Record Creation" +linkTitle: "Record Creation" +weight: 23 +--- + +## How to Create (Component) Entries? +In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules: + +- What is the name of the vendor, the name of the component and what is the release designator? +- For the Vendor + - Does a CPE entry exist? + - Look here: [ https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm) or [ http://scap.nist.gov/specifications/cpe/dictionary.html](http://scap.nist.gov/specifications/cpe/dictionary.html) + - Use the same writing as found in the CPE dictionary + - A CPE does not exist? + - Who is the copyright holder: an organization? + - Use this organization name without "inc", "Gmbh", etc. + - A person + - Look at the CPE dictionaries for example + - They use first name last name with "_", for example "Wedge_Antilles +- For a component + - Again, does a CPE entry exist? + - Separate Component name from release designation +- For a release + - Do not repeat the component name + - Use the release designation as provided by the software package + - Avoid prefixes, such as "version", "v" etc +- For special cases: + - If you upload a part of a release software package, create a **separate** release for this + - For example "2.0-MODIFIED" + - Consider that leaving items out from a software release is actually a modification + +## How to Create Vendors +In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real "manufacturer" independently from where you download it. + +There are different cases: + +1. COTS: + + - Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple) + + - You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name. + + - Consider the following link: [ https://nvd.nist.gov/products/cpe/search](https://nvd.nist.gov/products/cpe/search) + + - Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360. + + - **General rule**: Vendor is meant to be manufacturing party not distributing / delivering party. + +2. Freeware + + - Problem is that freeware has an author, but also different "vendors" in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions. + +3. OSS: + + - Community name, e.g. zlib project for zlib. + + - Or the org name of the github orgname or sourceforge group name + + - Do not use "Github" or "Sourceforge" as vendor + + - However, foundations, publishing the software would be a vendor, e.g. "Apache", "Eclipse" + + - But eclipse has a github organization anyway, for example + + - With single author projects should you take the author name. A "john_doe" from John Doe as short name. + +Note that very release has its own vendor. as a consequence: + +- There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution. + +## Naming a Vendor + +Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components. + +Required information: + +- **Full name** - The full name of the company, organization or person. +- **Short name** - A good short name, compatible to CPE (see section 8.3) +- **URL** - The URL of the organization or a URL where we can get more information about a person. + +### How to find a (good) vendor name? + +Some guidelines + +- If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that's most probably the right vendor name. +- If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that's is the right vendor name. +- If there is only a single person developing the component, then this is the vendor. +- If there is a GitHub organization name or person name available, use this one. +- **No vendor names are**: 'Open Source Software', 'NuGet Gallery', 'CodePlex', 'Codeguru', 'Stack Overflow', 'CodeProject', etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects. + +### Examples + +#### Microsoft + +Full name = Microsoft Corporation + +Short name = Microsoft + +URL = [ www.microsoft.com](https://www.microsoft.com/en-in/) + +#### Apache + +Full name = Apache Software Foundation + +Short name = Apache + +URL = [ http://www.apache.org/](http://www.apache.org/) + +#### Constantin Titarenko + +Full name = Constantin Titarenko + +Short name = constantin_titarenko (Note the underscore!) + +URL = [ https://github.com/titarenko](https://github.com/titarenko) + +## How to determine the CPE? + +The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information. + +### Syntax of a CPE Entry + +The syntax of a CPE entry is defined as: + +`cpe::::::::` + +**CPE-Version** refers to the CPE naming format version. We will always use version 2.3 + +**part** refers to the type of the component (a = application, o = operating system, h =hardware device) + +**vendor** refers to the vendor or author of the component. Only small letters are allowed. + +**product** refers to the name of the product. Only small letters are allowed. + +**version** refers to the version of the product. + +**update** refers to the updates of this specific version + +**edition** and **language** can be used to specify more details + + +Non-existing or unknown party can get replaced by the placeholder '*'. + + +**Note**: only small letters are allowed. Spaces have to be replaced by underlines '_'. + +### Examples + +**Microsoft .Net Framework, version 1.0 SP2** + +`cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*` + + +**Apache ActiveMQ, version 4.0** + +`cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*` + + +**Apache log4net, version 1.2.9 beta** + +`cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*` + + +**Oracle Java Runtime, version 1.7.0, update 51** + +`cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*` + diff --git a/content/fr/docs/Userguide/BestPractices/license-naming.md b/content/fr/docs/Userguide/BestPractices/license-naming.md new file mode 100644 index 0000000..a880737 --- /dev/null +++ b/content/fr/docs/Userguide/BestPractices/license-naming.md @@ -0,0 +1,113 @@ +--- +title: "License Naming" +linkTitle: "License Naming" +--- + +## Guidelines +Generally the license naming should conform with the SPDX Spec and the SPDX License List + +Please see the "License List Fields" from [ https://spdx.org/spdx-license-list/license-list-overview#fields](https://spdx.org/spdx-license-list/license-list-overview#fields) + +where there is especially for identifier: + +#### License or Exception Identifier (aka "SPDX Short Identifier") + +Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere + +- Short identifiers have no spaces in them +- Short identifiers consist of an abbreviation based on a common short name or acronym for the license or exception +- Where applicable, the abbreviation will be followed by a dash and then the version number, in X.Y format +- Where applicable, and if possible, the short identifier should be harmonised with other well-known open source naming sources (i.e., OSI, Fedora, etc.) +- Short identifiers should be as short in length as possible while staying consistent with all other naming criteria + +This lead to expressions like "Apache-2.0" or "GPL-2.0". + +## License Exceptions +As a provisoric handling advise, the exception text shall be combined with the license text as a license entry. This ensures that license and exception appear together in the clearing report. + +Class Path Exception + +Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may + +## Dual Licenses +There is the need to have a dual license text. FOSSology offers the dual license tag for this. The idea is to use this tag also for more than two licenses. + +Consider the following example: + +{{< figure src="/sw360/img/ImagesBasic/dual_license.png" >}} + +The fact that it is "LGPL-3.0+" is confusing for these texts. It should be changed to the following: + +- The License results shall be changed "Dual-License". This is among other things required, to have the obligation to understand that for this component a license must be chosen +- In the acknowledgement, there shall be documented which license decision comes is documented +- For the referring files, also the different other licenses must be added as conclusions, so the texts are printed out. + +## Quick Checklist +- Shortname: No spaces, No slashses, No unserscore or similar spcial charaters, just use dashes +- Consider existing SPDX short names +- Do not use "Or later" but "+" or "-or-later" +- For triple licensing, use prefix "Triple" +- ERASE COMMENT CHARACTERS! also erase prefix spaces at every line +- Preserve paragraphs and line breaks +- Avid markup in the license text except it is part of the licensing + +## Multi (DUAL-) Licensing +- VERY Important, as conclusion, use the FOSSology "Dual-license", please do not consider your own candidate just designating "Dual License" (because OR operators will not work in reporting) +- For Dual License texts use prefix "Dual-" +- For Triple, use "Triple-" (and for more "Quadruple-") +- For Dual Licensing, use alphabetical order to name the licenses +- SPDX provides the rule to have this merged with "OR" (in capital letters) like "Dual-MIT-OR-BSD" + +## Examples for Renaming +| Example Licence Short Name | Corrected Licence Short Name | Remarks | +| --- | --- | --- | +| BSD-3-Clause-Farin Urlaub | BSD-3-Clause-farin-urlaub | no empty spaces | +| GPL-2.0+_Variant Old address | GPL-2.0+-variant-old-address | no underscore | +| --Freeware | Freeware-variant-dumbumchong | no prefix dashes | +| BSD-3-Clause\IBM | ... | do not use slashes (back and forward) | +| Permission Notice Gordon Sumner | HPND-gordon-sumner | consider SPDX shot name "HPND" for permission notice | +| BSD-3-Clause_Ajax.org B.V. | BSD-3-Clause-ajax | | +| BSD-3-Clause_Yahoo! Inc | BSD-3-Clause-yahoo | | +| BSD-2-Clause CISCO | BSD-2-Clause-cisco | | +| --zlib-style | Zlib-variant-01 | This license could be deleted anyway. (no text) | +| woodstock | Woodstok-Reference-Disclaimer | 1. All short names shall begin with capital letter,
2. (not shown), the license text is not a license text actually, but just a reference in a header with disclaimer. | +| Visual Studio SDK license terms | Microsoft-Visual-Studio-SDK-2015 | looking at the text, it is from the 2015 version of the SDK | +| Trip MPL GPL Apache | Triple-Apache-2.0-LGPL-2.1-MPL-1.1 | (looking at the text it was LGPL in fact) | +| --FIPL-1.0 | FIPL-1.0 | Double dash is an old thing coming from mainline ops. Currently there is no similar convention known for FOSSologyNG. | +| Qt License Agreement_CEM | Qt-reference-commercial | In this case, it was reference text only and also only pointing to the commercial licensees only. | +| --Beer-ware-license-CEM01 | `Beerware` | The text says actually revision 42, revision 42 is a joke. It must be checked if the license is already there | +| FundsXpress License | FXL | Either FundsXpress or FXL because the point is to have a short name and thus, it would make sense to shorten it. | +| GFDL - 1.2+ | GFDL-1.2+ | just without spaces please | +| lgpl 2.1 J | LGPL-2.1-header | (was a header in this case, because lic text is already there) What does J mean? - no J needed | +| MIT ! | *do not use candidate licenses* | Actual text was: "This program is made available under the terms of the MIT License." - actually, not a license text! | +| Note | *do not use this with candidates* | Actual text was: "("See [ http://oxyplot.codeplex.com](http://oxyplot.codeplex.com) for more information.")" | +| Permission_Notice_Timothy O'Malley | HPND-omalley | do not use special chars, do use SPDX identfiers | + +## Notice File +The following text is not a license statement nor a reference to licensing but a notice file in the sense of the apache 2.0 license. As such, it is not suitable for being collected as a license. + +`== NOTICE file corresponding to the section 4 d of ==` + +`== the Apache License, Version 2.0, ==` + +`== in this case for the Apache Ant distribution. ==` + + ========================================================================= + +`This product includes software developed by` + + `The Apache Software Foundation` ([ http://www.apache.org](http://www.apache.org/)). + +`This product includes also software developed by :` + + - `the W3C consortium` ([ http://www.w3c.org](http://www.w3c.org)), + - `the SAX project` ([ http://www.saxproject.org](http://www.saxproject.org)) + +`Please read the different LICENSE files present in the root directory of this distribution.` + +## Open Questions +- How to deal with notice files + +(1) [ https://spdx.org/spdx-specification-21-web-version](https://spdx.org/spdx-specification-21-web-version) diff --git a/content/fr/docs/Userguide/BestPractices/workflows.md b/content/fr/docs/Userguide/BestPractices/workflows.md new file mode 100644 index 0000000..2a6380d --- /dev/null +++ b/content/fr/docs/Userguide/BestPractices/workflows.md @@ -0,0 +1,62 @@ +--- +title: "Workflows" +linkTitle: "Workflows" +weight: 20 +oem_ignore: true +description: "SW360 User Workflows" +--- + +This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts. + +### Create Component and Release + +So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases. + +Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component. + +The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process. + +{{< figure src="/sw360/img/workflow/worklfow-adding-component-and-release-to-a-project.png">}} + +### Create a Project + +A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term 'project' is used also for subsuming the term 'product'. + +As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already. + +In the diagram, the "clearing process" is mentioned, because the clearing process affects the software components of a project. The main approach is the following: + +* A project responsible sets up a project with used releases. +* For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology. +* Once analyses for all releases are complete, the "clearing process" is finished for this project. + +A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time: + +* Visibility level +* Project contacts +* Important Dates for the project + +{{< figure src="/sw360/img/workflow/workflow-add-project.png">}} + +### Moderation + +The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request): + +* The creator of a document (document is a project entry, a release entry etc) +* Admins +* Clearing admins +* Moderators of this document +* Other special roles, such as project responsible + +Please see the page [about the Role Authorization Model]({{< ref "../../Development/Dev-Role-Authorisation-Model.md" >}} "Dev Role" ) for more information. + +If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are: + +* The creator of a document (document is a project entry, a release entry etc) +* Admins +* Clearing admins +* Moderators of this document + +The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below. + +{{< figure src="/sw360/img/workflow/workflow-moderation.png">}} diff --git a/content/fr/docs/Userguide/Components.md b/content/fr/docs/Userguide/Components.md new file mode 100644 index 0000000..7dbcf75 --- /dev/null +++ b/content/fr/docs/Userguide/Components.md @@ -0,0 +1,392 @@ +--- +linkTitle: "Components" +title: "Components" +Weight: 4 +--- + +# 2.0 Components + +## 2.01 Introduction + +The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component. + +To open a component page, click **Components** tab from the main menu. +You can find a particular component with Advanced Search, you can also add and edit components in this page. + +{{< figure src="/sw360/img/ImagesBasic/Componentpage/ComponentPage.png" >}} + +|Sl.No.|Description| +|:----:|:----------| +|1| [Advanced Search](#203-component-search)| +|2|[Add Component](#204-add-component)| +|3| [Import SPDX BOM](#207-import-spdx-bom) | +|4| [Export Spreadsheet](#208-export-spreadsheet)| +|5| [Component List](#202-component-list) | + +## 2.02 Component List + +On the component page, you can view all the components that are relevant to you. The components are listed with the following information: +* **Vendor**: Vendor is organization which is selling the component or the community which is hosting the component. +* **Component Name**: All components are listed by their names. +* **Main Licenses**: The list of main licenses available for a component are displayed. +* **Component Type**: Lists all the components by their type. For more information on component types, refer to [A. General Info](#a-general-information). +* **Actions**: You can perform the following actions for a component: + + | Action |Description | + |:--:|:--| + |{{< figure src="/sw360/img/ImagesBasic/Edit_Pen.png" >}} | To edit a component | + |{{< figure src="/sw360/img/ImagesBasic/Delete_Trash.png" >}} | To delete the component from SW360. | + +**NOTE: CLICK ON {{< figure src="/sw360/img/ImagesBasic/SortIcon.png" >}} TO SORT LICENSE INFORMATION ALPHABETICALLY.** + +## 2.03 Component Search + +**Advanced Search** dialogue box is used to search for a particular component. + +1. Search the component with **Component Name** and **Categories**. +2. Search the component with **Component Type**. Select the component type from the drop-down list. For more information on the component types, refer to [A. General Information](#a-general-information). +3. Search components with their coding **Languages**, **Software Platforms**, **Operating Systems**, **Vendors** and **Main Licenses**. +4. Search components with **Created by (Email)**. +5. You can use **Created on** field to search for the components created on specific dates or specific time frames. + +## 2.04 Add Component + +To add a new component, click **Add Component** from the component page, this will redirect you to another page where you can add component summary information. + +### **1. Summary** +#### **A. General Information** + +```NOTE: FIELDS MARKED "*" ARE MANDATORY.``` +![](/sw360/img/ImagesBasic/Componentpage/Component_General_Info.png) + +1. Enter the **Name** of the component you want to create.
+ ```NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.```
+2. Select the **Component Type** from the drop-down list. + - OSS: Open-Source Software + - COTS: Commercial off-the-shelf + - Internal: Internally used + - Inner Source: OSS within a particular organization + - Services: Developed as a service + - Freeware: Software that is available free of cost + - Code snippet: A small code which shows how to accomplish a specific task +3. The field **Created by** is set automatically to the creator/owner of the component. +4. Click on **Default Vendor** field. + * This opens a dialogue box, use the type field to search for the vendors. + * Select the vendors + * Click on **Select Vendor**. +5. When you start typing in the **Categories** field, a list of categories that match are displayed to choose from. +6. Enter the **Homepage URL**, this is the web address for your component. +7. Enter a **Short Description** for your component. +8. Enter the **Blog URL**, this is the web address for the blog of your component. +9. **Modified on** date will be set automatically. +10. Enter the **Wiki URL**, this is web address for the wiki page of your component. +11. **Modified by** will be set automatically. +12. Enter the **Mailing List URL**, this is the web address of the mailing list of your component. + +#### **B. Roles** + +![](/sw360/img/ImagesBasic/Componentpage/Component_Roles.png) + +1. **Component owner** holds the component. Click on the field to select **Component Owner**. + * This opens a dialogue box, use the type field to search for the Component Owner. + * Select the users + * Click on **Select Users**. + + ![](/sw360/img/ImagesBasic/Addproject_5.png) + +2. Select a country from the list to assign as **Owner Country**. +3. Enter the **Owner Accounting Unit**. +4. **Moderator** is the user responsible for the component. Click on the field to select moderators. + * This opens a dialogue box, use the type field to search for the moderator. + * Select the users + * Click on **Select Users**. + +``` NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.``` +1. Enter the **Owner Billing Group**. + + +#### **C. Additional Roles** + +To assign more roles to your project, use **Click to Add Additional Roles**. + +![](/sw360/img/ImagesBasic/additionalroles1.png) + +1. Select the type of **role** from the drop-down list. + * Committer + * Contributor + * Expert +2. Enter **Email address** of the responsible personnel. To add multiple additional roles, repeat the same +procedure. + + ![](/sw360/img/ImagesBasic/Componentpage/Component_Additional_Role2.png) + + +3. To delete an additional role, click on ![](/sw360/img/ImagesBasic/Delete_Trash.png). + + +#### **D. External Ids** + +For more information on how to add an **External ID** for your component, refer to [E. External Ids](1.ProjectPage.md/#e-external-ids). + +#### **E. Additional Data** + +For more information on how to add an **Additional Data** for your component, refer to [F. Additional Data](1.ProjectPage.md/#f-additional-data). + +After all the summary information is filled click on **Create Component**, which redirects you to another page where you can add more component information. Following are the two new sections to be filled: + * **Releases** + * **Attachments** + +### **2. Releases** + +A release is a specific version of a component. To add Release information for your component: + +1. Click on **Releases**. + + ![](/sw360/img/ImagesBasic/Componentpage/Componentreleases.png) + +2. Then click on **Add Releases**. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information
+ * **Summary** + * **Linked Releases** + +#### **A. Summary** + +```NOTE: FIELDS MARKED "*" ARE MANDATORY.``` + +![](/sw360/img/ImagesBasic/Componentpage/Create_Release1.png) + +1. Click on the field to select the **Vendor** for your component. This opens a dialogue box, search and select the vendor and click on **Select Vendor**. +2. Enter the **Programming Languages** used for the release. +3. **Name** for the release will be auto generated from the name given to the component. +4. Enter the **Operating Systems** used for the release. +5. Enter the **Version** for the release. +6. Enter the **CPE (Common Platform Enumeration) ID** for the release. + +![](/sw360/img/ImagesBasic/Componentpage/Create_Release2.png) + +7. Enter the **Software Platforms** for the release. +8. Click on the field **Other License** to set other license information for the release. This opens a dialogue box, search and select the licenses and click on **Select Licenses**. +9. Set **Release Date**. +10. Enter the **Source Code Download URL**. This is the web address from where source code of the release can be downloaded. +11. Click on the field **Main License** to set other license information for the release. This opens a dialogue box, search and select the licenses and click on **Select Licenses**. +12. Enter **Binary Download URL**. This is the web address from where binary of the release can be downloaded. +13. **Clearing state** will be set to "new" by default. +14. Select the value for the **Release Mainline State** from the drop-down list. + * Open: No license clearing + * Mainline: Permissive license with no specific obligations + * Specific: Permissive license with additional obligations with standard obligations + * Phaseout: Not used anymore + * Denied: Not to be used because of a specific reason +15. **Created on** is set automatically. + + ![](/sw360/img/ImagesBasic/Componentpage/Create_Release3.png) + +16. **Created by** is set automatically. +17. **Modified on** is set automatically. +18. Click on the field to select **Contributors**. This opens a dialogue box, search and select the contributors and click on **Select Users**. +19. **Modified by** is set automatically. +20. **Moderator** is the user responsible for the release. Click on the field to select moderators. + * This opens a dialogue box, use the type field to search for the moderator. + * Select the users + * Click on **Select Users**. + +**Additional Roles**, refer to [3. Additional Roles](#3-additional-roles). + +**External Ids**, refer to [4. External Ids](#4-external-ids). + +**Additional Data**, refer to [5. Additional Data](#5-additional-data). + +**Release Repository** + +You can add a release repository URL for your release. To add a release repository: + +1. Select the **Repository Type** from the drop-down list. +2. Enter the **Repository URL**. + + ![](/sw360/img/ImagesBasic/Componentpage/Releaserepository.png)
+ +#### **B. Linked Releases** + +To add linked releases to your release, click on linked releases. For more information, refer to [B. Linking Releases](1.ProjectPage.md/#b-linking-releases). + +Click on **Create Release** to add more information for this release. + +#### **C. Clearing Details** + +Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. +To add clearing information to your release, click on **Clearing Details**. + +![](/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details.png) + + +* Check the boxes for all applicable clearing details. +* Enter the applicable data for **Scanned** and **Clearing Standard**. For e.g., date or specific version of your License Scanner. +* Enter **External URL** for the release. +* Add **Comments**. + +**Request Information** + +![](/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png) + +To request more information regarding the release, follow the procedure: + +* Enter **Request ID** and **Additional request Info**. +* Set **Evaluation Start** and **Evaluation End** date. + +**Supplemental Information** + +![](/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png) + +You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information. + +* Enter **External Supplier Id** and the count of **Vulnerabilities**. + +#### **D. ECC Details** + +```NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.``` + +![](/sw360/img/ImagesBasic/Componentpage/Release_ECC_Details.png) + + +To enter ECC details for a release click on **ECC Details**. + +* Select the **ECC Status** from the drop-down list. + * Open + * In progress + * Approved + * Rejected +* Add **ECC Comment**, if required. +* Enter **Ausfuhrliste**, this is a German ECC number. +* Enter **ECCN** and **Material Index Number**. +* **Assessor Contact Person**, **Assessor Department** and **Assessment date** will be set automatically. + +#### **E. Attachments** + +You can add or modify the attachments to your release. To add attachments, click on **Attachments** on the left. For more information on how to add attachments to the release, refer to [1.06 Edit project](1.ProjectPage.md/#106-edit-project). + +## + +After entering all the release information, click on **Update Release**. + +To delete the release, click on **Delete Release**. + +If you do not want to create a release, click on **Cancel**. + + +## 2.05 Edit Component + +1. Search for the components you want to edit or navigate from the component list. +2. Click on ![](/sw360/img/ImagesBasic/Edit_Pen.png) from the actions column. You can also edit a component by clicking on the component and then clicking on **Edit Component**. +3. You can view summary, releases, and attachment information of the component. +4. Click on **Summary** to edit component summary information. For more information on the fields to edit, refer to [1. Summary](#1-summary). +5. Click on **Releases** to view all the releases that are linked to the component. If you want to add more releases to the component click on **Add Releases** at the bottom of the list. For more information on how to add a release, refer to [2. Releases](#2-releases). +6. Click on **Attachments** to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of [1.06 Edit project](1.ProjectPage.md/#106-edit-project). +7. To update the new component information, click on **Update Component**. +8. To delete the component, click on **Delete Component**. +9. If you do not want to edit the component, click on **Cancel**. + + +## 2.06 View Component + +To open a view mode for a component: + +1. Search for the components you want to edit or navigate from the component list. +2. Click on the component name. +3. You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs. +4. You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode. + +### **A. Merge** + +This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. +To merge a component with another, click on **Merge**. This action will redirect you to another page where you can: + +1. Choose the from the list of components that should be merged into the current one. +2. Merge the data from the source into the target component. +3. Check the merged component and confirm the merge. + +### **B. Split** + +This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely. + +To Split a component, click on **Split**. This action will redirect you to another page where you can: + +1. Choose a target component into which the current component needs to split. +2. Split the data from current component to the target component. +3. Check the split version of the component and confirm the split. + +### **C. Subscribe** + +You can **Subscribe** to a component to get notified with emails when any changes are made to the component. + +To not get notified for a particular component, click **Unsubscribe**. + +### **D. View Component Information** + +You can view component information by navigating the navigation tree. + +1. To view component summary, click on **Summary**. To edit summary information for the component, refer to [2.05 Edit Component](#205-edit-component). +2. Click on **Release Overview** to view all the releases for the component. To edit details for any of the linked releases click on ![](/sw360/img/ImagesBasic/Edit_Pen.png) + from the actions column, this will redirect you to a release view page where you can view the following: + * Release Summary + * Linked Releases + * Clearing Details + * ECC details + * Attachments + * Vulnerabilities + * Change Log + +For more information on these sections, refer to [2. Releases](#2-releases). + +#### **Clearing Details** + +You can view the following clearing information for the release in view mode: +* SPDX Attachments +* Assessment Summary info + +**SPDX Attachments** + +SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release. + +![](/sw360/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png) + +* Click on **Show license info** to view main license Ids and Other license ids. + +![](/sw360/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png) + +* If you want to add this data to the current release, click on **Add data to this release**. + +**Assessment Summary Info** + +You can view if the clearing expert has added any summary in the clearing report. + +* To view the summary, click on **Show Assessment Summary info**. +* If there are multiple approved releases, this section will display text "**multiple approved CLI found in release**". + +#### **Vulnerabilities** + +All the vulnerabilities that are linked to the release/component are listed in the vulnerability section. + +![](/sw360/img/ImagesBasic/Componentpage/Component_Vulnerability.png) + +1. Click on **Vulnerability** on the left to view all the linked vulnerabilities for this release/component. +2. You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions. +3. To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability. + +#### **Change Log** + +You can see all the changes that are done for the release/component in change log section. + +![](/sw360/img/ImagesBasic/Componentpage/Component_ChangeLog.png) + +1. To view all the changes done for the release click on **Change Log**. +2. You can now view change date, change log id, change type and user. +3. Click on ![](/sw360/img/ImagesBasic/Componentpage/Changelog1.png) to view all the changes done for a change log id. +4. Click on ![](/sw360/img/ImagesBasic/Componentpage/Changelog2.png) to view the moderation request details for a change log id. + + +## 2.07 Import SPDX BOM + +For more information on importing SBOM, refer to [1.05 Import SBOM](1.ProjectPage.md/#105-import-sbom). + +## 2.08 Export Spreadsheet + +For more information on exporting spreadsheet, refer to [1.13 Export Spreadsheet](1.ProjectPage.md/#113-export-spreadsheet). \ No newline at end of file diff --git a/content/fr/docs/Userguide/Dependency_network.md b/content/fr/docs/Userguide/Dependency_network.md new file mode 100644 index 0000000..f2b1668 --- /dev/null +++ b/content/fr/docs/Userguide/Dependency_network.md @@ -0,0 +1,163 @@ +--- +linkTitle: "Dependency-Network-Feature" +title: "Dependency Network Feature" +weight: 100 +description: + Dependency-Network-Feature +--- + +# **How to enable this feature** + +To use this function, please: + +1. Build the source code and deploy. + +2. Add config **enable.flexible.project.release.relationship=true** (/etc/sw360/sw360.properties) to enable the feature. + +The following changes will work when **enable.flexible.project.release.relationship=true** only. + +3. Use the migration script (**056_migrate_project_dependency_network.py**) we provided to mograte the database. + + Before you run the script, please change two places in the script: + + (1) Line 30: ```DRY_RUN = True``` -> ```DRY_RUN = False``` + + (2) Line 32: ```COUCHSERVER = 'http://localhost:5984/'``` -> ```COUCHSERVER = 'http://admin:password@localhost:5984/'``` + + ```admin``` and ```password``` should be your username and password for CouchDB. + +# **1. Introduction** + +The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects. + +# **2. How to use?** +This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. +Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well. + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/new_edit_GUI.png" >}} + +## **2.1. The changes of edit project GUI** +In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below: + +#### **a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Add_root_release_button.png" >}} + + +#### **b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png" >}} + +#### **c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png" >}} + +#### **d. The combo box allows the user to modify the version of a dependency.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Select_version_box.png" >}} + + +#### **e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Check_diff_button.png" >}} + + +## **2.3 Rest API changes** + +### New Rest APIs + +**a. 3.3.35. Get a single project with dependencies network** + +The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)): +``` +{ + "name" : "Emerald Web", + "dependencyNetwork": [ + { + "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac", + "releaseLink": [ + { + "releaseId": "3bed97a1c7ac4c32846ef4be985b648c", + "releaseLink": [ + { + "releaseId": "6a8250852362462095c57535294039e4", + "releaseLink": [], + "releaseRelationship": "TO_BE_REPLACED", + "mainlineState": "PHASEOUT", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ], + "releaseRelationship": "INTERNAL_USE", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ], + "releaseRelationship": "STATICALLY_LINKED", + "mainlineState": "MAINLINE", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + }, + { + "releaseId": "f1d860e7576a44798ee3daff57a3a886", + "releaseLink": [], + "releaseRelationship": "OPTIONAL", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ] +} +``` + +**b. 3.3.36. Creating a project with dependencies network** + +If the **dependencyNetwork** field is included in the request body, a dependency network will be registered for the project. + +- Simple example request (modify releaseIds to the existing release ids in sw360): + +``` +{ + "name": "TestProject1", + "dependencyNetwork": [ + { + "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac", + "releaseLink": [ + { + "releaseId": "3bed97a1c7ac4c32846ef4be985b648c", + "releaseLink": [ + ], + "releaseRelationship": "INTERNAL_USE", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ], + "releaseRelationship": "STATICALLY_LINKED", + "mainlineState": "MAINLINE", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + }, + { + "releaseId": "f1d860e7576a44798ee3daff57a3a886", + "releaseLink": [], + "releaseRelationship": "OPTIONAL", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ] +} +``` + +**c. 3.3.37. Update a project with dependencies network** + +Same request body as "Creating a project with dependencies network". diff --git a/content/fr/docs/Userguide/FAQ/index.md b/content/fr/docs/Userguide/FAQ/index.md new file mode 100644 index 0000000..a635dc2 --- /dev/null +++ b/content/fr/docs/Userguide/FAQ/index.md @@ -0,0 +1,48 @@ +--- +title: "SW360 User Frequently Asked Questions" +linkTitle: "FAQ" +weight: 21 +--- + +##### **Q**: Who should be listed as Moderator? + +**A**: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role 'Software Clearing Site Representative'. + +##### **Q**: Who should be listed as Contributor? + +**A**: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors. + +##### **Q**: I have changed a project, component, release or attachment, but SW360 does not show the changes? + +**A**: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called 'Moderation Request' is generated. A Moderator needs to approve your changes. Go to the Home view an check the box 'My Task Submissions', the project, component, or release should be listed there. + +##### **Q**: What should I enter in the field 'Visibility'. + +**A**: Visibility controls which group of people is allowed to see a project. The default setting is 'Everyone', i.e. everyone within an organisation can see the project and all its releases. + +##### **Q**: How can I change the 'Clearing State' of a release? + +**A**: There is no direct way to do it. If there is no clearing report available, the clearing state will be 'New'. If a clearing report available it will be 'Clearing report available'. If at least one clearing report has been approved, the clearing state will be 'Approved'. + +##### **Q**: I can't find a specific release inside my project – what can I do? + +**A**: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release. + +##### **Q**: I can't delete my component called 'Tom's Test Component'. + +**A**: Do not use special characters like single or double quotes. To be able to delete such a component or release you'll first have to rename it… + +##### **Q**: What is Copyleft Effect? + +**A**: **Copyleft** effect is the reverse idea of **copyright**. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that **modified software** must also be free and becomes available to the community. + +##### **Q**: Different Classification of the Open Source Licenses. + +**A**: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them: + +| | License Class | License Name(s) | Risks | Obligations | +| --- | --- | --- | --- | --- | +| | **White Licenses** | MIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done) | **low risk** | Mostly standard obligations: display license text, display copyrights | +| | **Yellow Licenses** | CDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPL | **medium risk** - because of non-standard obligtions in some cases | Display license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses | +| | **Red Licenses** | GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL | **check before use** some special obligation which might be not in line with your lans | Display license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used | +| | **Red Licenses** | SleepyCat, Aladdin Free Public License; Berkeley DB licenses | **really check before use** because of nearly unlimited copy left effect | Before thinking about components licensed under these license, get in contact with your software licensing experts! | diff --git a/content/fr/docs/Userguide/Licenses.md b/content/fr/docs/Userguide/Licenses.md new file mode 100644 index 0000000..9f9beb5 --- /dev/null +++ b/content/fr/docs/Userguide/Licenses.md @@ -0,0 +1,97 @@ +--- +linkTitle: "Licenses" +title: "Licenses" +Weight: 5 +--- + + +# 3.0 Licenses + +## 3.1 Introduction + +A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360. + +To open the License page, click on the **License tab** from the main menu bar. You can also add licenses in this page. + +![](/sw360/img/ImagesBasic/LicensePage/License_Page.png) + +|Sl.No.|Description| +|:----:|:----------| +|1| [Quick Filter](#32-quick-filter)| +|2| [Add License](#34-add-license)| +|3| [Export Spreadsheet, refer to Project Page](1.%20ProjectPage.pdf) | +|4| [License List](#33-license-list) | + +## 3.2 Quick Filter + +You can use the Quick Filter to search for a License. To search for a particular license, use the type field. + +## 3.3 License List + +On the License page you can view all the licenses available in SW360. The licenses are listed with the following information: + +* **License Shortname**: Short name given for the license. +* **License Fullname**: Full name given for the license. +* **Is checked**: This column indicates if the license is checked or unchecked. + + | Symbol | Status| +---------------------------------------------------------|:----:|:----:| + | {{< figure src="/sw360/img/ImagesBasic/Checked.png" >}} | Checked | + | {{< figure src="/sw360/img/ImagesBasic/Unchecked.png" >}} | Unchecked | + +* **License Type**: Type of the License. + +**NOTE: CLICK ON ![](/sw360/img/ImagesBasic/SortIcon.png) TO SORT LICENSE INFORMATION ALPHABETICALLY.** + +## 3.4 Add License + +To add a new License, click on **Add License** on the license page, which redirects you to another page +where you can add License details. + +![](/sw360/img/ImagesBasic/LicensePage/Create_License.png) + +1. Enter **Full Name** of the license you want to add. +2. You can select if the license has an OSI (Open Source Initiative) approval. Select the values for **OSI Approved?** from the drop-down list. + * n/a: Not applicable + * Yes +3. Enter the **License Text**. +4. Enter **Short Name** for the license. +5. You can select if the license is an FSF (Free Software Foundation) license. Select the values for **FSF Free/Libre** from the drop-down list. + * n/a: Not applicable + * Yes +6. Check the box if the license is checked. +7. Select the **License Type** from the drop-down list. +8. Click on **Create License** to create a new license +9. If you do not want to add a license at any point of time, click on **Cancel**. + +## 3.5 View License + +To open a view mode for a license: + +1. Search for the License you want to view or navigate from the License list. Click on the License Shortname. +2. You are now in view mode of the license, and you can view all the details of the license like: + * License Details + * License Text + * Obligation + + ![](/sw360/img/ImagesBasic/LicensePage/View_License.png) + +## 3.6 Edit License + +The **Edit License** option is used to modify license details for existing licenses. To edit a license, follow the below procedure: + +1. Search for the license you want to view or navigate from the License list. Click on the License Shortname. +2. You are now in view mode of the license, click on **Edit License**. + + ![](/sw360/img/ImagesBasic/LicensePage/Edit_License.png) + +3. Modify License Details as required. For more information on the fields, refer to [3.4 Add License](#34-add-license). +4. You can also add license obligations in this view. To add License obligations, click on Linked Obligations. +5. Click on **Add Obligation**, a dialogue box will appear with a list of all the obligations that are available in SW360. +6. Use the search field to select the required obligation and click **Add**. + + ![](/sw360/img/ImagesBasic/LicensePage/Linked_Obligations_2.png) + +7. To delete an obligation that is already linked, click ![](/sw360/img/ImagesBasic/Delete_Trash.png). +8. If you do not want to make changes to the license at any point of time, click on **Cancel**. +9. If you want to delete the license, click on **Delete License**. \ No newline at end of file diff --git a/content/fr/docs/Userguide/Preferrences.md b/content/fr/docs/Userguide/Preferrences.md new file mode 100644 index 0000000..44645f3 --- /dev/null +++ b/content/fr/docs/Userguide/Preferrences.md @@ -0,0 +1,54 @@ +--- +linkTitle: "Preferences" +title: "Preferences" +description: "SW360 Preferences" +Weight: 8 +--- + +# 8. Preferences + +The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. +To open the Preferences page, click on the **Preference** tab from the main menu. + +![](/sw360/img/ImagesBasic/Preferences%20Page/Preferences_Page.png) + +|Sl.No.|Description| +|:----:|:----------| +|1| [Email Notification Preferences](#82-email-notification-preferences)| +|2|[SW360 User Information](#81-sw360-user-information)| +|3| [REST API Token ](#83-rest-api-tokens) | + +## 8.1 SW360 User Information + +On the **SW360 User** section you can view the following information: + +* **Name** +* **E-mail** +* **Primary Department** +* **External ID**: This is your organization ID. +* **Primary Department Role**: This is the role you are assigned in SW360. +* **Secondary Departments and Roles**: Any other roles which are assigned. + +## 8.2 Email Notification preferences + +To modify your email notifications, follow the procedure: + +![](/sw360/img/ImagesBasic/Preferences%20Page/Edit_email_preferences.png) + +1. Check the **Enable E-mail notifications** box which activates Email notifications. +2. Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the **Project** section. This section will display an expanded view of the available roles. +3. Select the roles that you want to be notified. +4. You can repeat the above procedure for other sections, i.e., **Component**, **Release**, **Moderation** and, **Clearing**. +5. Click on **Update Settings** to update the changes done. + +## 8.3 REST API Tokens + +REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated. + +You can generate a REST API token for read access, by following the procedure: +1. Enter a token **Name**. +2. Check the **Authorities** box if you wish to give read access. +3. Set an **Expiration Date** for the token. +4. Click on **Generate Token**. + +![](/sw360/img/ImagesBasic/Preferences%20Page/REST_API_TOKENS.png) \ No newline at end of file diff --git a/content/fr/docs/Userguide/Project.md b/content/fr/docs/Userguide/Project.md new file mode 100644 index 0000000..f7b9fa2 --- /dev/null +++ b/content/fr/docs/Userguide/Project.md @@ -0,0 +1,567 @@ +--- +linkTitle: "Project" +title: "Project" +Weight: 3 +--- + +# 1.0 Project Page + +## 1.01 Introduction + +Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Projectpage.png" >}} + +|Sl.No.|Description| +|:----:|:----------| +|1| [Advanced Search](#103-project-search)| +|2|[Add Project](#104-add-project)| +|3| [Import SPDX BOM](#105-import-sbom) | +|4| [Export Spreadsheet](#113-export-spreadsheet)| +|5| [Project List](#102-project-list) | + +## 1.02 Project List +The Project List lists all the relevant projects with the following information: +* **Project name**: All the projects are listed with their names. +* **Description**: The description for the project is displayed here. +* **Project responsible**: The email address of the person responsible for the project is displayed. +* **State**: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors. + + | Color | Project State (PS) | Project Clearing State (CS) | + |-----:|:------------------|:------------------| + | **Green** | Active |Closed | + | **Yellow** |Not Applicable | In-progress | + | **Red** | Open | Open | + | **Grey** | Phase out/ Unknown |Not Applicable | + +* **License Clearing** displays the clearing states for releases for the project including sub projects. +* **Actions**: you can perform the following actions for a project: + + | Action | Description | + |:--:|:-- | + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png" >}}| To edit a Project | + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png" >}} | To create clearing request the OSS clearing team | + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png" >}}| To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.| + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}| To delete the project from SW360. | + +**NOTE: CLICK ON {{< figure src="/sw360/img/ImagesBasic/Project_Page/SortIcon.png" >}} TO SORT LICENSE INFORMATION ALPHABETICALLY.** + +## 1.03 Project Search + +**Advanced search** dialogue box allows you to search for a particular project. To search for a project follow the procedure: + +1. Enter the **Project name** and **Version** of the project that you want to search. +2. Select the **Project Type** from the drop-down list. For more information regarding the project type, refer to paragraph 4. of [General Information](#a-general-information). +3. Search the project by **Project Responsible** email. +4. Search projects by their **Group**, select the group from the drop-down list.
```NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.``` +5. Search projects by their project **State**, select the options available from the drop-down list. For more information regarding project state, refer to [1.02 Project List](#102-project-list). +6. You can search the projects by their **Clearing State**, select the options available from the drop-down list. For more information regarding project state, refer to [1.02 Project List](#102-project-list). +7. You can search projects by their **Tags**. If there are multiple tags that you want to search, use a comma to separate. +8. You can search projects by **Additional Data**. + +## 1.04 Add Project + +To add a new project, click on the **Add Project** on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information: +- **Summary** +- **Administration** +- **Linked Releases and Projects** + +### **1.** **Summary** + +#### **A.** **General Information** + +```NOTE: FIELDS MARKED "*" ARE MANDATORY``` + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectGeneralInfo%20(1).png" >}} + +1. Enter the **Name** of the project you want to create. +2. The field **Created by** is set automatically to the creator/owner of the project. +3. **Version** of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required. +4. Select the **Project Type** from the drop-down list. + - Customer: Delivered to the customer + - Internal: Internally used but can also be used in other projects as a sub-project + - Product: Developed as a product and delivered to the customer + - Services: Developed as a service and delivered to the customer + - Inner Source: OSS within a particular organization + +5. **Project Visibility** describes if the project is visible to all or only selected personnel. The default is set to "everyone", you can select the project visibility from the drop-down list. + - Private: Only visible to creator or admin + - Me and Moderators: Visible to creator, moderators and admins + - Group and Moderators: Visible to all users of the same group and the moderators + - Everyone: All logged in users + +6. **Tags** are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project. +7. Check or uncheck the following fields as required: + * **Enable Security Vulnerability Monitoring** (activated only if security responsible are added), refer to [C. Roles](#c-roles). + * **Do not create monitoring list**, but use from the external id, refer to [E. External IDs](#e-external-ids). + * **Enable Displaying Vulnerabilities** if you want the vulnerabilities to be visible. + +8. **Modified on** date will be set automatically on creating the project. +9. **Description**: You can enter details of your project. +10. **Modified by** will be set automatically. +11. Select the **Domain** for your project from the drop-down list. + * Application software + * Documentation + * Embedded Software + * Hardware + * Test and diagnostics +12. Click on the field to select the **Vendor** for your project. + * This opens a dialogue box, use the type field to search for the vendors. + * Select the vendors + * Click on **Add Vendor**. + +#### **B. External URLs** + +Click on **Click to add row to external URLs** to add URLs of your project.
+ {{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL1.png" >}} + +1. Select **External URL Key** from the drop-down list. + * Homepage: Link for homepage + * Wiki page: Link for wiki page + * Clearing: +2. Enter **External URL Value**. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.
+ {{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL2.png" >}} + +3. To delete an external URL, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **C. Roles** + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectRoles.png" >}} + +1. **Group** is the department you/project owner belongs to. Click on the group field to select a **Group** for your project. + * This opens a dialogue box, use the type field to search for the group. + * Select the group. + * Click on **Select** + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Addproject4.png" >}} + +2. Enter the **Owners Accounting Unit**. + +3. Project manager is the user who manages the project. Click on the field to select **Project Manager**. + * This opens a dialogue box, use the type field to search for the Project Manager. + * Select the Users. + * Click on **Select Users**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Addproject_5.png" >}} + +4. Enter the **Owners Billing Group**. +5. **Project Owner** holds the project. Click on the field to select **Project Owner**. + * This opens a dialogue box, use the type field to search for the Project Owner. + * Select the Users. + * Click on **Select Users**. +6. Select the **Owner Country** from the drop-down list. +7. **Security responsible** is the list of users responsible for the security of the project. Click on the field to select **Security responsible**. + * This opens a dialogue box, use the type field to search for the Security responsible. + * Select the Users + * Click on **Select Users**. +8. Click on the field to select **Lead Architect**. + * This opens a dialogue box, use the type field to search for the Lead Architect. + * Select the Users. + * Click on **Select Users**. +9. **Moderator** is the user responsible for the project. Click on the field to select moderators. + * This opens a dialogue box, use the type field to search for the Moderators. + * Select the Users. + * Click on **Select Users**. +10. Click on the field to select **Contributors**. + * This opens a dialogue box, use the type field to search for the Contributors. + * Select the Users. + * Click on **Select Users**. + + +#### **D. Additional Roles** + +To assign more roles to your project, use **Click to Add Additional Roles**. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/additionalroles1.png" >}} + +1. Select the type of **Role** from the drop-down list. + * Stakeholder + * Analyst + * Contributor + * Accountant + * End user + * Quality manager + * Test Manager + * Technical writer + * Key user +2. Enter **Email address** of the responsible personnel. To add multiple additional roles, repeat the same procedure. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/additionalroles2.png" >}} + +3. To delete an additional role, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **E. External Ids** + +Click on **Click to add row to External Ids** to add external Ids to your project. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Project_external_ID_1.png" >}} + +1. Click on field to enter **External Id Key** and select from the drop-down list. +2. Enter **External Id Value**. To add multiple external Ids, repeat the same procedure. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Project_external_ID_2.png" >}} + +1. To delete an External Id, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **F. Additional Data** + +You can add data keys and corresponding data values for your project. + +To add more additional data keys, click on **Click to add rows to additional data**. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Additional_data_1.png" >}} + +1. Enter **additional data key**. +2. Enter **additional data value**. To add multiple additional data, repeat the same procedure. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Additional_data_2.png" >}}. + +3. To delete an additional data, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +### **2.** **Administration**
+Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on "Administration", use navigation section.
+ +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectAdministration.png" >}} + +#### **A.** **Clearing information** + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Clearing_Information.png" >}} + +To add clearing information for your project: + +1. Select the values for **Project Clearing State** from the drop-down list. + * Open Project + * In progress + * Closed +2. Clearing team is responsible for project clearing. To assign a clearing team, select the values for **Clearing team** from the drop-down list. +3. Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set **Deadline for pre-evaluation** date. +4. Following information should be entered manually: + - **Clearing summary**: Overview of the clearing for the project management. + - **Special risk open source software**: Risks which occur out from usage of specific OSS components. + - **General risk 3rd party software**: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements. + - **Special risk 3rd party software**: Specific risks which occur by using specific projects, including commercial projects. + - **Sales and delivery channels**: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses. + - **Remarks and additional requirements**: Any additional relevant requirement. + + ```NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.``` + +#### **B.** **Lifecycle information** + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectLifecycle.png" >}} + +To add lifecycle information for your project: + +1. Select the values for **Project state** from the drop-down list. + * Active + * Phase-out + * Unknown +2. Set **System test begin** and **System test end** dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases. +3. Set **Delivery start** and **Phase out** dates. After the phase out date, maintenance is not required for the project. + + ```NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.``` + +#### **C.** **License Info Header** + +The license info header can be set as a default header. However, you can edit this field as required. + +### **3.** **Linked Releases and Projects** + +You can link other projects and releases to the project that you are adding. Click on **Linked Releases and Projects**, use navigation section. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png" >}} + + +#### **A.** **Linking Projects** + +To add existing projects as a sub-project: + +1. Click on **Add Projects**, this action opens a dialogue box. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png" >}} + +2. Search and select the projects which you would like to link. +3. Click on **Link Projects**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png" >}} + +4. After the project is linked, you can select the **Project Relation** for your sub-project from the drop-down list. + * Sub-project + * Duplicate + * Unknown + * Related +5. Check or uncheck **Enable SVM** as required. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_3.png" >}} + +6. To link multiple projects, repeat the same procedure. +7. To delete a linked project, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **B.** **Linking releases** + +To add releases to your project: + +1. Click on **Add Releases**, this action opens a dialogue box. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Link_release_1.png" >}} + +2. **Search** for the releases which you want to link or click on **Releases of linked projects** to view all the releases which are linked to the project. +3. Select all the releases which you want to link and click on **Link releases**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Link_release_2.png" >}} + +4. After the release is linked, you can select the value for the **Release relation** from the drop-down list. + * Unknown + * Contained + * Related + * Dynamically linked + * Statically linked + * Side by side + * Standalone + * Internal Use + * Optional + * To be replaced + * Code snippet +5. Select the value for the **Release Mainline State** from the drop-down list. + * Open + * Mainline + * Specific + * Phaseout + * Denied +6. Add **Comments**, if required. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Link_release_3.png" >}} + +7. To link multiple releases/components, repeat the same procedure. +8. To delete a linked release, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +After all the information for the new project is filled out. Click on "**Create Project**" at the top. + +If you do not want to create a project on any point of time, click on "**Cancel**" at the top. + +## 1.05 Import SBOM + +SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM: + +1. Click on **Import SBOM** on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM). +2. Drag and drop the file from your local system to the dialogue box or click on **Browse File** and select the file you want to import. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/ImportSBOM.png" >}} + + ```NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.```
+3. After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created. + +## 1.06 Edit Project + +You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure: + +1. Search for the projects you want to edit or navigate from the project list. +2. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png" >}} from the actions column. You can also edit a project by clicking on the project and click on **Edit Project**. +3. Change the data for the project as required. For more information, refer to [1.04 Add Project](#104-add-project). +4. In this view, you can also add attachments for the project in this view, click on **Attachments**, use navigation section.
+ {{< figure src="/sw360/img/ImagesBasic/Project_Page/EditProject_Attachments.png" >}}
+ * Click on **Add Attachment**, this action opens a dialogue box.
+ * Browse and select the files which you want to upload or drag and drop them into the area.
+ * Click on **Upload**.
+ * Select the type of file from the drop-down list.
+ * Select the status from the drop-down list.
+ * If required, add **comments**
+ + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Attachment_2.png" >}} + + * To delete an attachment, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}.
+5. After you modify the required fields, click on "**Update Project**". +6. To delete the project, click on "**Delete Project**". +7. To cancel any changes that you made click on "**Cancel**". + +## 1.07 Duplicate a Project + +Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project: + +1. Search for the projects you want to duplicate or navigate from the project list. +2. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png" >}} from the actions column to duplicate the project. +3. Modify the data for the duplicate project as required. For more information, refer to [1.04 Add Project](#104-add-project). +4. Click on "**Create Project**" after all changes are made. +5. To cancel any changes that you made click on "**Cancel**". + +## 1.08 Deleting a Project + +You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure: + +```WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.``` + +1. Search for the projects you want to delete or navigate from the project list. +2. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}} from the actions column to delete the project. +3. The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting. +4. Click on **Delete Project**. +5. To cancel any changes that you made click on **Cancel**.
+ + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Deleteproject1.png" >}} + + +## 1.09 Linking A Project + +There are multiple ways that you can link a project to another. + +### **A. Linking to a parent project** + +1. Search for the projects you want to link or navigate from the project list. Click on the required project. +2. This will display the view mode of the selected project. Click on "**Link Projects**" on the top. This will open a dialogue box to search for the projects. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png" >}} + +3. Search for the projects which you want to link. +4. Select the projects and click on **Link Projects**. +5. Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the **click here to edit the project relation** on the green prompt. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linking_project.png" >}} + +6. Again, the project opens up in edit mode. +7. Modify the project details as required for the linked project. Refer to [Link Projects](#a-linking-projects). +8. Click on **"Update Project"** to save your changes. + +### **B. Linking a child project** + +To add child projects to a parent project, refer to [3. Linked Releases and Projects](#3-linked-releases-and-projects). + +## 1.10 Linking Components or Releases + +You can directly link a component or release to a parent project, refer to [3. Linked Releases and Projects](#3-linked-releases-and-projects). + +### **A. Link Component** + +You can also link a component to a project while editing a project. + +1. Search for the projects you want to delete or navigate from the project list. Click on the required project. +2. This will display the view mode of the selected project, click on **license clearing**, use navigation section. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/LicenseClearing_1.png" >}} + +3. Select the component/release from the list displayed. After which, which redirects you to its component page. +4. Click on "**Link to Projects**" to link this release/component to a project. This will open a dialogue box to search for the projects. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png" >}} + +5. If you want to view the projects which are already linked to the components/release, check the box for **show already linked projects**. +6. Select the project which you want to link the component / release to and then click on **link to project**. + + + +## 1.11 Security Vulnerability tracking for Projects + +You can view all the security vulnerabilities for your project. To view vulnerability tracking status: + +1. Search for the projects or navigate from the project list. Click on the required project. +2. This will display the view mode of the selected project, click on **Vulnerability Tracking Status**. +3. Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the "security responsible" is assigned. Refer to paragraphs [C. Roles](#c-roles). +4. You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/SVM_Tracking.png" >}} + +5. To view all the listed vulnerabilities for sub-projects of the parent project click on **Vulnerabilities**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/SVM_Tracking_2.png" >}} + +6. If you want to view the complete data for a vulnerability, refer to [5. Vulnerability](../New%20Userguide/5.%20Vulnerabilities.pdf). + +## 1.12 Clearing Requests + +Each project needs license clearing and it is a project level activity. + +### **A. Create Clearing Requests** + +To create a clearing request: + +1. Search for the projects or navigate from the project list. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png" >}} or, +2. Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on **License Clearing**, use navigation section. +3. Click on **Create Clearing Request**, a dialogue box will appear. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Create_clearing_request.png" >}} + +4. Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on **Select Users**. +5. Select the **Preferred Clearing Date**. +6. If required, add **Comments**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/License_Clearing_request.png" >}} + +7. Click on "**Create Request**". +8. To cancel any changes that you made click on **Cancel**. + +### **B. View Clearing Requests** + +You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure: + +1. Search for the projects or navigate from the project list. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png" >}} or, +2. Click on the required project. +3. Select **License Clearing**, use navigation section. +4. Click on **View Clearing Request**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/View_Clearing_request.png" >}} + +5. A new dialogue box with the clearing request information will be displayed. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png" >}} + + +### **C. Edit Clearing Requests** + +For more information on how to edit the existing clearing requests, refer to [6. Requests](../New%20Userguide/6.%20Requests.pdf). + +## 1.13 Export Spreadsheet + +You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group "SHS". + +1. Go to project home page. +2. If required, you can filter the projects using the advanced search options. Refer to [1.02 Project Search](#103-project-search). +3. After the search gives a result, click on **Export Spreadsheet** and select the option from the drop-down list. + * Projects only + * Projects with linked releases +4. A file will now be downloaded to your local system with the required information. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Export_spreadsheet.png" >}} + + +```NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.``` + +## 1.14 Generate License Info + +You can generate a read me OSS file of all the license information for a project. To generate license information: + +1. Search for the projects or navigate from the project list. Click on the required project. +2. Select **License Clearing**, use navigation section. +3. The page displays the list of all the releases listed and their respective release clearing state in the ***state*** column. Each of the releases has license information in the form of CLI files. You can view this information in the ***main licenses*** or ***other licenses*** column. +Generating a license info will create a read me OSS document combining all the licenses. +4. Click on **Generate license info** and select the options from the drop-down list. + * Project only + * Project with sub project + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Generate_license_info.png" >}} + +5. After your selection, you are redirected to another page where you can further modify the output of the license information. +6. Select **Show all** to view all the license information or **Only Approved** to view approved licenses. +7. Select which CLI you want to publish the information from the list displayed below. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Generate_license_info_2%20.png" >}} + +8. Click on **Download**. A new Dialogue box will appear asking for your preferences. +9. Check the required boxes and select an output format. +10. Click on **Download** to get a Readme.OSS file. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Generate_license_info_3.png" >}} + +## 1.15 Generate Source Code Bundle + +Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle: + +1. To select the project, use the search option or navigate from the project list and click on it. +2. Select **License Clearing**, use navigation section. +3. The window shows a list of all the releases listed. Click on **Generate Source Code Bundle** and select the option from the drop-down list. + * Project only + * Project with sub project + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Source_code_1.png" >}} + +4. After you select, you are redirected to another page which lists all the source code information. +5. Select the required source code and click **Download**. +6. A combined zip file comprising of all the select source code will be downloaded. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Source_code_2.png" >}} \ No newline at end of file diff --git a/content/fr/docs/Userguide/Requests.md b/content/fr/docs/Userguide/Requests.md new file mode 100644 index 0000000..4abf201 --- /dev/null +++ b/content/fr/docs/Userguide/Requests.md @@ -0,0 +1,190 @@ +--- +linkTitle: "Requests" +title: "Requests" +Weight: 6 +--- + + +# 6. Requests + + +Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests: + +1. Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page.
+ * My Task Assignments: Moderation requests that are pending for your approval. + * My Task Submissions: Moderation requests that are created by you. +2. Clearing Request: For more information on clearing requests, refer to [1.12 Clearing Requests, Project Page](1.%20ProjectPage.pdf). + + +To open the Requests page, click on the **Requests tab** from the main menu. + +![](/sw360/img/ImagesBasic/Request_Page/Request_Page.png) + +|Sl.No.|Description| +|:----:|:----------| +|1| [Moderation Requests](#61-moderation-requests) or [Clearing Requests](#62-clearing-request)| +|2|[Search Moderation Requests](#1-search-moderation-requests) or [Search Clearing Request](#2-search-clearing-requests)| +|3| [Moderation Request List](#1-moderation-request-list) or [Clearing Request List](#1-clearing-requests-list)| +## 6.1 Moderation Requests + +### 1. Moderation Request list + +Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. +Moderation requests are further categorized into two types: +* **Open Moderation Requests**: The moderation requests which are pending for approval. To view the list of open requests, click **Open Moderation Requests**. +* **Closed Moderation Requests**: The moderation requests which are approved. To view the list of closed requests, click **Closed Moderation Requests**. + +![](/sw360/img/ImagesBasic/Request_Page/Moderation_Requests.png) + +The moderation requests are listed with the following information: +* **Date**: Date of the creation of the request. +* **Type**: The document type for the moderation request created. +* **Document Name**: Name of the document (Project/Component/Release). +* **Requesting User**: Email Id of the user who created the moderation request. +* **Department**: Department of the requesting user. +* **Moderators**: List of the moderators for that project/component/release. +* **State**: State (In Progress/Pending/Approved/Rejected) of the moderation request. +* **Actions** + +**NOTE: USE ![](/sw360/img/ImagesBasic/SortIcon.png) TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.** + +### 1. Search Moderation Requests + +1. Search with **Date** the request was created. +2. Search the request with the document **Type** and select from the drop-down list. + * OSS + * COTS + * Internal + * Inner Source + * Service + * Freeware + * Code Snippet +3. Search the request with **Document Name**. +4. Search the request with **Requesting User**. +5. Search the request with **Department**. +6. Search the request with **State** and select from the drop-down list. + * Approved + * Pending + * Rejected + * In Progress + +### 3. Edit Moderation Requests + +To edit a moderation request, click on **Open Moderation Request / Closed Moderation Request** on the request page. +1. Search for the request you want to edit or navigate from the request list. +2. Click on the request you want to edit. You will now be redirected to another page with details of the request. +3. You can view the following moderation request information: + * Requesting user + * Submitted on + * Comment from the requested user + * Status of the request + * Moderator assigned + * Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes. + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request.png) + + +4. Click on **Proposed Changes** to view: + * Field name the changes are requested for + * Current Value of the field + * Former Value of the field + * Suggested Value for the field + * Attachments, if added + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png) + +5. To preview the current document, click on **Current Release/Current Project**. + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png) + +6. To accept the changes of the moderation request, click on **Accept Request**. +7. To reject changes for the moderation request, click on **Decline Request**. +8. To postpone a moderation request, click on **Postpone request**. +9. If you do not want to be a moderator for this request, click on **Remove Me from Moderators**. +10. If you do not want to make changes at any point of time, click on **Cancel**. + + +## 6.2 Clearing Request + + +### 1. Clearing Requests list + +Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types. + +* **Open Clearing Requests**: The clearing requests which are pending approval. To view the list of open requests, click **Open Clearing Requests**. +* **Closed Clearing Requests**: The clearing requests which are approved. To view the list of closed requests, click **Closed Clearing Requests**. + +![](/sw360/img/ImagesBasic/Request_Page/Clearing_Requests.png) + +The clearing requests are listed with the following information: + +* **Request Id**: Request ID number of the clearing request. +* **BA/BL Group**: +* **Project**: Name of the project the clearing request belongs to. +* **Status**: Status of the clearing request, rejected or closed. +* **Requesting User**: Username of the user who created the clearing request. +* **Clearing Team**: Person responsible for the approval of the clearing request. +* **Created on**: Creation date of the clearing request. +* **Preferred Clearing Date**: The proposed date of completion of clearing request. +* **Agreed Clearing Date**: The agreed date of completion for clearing request. +* **Request Closed on**: The actual date the clearing request is closed. +* **Clearing Progress** (Only applicable for open clearing requests) +* **Actions**: Click on ![](/sw360/img/ImagesBasic/Request_Page/Images/Edit_Pen.png) to edit the clearing request. + +**NOTE: USE ![](/sw360/img/ImagesBasic/Request_Page/Images/SortIcon.png) TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.** + +### 2. Search Clearing Requests: + +1. Search the request with **Select date type and range**. +2. Search the request with **Priority** and select from the drop-down list. + * Low + * Medium + * High + * Critical +3. Search the request with **BA BL group**. +4. Search the request with **Status** and select from the drop-down list. + * New + * Accepted + * In Queue + * In Progress + * Awaiting Response + +### 3. Edit Clearing Requests + +To edit a clearing request, click on **Open Clearing Request / Closed Clearing Request** on the request page. +1. Search for the request you want to edit or navigate from the request list. +2. You can also use **Quick Filter** to search for a request. +3. Click on the request you want to edit, this will redirect you to another page with details of the request. +4. To modify the clearing request, click on **Edit Request**. +5. You can view the following **clearing request information for the project**: + * Requesting User + * Created On + * Preferred Clearing Date + * Business Area/Line + * Requester Comment + * Clearing + * Request Status: You can modify the request status as required. Select the required value from the drop-down list. + * New + * Accepted + * Rejected + * In Queue + * In Progress + * Closed + * Awaiting Response + * Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. + * Low: Clearing date is greater than 4 weeks + * Medium: Clearing time is less than 2-4 weeks + * High: Clearing time is less than 2 weeks + * Critical: Clearing time is less than 1 week
+ ``` NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.``` + * Clearing team: Click on the field to select the **Clearing Team** for the request. This opens a dialogue box, search and select the clearing expert and click on **Select Users**. + * Agreed Clearing Date: Click on the field to set the clearing date + * Last Updated on + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png) +6. Click on **Clearing request comments** to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click **Add Comment**. + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png) + +7. After making the changes, click on **Update Request**. +8. If you do not want to make changes at any point of time, click on **Cancel**. diff --git a/content/fr/docs/Userguide/SPDX_document.md b/content/fr/docs/Userguide/SPDX_document.md new file mode 100644 index 0000000..11f19d7 --- /dev/null +++ b/content/fr/docs/Userguide/SPDX_document.md @@ -0,0 +1,80 @@ +--- +linkTitle: "SPDX Document" +title: "SPDX Document" +weight: 100 +description: + SPDX Document +--- + +# **How to enable this feature** + +To use this function, please: + +1. Build the source code and deploy. + +2. Add config **spdx.document.enabled = true** (/etc/sw360/sw360.properties) to enable the feature. + +The following changes will work when **spdx.document.enabled = true** only. + +# **1. Introduction** + +SPDX Document manages Document Creation Information, Package Information, Other Licensing Information Detected, Relationships between SPDX Elements, Annotations + +# **2. How to use?** +**1. File Test Import**: https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf + +**2. Import SPDX in Page Component** + +#### Import + +- Support RDF/XML, SPDX. +- Import all Packages in the SPDX file (main package and dependent packages) +- Import relationships related to Packages and SPDX Documents (relationships related to File and Snippet are not imported) + + +#### Steps +1. Go to component page +2. Click "Import SPDX BOM" button +3. Upload SPDXRdfExample-v2.3.spdx.rdf + +#### Validate + +- "Apache Commons Lang", "glibc", "Jena" and "Saxon" components were created +- "glibc (2.11.1)", "Saxon(8.8)" and " Jena (3.12.0) " releases were created +- Tab SPDX Document exits in release glibc (2.11.1), Jena (3.12.0) and Saxon (8.8) + +#### Result + +##### Tab SPDX Document - Full Page of Release Glibc(2.11.1) + +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Glibc.png" >}} + +##### Tab SPDX Document - Lite Page of Release Glibc(2.11.1) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Glibc(2.11.1).png" >}} + + +##### Tab SPDX Document - Full Page of Release Jena (3.12.0) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Jena_(3.12.0).png" >}} + +##### Tab SPDX Document - Lite Page of Release Jena (3.12.0) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Jena_(3.12.0).png" >}} + + +##### Tab SPDX Document - Full Page of Release Saxon (8.8) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Saxon_(8.8).png" >}} + +##### Tab SPDX Document - Lite Page of Release Saxon (8.8) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Saxon_(8.8).png" >}} + + +**3. Feature: Edit , Add tab SPDX Document in Release** + +##### Edit tab SPDX Document - Full Page +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Full_Page.png" >}} + +##### Edit tab SPDX Document - Lite Page +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Lite_Page.png" >}} + + +##### Add tab SPDX Document +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Add_tab_SPDX_Document.png" >}} diff --git a/content/fr/docs/Userguide/SW360 Homepage.md b/content/fr/docs/Userguide/SW360 Homepage.md new file mode 100644 index 0000000..3b5e521 --- /dev/null +++ b/content/fr/docs/Userguide/SW360 Homepage.md @@ -0,0 +1,36 @@ +--- +linkTitle: "Home Page" +title: "Home Page" +Weight: 2 +--- + +# Home Page + +The private area of the home page contains an overview of projects and components which are specific to you and other general information. + +{{< figure src="/sw360/img/ImagesBasic/Home_Page.png" >}} + +| Sl.No | Name | Description | +|:-----:| :-----------|:------------| +| 1 | Main Menu | Main menu consists primarily of the various tasks you can perform.| +| 2 | My Projects | Displays the list of projects for a specific role or clearing state. | +| 3 | My Task Assignments | Displays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.| +| 4 | My Components | Displays the list of components that are created by you. | +| 5 | My Task Submissions | These are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator. | +| 6 | Search Bar | You can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release. | +| 7 | My Profile | You can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:
- **My sites**, will redirect you to a page where you can view all the sites you have opened in the past.
- **My profile**, will redirect you to a page where you can view your vcard.
- **My dashboard**, will redirect you to a page where you can view summary of your profile.
- **Notifications**, will redirect you to a page where you can view all the latest updates.
- **Shared content**, will redirect you to a page where you can view all the shared content which are shared with you or shared by you.
- **My submissions**, will redirect you to a page where you can view all of your submissions.
- **My workflow tasks**, will redirect you to a page where you can view the tasks which are assined to you or your roles.
- **Account settings**, will redirect you to a page where you can modify **general information**, **passwords**, **addresses and contact** information and **alert preferences** as needed.
- **My connected applications**, will redirect you to a page where you can view connected applications.
- **My organization**, will redirect you to a page where you can view your organization information.
- You can sign out of SW360 using **sign out** option. | +| 8 | My Subscriptions | Displays a list of various components and releases you have subscribed to.
``` NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.```| +| 9 | Recent Components | Displays a list of recent components which are added to SW360.| +| 10 | Recent Releases | Displays a list of recent releases which are added to SW360. | + + + + + + + + + + + + diff --git a/content/fr/docs/Userguide/Search.md b/content/fr/docs/Userguide/Search.md new file mode 100644 index 0000000..0ea29de --- /dev/null +++ b/content/fr/docs/Userguide/Search.md @@ -0,0 +1,27 @@ +--- +linkTitle: "Search" +title: "Search" +Weight: 7 +--- + + +# 7. Search + +On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360. + + +![](/sw360/img/ImagesBasic/Search_Page.png) + + +To search for a particular (object), click on Search tab and follow the procedure: + +1. Type the **keyword** in the text field. +2. The checkbox in **Restrict To Type** allows you to further restrict your search to a specific (object), you can choose to restrict the **type** to projects, components, licenses etc. +3. Click on **Search** to get the search results +4. Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page. + +### Wildcards + +The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use '?' and for multiple character wildcard he can use '*'. The Wildcard can stand in the middle of characters or at the end, but not at the beginning. + + diff --git a/content/fr/docs/Userguide/_index.md b/content/fr/docs/Userguide/_index.md new file mode 100644 index 0000000..00b5b92 --- /dev/null +++ b/content/fr/docs/Userguide/_index.md @@ -0,0 +1,106 @@ +--- +title: "User Guides" +linkTitle: "User Guides" +weight: 10 +icon: fas fa-users +description: This guide provides an overview of SW360 and how to get started with using it. It covers the basic usage, and tips for configuring SW360 to work with your software development tools. +--- + +# SW360 INTRODUCTION +SW360 is a comprehensive software catalogue application that helps organizations manage their software components and licenses effectively. This application provides detailed information about the software components used in various projects, including their licenses, clearing information, and other relevant data. With SW360, organizations can easily track and manage the software components used in their projects, ensuring compliance with licensing requirements and minimizing legal risks. + +SW360 can also be used with the license scanner, "FOSSology" which provides license clearing, which is then integrated into the workflows. SW360 integrates software artifacts and projects into the related existing infrastructures. SW360 also provides backend services for distinct tasks and a set of portlets to access these services. + +Use case areas: +- Handling project information where open-source software components and other third-party software are used. +- SBOM (Software Bill Of Materials ) Management. +- Handling component information and its associated processess. E.g.: name, vendor, version, ECCN information, license compliance information. +- Handling license information. E.g., obligations, license texts, etc. +- Collecting security vulnerability management information and matching them with components stored in component services +- Compiling and creating all license related documentation. E.g., Readme, source code bundle, that are supported by workflows. + +## SW360 Functionality + +With SW360 you can: +- Manage your components and projects +- Send source packages to the license scanner, FOSSology +- Reuse cleared components and release for projects +- Import cleared components with reports and other documents +- Browse licenses and their obligations + +## Data Model + +### **Project** + +Projects can be products, platforms, any kind of "SW bill of material (BOM)", etc, that manages a list of 3rd party components. Projects are created for a product, service, inner source, customer project or an internal project. Project types are software only, system, platform or Cloud service. + +### **Components** + +A component is a SW component with metadata. The versions of this component are linked as releases. It is a catalogue to register a component type (OSS/ COTS/ Freeware/ code snippet / Service) from a specific vendor or open-source community. For e.g., Commons by Apache, Windows server 2019 by Microsoft etc. + +### **Release** + +A release refers to a particular version of a software component that has been made available for use. It points to a stable and functional iteration of the component. Releases can include bug fixes, new features, and updates to improve the component's overall performance and user experience. + +### **Vendor** + +SW360 can be used to manage components and licenses from various vendors, including open source and proprietary software vendors. Vendor can be different from a component or releases. Vendors can be added to SW360's database and their components and licenses can be tracked and managed through the tool's interface. This allows organizations to gain better visibility into their software assets and ensure compliance with license obligations. A link to the vendor is set at the release level, as the vendor can change with new releases. + +### **Licenses** + +The project ensures that all license information pertaining to its releases are thoroughly documented and made available to the customers. This information is typically provided in the form of a ReadmeOSS file, which includes details regarding the relevant licenses, as well as any other pertinent information such as acknowledgements, copyright notices, and applicable third-party software licenses. The project strives to maintain transparency and comply with all legal requirements in relation to licensing and intellectual property, and takes necessary steps to ensure that its customers are fully informed about the licensing terms and conditions of the software they are using. + +### **Obligations** + +Obligations refer to the license obligations resulting from license interpretations. These obligations must be fulfilled by the organization to use the third-party software in a compliant manner. They are categorized based on grants, redistribution rights, specific contractual agreements, internal uses, risk related to patents, permission for modification of code etc. + +Each license obligation will be provided with Clearing Report by the Clearing Experts. The clearing report must verify that the third party software is used in compliance with license and have fulfilled all the obligations. + +OSS license obligations are typically provided centrally. +COTS license obligations must be analyzed individually for every commercial contract. + + +### **Vulnerabilities** + +The Security Vulnerability Monitoring (SVM) system is responsible for monitoring a specified list of security vulnerabilities and list all the vulnerabilities in this tab. These vulnerabilities are tracked and can be transferred to other systems or security experts as needed. The SVM has the capability to transfer the vulnerability lists via API to SW360 or the designated security expert responsible for managing them. By utilizing this system, the project can effectively monitor and manage potential security threats, ensuring the integrity and security of the software. + +### **Product Clearing** + +Product Clearing is the approval of use of all third-party software components in a product and assessing any risks before the product is approved for a specific license or sales model and supplied to third parties. This can be done by creating a 'Project Clearing Report' from SW360. + +### **Administration** + +Administration is responsible for storing and maintaining various project-related information, including the current Project Clearing State (Open, Closed, In-progress), Clearing Summary, and any risks associated with the usage of third-party software, as assessed during the project clearing process. This information is crucial to ensuring that the project is effectively managed and remains in compliance with all relevant policies and regulations. The administrative team takes necessary measures to ensure the security and integrity of the stored data, and regularly updates the information as needed to reflect changes in the project's status or risk profile. + +### **Attachments and Attachment Usages** + +The project management system includes support for attachments, which are used to store and manage various types of information relevant to the project. Attachments can be stored at both the project and release levels, with release-level attachments typically consisting of source code, contracts, component license information, and Readme files, among other things. + +The project management team ensures that all necessary attachments are properly labeled and organized, allowing for easy access and retrieval when needed. By utilizing this system, the project team can effectively manage and track important project-related information, helping to ensure the success and compliance of the project. + + +### **Clearing Requests** + +These are the requests that are raised to the clearing experts to get the OSS license clearing for a project. These requests can only be raised at a project level and must be done once all the linked releases and projects are assigned to the parent project. This should be done in advance to give the clearing experts adequate time to get the license clearing report. The clearing results are further assessed by responsible experts and the project management. + +### **Export Controls and Customs (ECC)** + +Export Controls and Customs (ECC) numbers are automatically assigned to components, with the exception of Commercial Off-The-Shelf (COTS) components. In the case of COTS components, an ECC expert is responsible for setting the appropriate ECC numbers. By accurately identifying and assigning ECC numbers to components, organizations can prevent potential legal and financial penalties, as well as safeguard national security interests. + + + +### **Source Code Bundles** + +These are multiple source code packages which are attachments to a specific release to perform license analysis. The source code bundle is generated for a project to fulfill the license obligations “make source code available” which is required by some of the OSS licenses. + +## Important Links + +| Page | URL | Note | +|------|-----|------| +|Public Project Homepage | https://www.eclipse.org/sw360/ | Main project homepage | +|Public project GitHub Page | https://github.com/eclipse/sw360/ | Main project | +|Project Information in Eclipse | https://projects.eclipse.org/projects/technology.sw360 | Information on Eclipse SW360 | +|Public project home page SW360 Antenna | https://github.com/eclipse/antenna | Antenna Connects to SW360 to exchange information right from the build time | +|Public project SW360 Vagrant in GitHub | https://github.com/sw360/sw360vagrant | Vagrant Set up for SW360 | +|Public Project for SW360 chores at GitHub | https://github.com/sw360/sw360chores |Docker setup for SW360 | +|Public Project SW360 slides in GitHub | https://github.com/sw360/sw360slides | Main slide deck of SW360 published as Git repository | \ No newline at end of file diff --git a/content/fr/docs/Userguide/login.md b/content/fr/docs/Userguide/login.md new file mode 100644 index 0000000..2f3682b --- /dev/null +++ b/content/fr/docs/Userguide/login.md @@ -0,0 +1,18 @@ +--- +linkTitle: "Login" +title: "Login" +Weight: 1 +--- + +You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login. + +You will see a "Welcome to SW360!" homepage which is a public area with **Sign In** and **Create Account** buttons. +The Sign In button will redirect to the private area in order to work with the portal. + +{{< figure src="/sw360/img/ImagesBasic/duo.png" >}} + +Your private area contains an overview of your **Projects** and **Components**. + +{{< figure src="/sw360/img/ImagesBasic/homepage.png" >}} + +The idea of "Your" refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360. diff --git a/content/fr/docs/_index.md b/content/fr/docs/_index.md new file mode 100644 index 0000000..d4c2469 --- /dev/null +++ b/content/fr/docs/_index.md @@ -0,0 +1,53 @@ +--- +title: "SW360 Documentation" +linkTitle: "Documentation" + +menu: + main: + weight: 90 +--- + +## Overview +**SW360** is a software catalogue application that has been developed to facilitate the sharing of information related to software components used by an organization. Its primary objective is to manage software license information with the support of workflows. The application employs license scanners **FOSSology**, which is integrated to analyze the source code for licenses, copyrights, and other relevant information. + +SW360 has been designed to seamlessly integrate with existing software artifact and project management infrastructures. It provides separate backend services for distinct tasks and a set of portlets to access these services. To ensure a smooth and hassle-free deployment, a complete deployment unit is available, which includes a Vagrant box or Docker container that contains a complete configuration of all services and portlets. + +SW360 comprises the following main use case areas: + +- Project: Handling of project information with all contained Open Source SW components and other Third Party SW Components and Snippets. +- Component/Releases: Handling of information and processes related to components, e.g. name, vendor, version, ECCN information, license compliance information +- License: Handling of information regarding licenses, e.g. license texts, copyrights, acknowledgements, obligations etc. +- Vulnerability: Collecting Security Vulnerability Management Information and matching them with components stored in the component service +- License Compliance documentation: all relevant documents (e.g. Readme, source code bundle) can be created, supported by workflows. + +## Functionality +The SW360 is a software catalogue application with which you can: + +- Manage your components and projects +- Send source packages to the clearing tool Fossology +- Reuse cleared components and releases for your project +- Import cleared components with clearing reports and other documents +- Browse licenses and their obligations + +SW360 is +- Based on the Open Source Liferay portal server +- Integrated with Fossology + + In order to work with SW360, please note a fundamental setup in the data model when dealing with components: + +- A component is a list of releases with metadata. +- A Release is a version of a component with metadata and specific attachments. +- A project refers to a number of releases of components accordingly, not components. +- A vendor is separate from a component and releases. The link to the vendor is set at the release. (think of Sun and Oracle where the owner changed with a new release) + +## Getting started + +| Name | URL | Remarks | +| --- | --- | --- | +| Main home page | https://www.eclipse.org/sw360/ | main home page with general info | +| Project @ Github | https://github.com/eclipse/sw360 | where the music plays | +| Developer mailing list | sw360-dev@eclipse.org | for developers, discussion about developing | +| Slack Channel | https://sw360chat.slack.com/ | the main chat spot, everybody is welcome | +| Slack Channel Invitation Link | [Sharable join link to join](https://join.slack.com/t/sw360chat/shared_invite/enQtNzg5NDQxMTQyNjA5LThiMjBlNTRmOWI0ZjJhYjc0OTk3ODM4MjBmOGRhMWRmN2QzOGVmMzQwYzAzN2JkMmVkZTI1ZjRhNmJlNTY4ZGI) | that should bring you in | +| sw360 developer meeting | [Meeting Info](Developer-Meetings) | Everyone is welcome! + diff --git a/content/fr/gsoc/GSoC-projects-2025.md b/content/fr/gsoc/GSoC-projects-2025.md new file mode 100644 index 0000000..da043ee --- /dev/null +++ b/content/fr/gsoc/GSoC-projects-2025.md @@ -0,0 +1,294 @@ +--- +linkTitle: "GSoC 2025" +title: "GSoC Idea List - 2025" +Weight: 1 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ + +
+ +
+ + +Welcome to the idea page for all GSoC 2025 related information. + +- Check https://github.com/eclipse-sw360/sw360/discussions/2868 + +## Intro + +SW360 project has been selected as a mentoring Org with GSoC 2025. Thank you, +Google! + +Please see two main resources for finding out more SW360 in general: + +- Check https://eclipse.dev/sw360/ and development and deployment section. +- Try to install SW360 from source or your can try the [Docker](https://github.com/eclipse-sw360/sw360/blob/main/docker-compose.yml) + +Meetings: Checkout the [Meetings table]({{< relref path="_index.md">}}#meetings-table) + +## Interested in Application? - Getting Grip + +If you are interested in an application - great! We encourage your application. +So the question is how to get started with the topic, just a few points: + +- Check https://eclipse.dev/sw360/docs/ for development and operational guides. +- Check the frontend project for UI: https://github.com/eclipse-sw360/sw360-frontend +- Try to install SW360, either from source or Docker + - https://github.com/eclipse-sw360/sw360/blob/main/docker-compose.yml +- Read the proposed topics +- Use the mailing list sw360-dev@eclipse.org or contact proposed mentors for + further steps. +- [Matrix group](https://chat.eclipse.org/#/room/#technology.sw360-general:matrix.eclipse.org) +- [GitHub discussion](https://github.com/eclipse-sw360/sw360/discussions/2868) +- If you are interested in trying to make contributions, see + [contribution guidelines](https://github.com/eclipse-sw360/sw360/blob/main/CONTRIBUTING.md). + +## Mentors + +Interested in becoming a mentor? Please reach out to us! + +#### Volunteers so far: + +- [Akshit Joshi](https://github.com/akshitjoshii) +- [Amrit Kumar Verma](https://github.com/amritkv) +- [Arun Azhakesan](https://github.com/arunazhakesan) +- [Gaurav Mishra](https://github.com/GMishx) +- [Helio Chissini de Castro](https://github.com/heliocastro) +- [Katharina Ettinger](https://github.com/EttingerK) +- [Keerthi BL](https://github.com/keerthi-bl) +- [Kouki Hama](https://github.com/KoukiHama) +- [Rudra Chopra](https://github.com/rudra-superrr) + +## Topic Proposals + +Please reach out to us to add more proposals for GSoC 2025. + +Currently, discussion happening on +https://github.com/eclipse-sw360/sw360/discussions/2868 + +## Topic Proposals from 2025 + +1. [License Change Detection](#license-change-detection) +2. [Improve integration with FOSSology](#improve-integration-with-fossology) +3. [Thrift layer removal](#thrift-layer-removal) +4. [Improve tests for all REST API endpoints](#improve-tests-for-all-rest-api-endpoints) +5. [SBOM based recommendation](#sbom-based-recommendation) +6. [Creating Project as a Service](#creating-project-as-a-service) +7. [] + +### License Change Detection + +**Goal:** Understand the changes in licensing between two versions of a +software package. + +This would be combined effort between SW360 and FOSSology. + +As the software evolves in time, so does their licensing. A scenario where a +package (say "mylib-v1.2") was scanned by FOSSology and cleaned by a clearing +team. The new version of the package (say "mylib-v1.5") was released and +uploaded again to FOSSology for clearing. Now, another metric can be generated +showing the files from both packages against the change in licensing per file +(addition, removal, change of license or new file). + +This either can be shown in FOSSology itself, but also when doing an initial +scan report (ISR), triggered from SW360. Then it would be very visible for the +requester if there are changes in the new version of the release or not. Also, +the diff could be shown in the CLI files. + +It can generate a table like: + +| File path | mylib-v1.2 | mylib-v1.5 | +|:-----------------|:-----------|:-----------| +| path/to/file | MIT | MIT | +| path/to/file2 | MIT,BSD | MIT | +| path/to/file3 | GPL-2.0 | GPL-3.0 | +| path/to/new-file | | BSD | + + +| Category | Rating | +|:-----------------------|:---------------------| +| Low Hanging Fruit | ** | +| Risk/Exploratory | * | +| Fun/Peripheral | *** | +| Core Development | * | +| Project Infrastructure | ** | +| Project size | Medium | +| Preferred contributor | Student/professional | +| Skills needed | XML, Java | +| Contact | @EttingerK @GMishx | + + +### Improve integration with FOSSology + +**Goal:** Use extended REST API of FOSSology to improve the "Send to FOSSology" +feature + +SW360 already have ways to interact with [FOSSology](https://fossology.org), +however the interaction as of now is very limited. The idea is to expand on +this interaction and make use of extended +[REST API of FOSSology](https://github.com/fossology/fossology/blob/master/src/www/ui/api/documentation/openapiv2.yaml) +and have features like: +* Upload source to FOSSology +* Search and link to existing sources with checksum match +* Reuse previous version of release uploaded/existing in FOSSology +* Provide option to select agents for scanning in FOSSology +* Fetch different kind of reports from FOSSology, not just SPDX + +Relevant information: +* FOSSology REST API: https://github.com/fossology/fossology/blob/master/src/www/ui/api/documentation/openapiv2.yaml +* SW360 existing endpoints: `releases/{id}/checkFossologyProcessStatus` +* SW360 existing endpoints: `releases/{id}/triggerFossologyProcess` + +| Category | Rating | +|:-----------------------|:----------------------------| +| Low Hanging Fruit | *** | +| Risk/Exploratory | ** | +| Fun/Peripheral | *** | +| Core Development | ** | +| Project Infrastructure | ** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, REST & HTTP libraries | +| Contact | @GMishx, @rudra-superrr | + + +### Thrift layer removal + +**Goal:** Remove thrift layer for communication with Database + +Remove thrift layer which is used to interact with DB as it is not required and +makes the installation process of SW360 unnecessarily complex. This change will +help project moving forward with modern architectures like microservices. + +| Category | Rating | +|:-----------------------|:-------------------------------| +| Low Hanging Fruit | * | +| Risk/Exploratory | *** | +| Fun/Peripheral | ** | +| Core Development | *** | +| Project Infrastructure | ** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, CouchDB | +| Contact | @GMishx @smrutis1 @heliocastro | + + +### Improve tests for all REST API endpoints + +**Goal:** Improve existing tests for all REST API endpoints and write new tests + +Write unit and integration tests for all REST API endpoints. This will help in +improving the code quality and make the project more robust. + +| Category | Rating | +|:-----------------------|:---------------------------------| +| Low Hanging Fruit | *** | +| Risk/Exploratory | * | +| Fun/Peripheral | ** | +| Core Development | *** | +| Project Infrastructure | ** | +| Project size | Medium | +| Preferred contributor | Student/professional | +| Skills needed | Java, JUnit, REST API | +| Contact | @GMishx @heliocastro @keerthi-bl | + + +### SBOM based recommendation + +**Goal:** Recommendation of packages based on SBOM of a project + +When a user imports a SBOM file, the tool will share the information about the +cleared & uncleared packages used in that project based on existing knowledge +available in SW360. In addition to that if any package is uncleared, +1. The tool will recommend equivalent package, which is already cleared in + SW360, which in turn will reduce the project clearing time. +2. If the user still wants to use the same uncleared package, the tool will + give an estimated time to clear the package as well as the project using + reports like ISR. + +| Category | Rating | +|:-----------------------|:---------------------| +| Low Hanging Fruit | ** | +| Risk/Exploratory | * | +| Fun/Peripheral | ** | +| Core Development | ** | +| Project Infrastructure | ** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, Python, AI/ML | +| Contact | @amritkv @GMishx | + + +### Creating Project as a Service + +**Goal:** Separate out the Project and related modules as a separate +microservice + +The idea is to separate the Project related modules as a separate microservice +which can then be customized independently for different organizations while +still reusing the common Component repository. + +| Category | Rating | +|:-----------------------|:----------------------------------| +| Low Hanging Fruit | * | +| Risk/Exploratory | *** | +| Fun/Peripheral | *** | +| Core Development | * | +| Project Infrastructure | *** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, Spring, Microservices, REST | +| Contact | @keerthi-bl @GMishx @heliocastro | + + +### Update Official Documentation Page + +**Goal:** Separate out the Project and related modules as a separate +microservice + +#### Motivation +The current official documentation page (https://eclipse.dev/sw360/) lacks clear +instructions regarding environment configurations and upgrade procedures for +recent software versions. This discrepancy often confuses users and negatively +affects productivity during installation or updating processes. Keeping the +official documentation accurate and up-to-date helps attract new users and +fosters an active user community. Moreover, documentation updates do not require +direct changes to the software source code, allowing contributors to undertake +this task concurrently with other development or testing activities, thus +lowering the barriers for OSS contributions. + +### Proposed Changes +- Clearly document environment setup instructions and upgrade procedures + corresponding to the latest software versions. +- Complement missing details in documentation, such as updates to dependencies + and version compatibility, reducing user confusion. +- Enhance visual clarity by adding practical examples and screenshots + illustrating the updated procedures. + +### Notes +- This task involves no source code modifications, making it easy to execute + alongside other development tasks or community activities. +- Documentation updates are valuable contributions to OSS projects and serve as + excellent entry points for new contributors. +- It is advisable to explicitly recognize documentation maintenance as a + significant and formally acknowledged form of OSS contribution. + +| Category | Rating | +|:-----------------------|:--------------------------------| +| Low Hanging Fruit | *** | +| Risk/Exploratory | * | +| Fun/Peripheral | ** | +| Core Development | * | +| Project Infrastructure | *** | +| Project size | Medium | +| Preferred contributor | Student/professional | +| Skills needed | Markdown, Hugo | +| Contact | @GMishx @heliocastro @KoukiHama | + +
diff --git a/content/fr/gsoc/_index.md b/content/fr/gsoc/_index.md new file mode 100644 index 0000000..553f14e --- /dev/null +++ b/content/fr/gsoc/_index.md @@ -0,0 +1,57 @@ +--- +title: "Google Summer of Code" +linkTitle: "GSoC" +menu: + main: + weight: 80 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ + +
+
+ + +## Google Summer of Code 2025 + +SW360 is selected as a mentoring Org with +[Google Summer of Code 2025](https://opensource.googleblog.com/2025/01/google-summer-of-code-2025-is-here.html). + +You can visit our [idea page for GSoC 2025]({{< relref path="GSoC-projects-2025.md">}}). + +More info to come here. + +### Projects + +[//]: # "Following are the important links to projects." + +| Contributor | Project | Final Reports | +|:------------|:--------|:--------------| +| | | | + +### Proposed Mentors + +- [Akshit Joshi](https://github.com/akshitjoshii) +- [Amrit Kumar Verma](https://github.com/amritkv) +- [Arun Azhakesan](https://github.com/arunazhakesan) +- [Gaurav Mishra](https://github.com/GMishx) +- [Helio Chissini de Castro](https://github.com/heliocastro) +- [Katharina Ettinger](https://github.com/EttingerK) +- [Keerthi BL](https://github.com/keerthi-bl) +- [Kouki Hama](https://github.com/KoukiHama) +- [Rudra Chopra](https://github.com/rudra-superrr) + +### Meetings table + +| Topic(s) | Timings | Meeting link | ICS | +|:---------|:--------|:-------------|:----| +| | | | | + +Thanks for being part of the community. 💚 + +
diff --git a/content/fr/presentations/_index.md b/content/fr/presentations/_index.md new file mode 100644 index 0000000..37b3061 --- /dev/null +++ b/content/fr/presentations/_index.md @@ -0,0 +1,56 @@ +--- +title: "Présentations" +linkTitle: "Présentations" +menu: + main: + weight: 12 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ + +
+
+ + +## 2022 +* **[Open Source Summit Japan 2022](https://osselc21.sched.com/)**: "[SW360 SBOM: Managing Vulnerability Information, SPDX Documents and New Dependency Network Between a Project and Software Components](https://sched.co/1D12t)" (Tien Le & Kouki Hama, Toshiba Corporation) [[slides](https://static.sched.com/hosted_files/ossjapan2022/ed/OSSJapan2022-SW360.pdf)] [[video](https://youtu.be/JP69MOFFE4o)] + +* **[EclipseCon 2022](https://www.eclipsecon.org/2022)**: "[sw360 - How new life is been injected in the traditional compliance software](https://www.eclipsecon.org/2022/sessions/sw360-how-new-life-been-injected-traditional-compliance-software)" (Helio Chissini de Castro) [[video](https://youtu.be/sbCwuV6iuOM)] + +* **[FOSDEM 2022](https://fosdem.org/2022/)**: "[How to manage OSS license obligations and SBoM by SW360's new features](https://fosdem.org/2022/schedule/event/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/)" (Kouki Hama, Toshiba Corporation) [[slides](https://fosdem.org/2022/schedule/event/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/attachments/slides/5198/export/events/attachments/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/slides/5198/fosdem_2022_hama.pdf)] [[video](https://video.fosdem.org/2022/D.dependency/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features.webm)] + +## 2021 +* **[Open Source Summit Europe 2021](https://osselc21.sched.com/)**: "[SW360 SBOM and License Obligation Management](https://sched.co/lAVK)" (Michael Jaeger, Siemens AG & Kouki Hama, Toshiba Corporation) + +## 2019 +* **[Open Source Summit Japan 2019](https://events19.linuxfoundation.org/events/open-source-summit-japan-2019/)**: "[ +Using SW360 for OSS Compliance Management Process](https://sched.co/OVtF)" Kouki Hama , Toshiba Corporation) +" [[slides](https://events19.linuxfoundation.org/wp-content/uploads/2018/07/OpenSourceSummitJapan_final.pdf)] + +## 2018 +* **[Bitkom Forum Open Source 2018](https://www.bitkom.org/bfoss18/)**: "Eclipse SW360 – Lessons Learned From Automated License Compliance" (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) +* **Inner Source Commons 2018**: "Committing to Change: Inner Source at Siemens" (Karsten Gerloff, Siemens AG) +* **[The Free Software Legal and Licensing Workshop 2018](https://fsfe.org/activities/ftf/legal-conference.en.html)**: "Eclipse SW360: Generating License Information for Products with SDPX Docs" (Michael C. Jaeger, Siemens AG) +* **[Yanking the Chain: Open Source Software Compliance in the Supply Chain](http://oshug.org/event/65)**: "Eclipse SW360 – Open Source Management with Open Source" (Michael C. Jaeger, Siemens AG) +* **Bitkom AK Open Source**: "Eclipse SW360 – Automatisierte License Compliance" (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) + +## 2017 +* **[EclipseCon Europe 2017](https://www.eclipsecon.org/europe2017)**: "Leveraging Open Source Projects for Open Source Management" (Marcel Kurzmann, Bosch Software Innovations GmbH) [[slides](https://www.eclipsecon.org/europe2017/sites/default/files/slides/Leveraging_Open_Source_Projects_for_OSM_EclipseCon.pdf)] [[video](https://youtu.be/z19ifXKAkgE)] +* **[EclipseCon France 2017](https://www.eclipsecon.org/france2017/conference/schedule/session/2017-06-22)**: "SW360 – The Component Management Hub" (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) [[slides](https://www.eclipsecon.org/france2017/sites/default/files/slides/036%20OSS%20sw360%2020170315%20slides%20Eclipseconfrance%2002_0.pptx)] [[video](https://youtu.be/ifb8vkfwiT4)] +* **[Open Compliance Summit 2017](https://ocs2017.sched.com/event/CY94/open-source-with-open-source-component-management-with-sw360-johannes-kristan-bosch-michael-jaeger-siemens)** : "Open Source with Open Source: Component Management with SW360" (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) +* **[Open Source Summit Europe 2017](https://osseu17.sched.com/event/ByIp/oss-compliance-automation-with-sw360-michael-jaeger-siemens-ag)**: "OSS Compliance Automation with SW360" (Michael C. Jaeger, Siemens AG & Steffen Evers, Bosch Software Innovations GmbH) +* **[Open Source Leadership Summit 2017](http://events17.linuxfoundation.org/events/open-source-leadership-summit/program/schedule)**: "SW360 - An Open Component Hub" (Steffen Evers, Bosch Software Innovations GmbH) +* **The Seoul Copyright Forum 2017**: "License compliance: FOSS tools for speed and scale" (Karsten Gerloff, Siemens AG) + +## 2016 +* **Bitkom AK Open Source**: "SW360 – Your Open Component Hub" (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) +* **[JAXenter](https://jaxenter.de/eclipse-sw360-44641)**: "Neu im Eclipse-Universum: SW360 – das Katalogisierungsprogramm für Software-Komponenten" (Dominik Mohilo, JAXenter) +* **[EclipseCon Europe 2016](http://wiki.eclipse.org/Eclipse_Unconference_Europe_2016#Open_Source_Component_Management)**: "Open Source Component Management -- Unconference Session" (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) +* **[Linux Foundation Collab Summit 2016](https://collabsummit2016.sched.com/event/6YQh/sw360-a-place-like-home-for-oss-michael-jaeger-siemens-maximilian-huber-tng-technology-consulting)**: "SW360: A Place like Home for OSS" (Michael C. Jaeger, Siemens AG) + +
diff --git a/content/fr/screenshots/index.md b/content/fr/screenshots/index.md new file mode 100644 index 0000000..0eb02dc --- /dev/null +++ b/content/fr/screenshots/index.md @@ -0,0 +1,94 @@ +--- +title: "Captures d’écran" +description: "A picture is worth a thousand words" +menu: + main: + weight: 11 +--- + + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ +The SW360 application is divided into several sections around managing a catalogue of software components and the software bill-of-material of your software projects, products or services. The menu bar as shown on home screen cover the following main sections. + +
+ +## Home + +A dashboard listing the components and projects created by the user logged in. With this overview, the own projects and components can be directly accessed. + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-home.png" title="Home" >}} + + {{< /gallery/card >}} + +{{< /gallery/gallery >}} + + +## Project + +As for individual projects, a number of subsections is provided, allowing for managing different aspects of a project: license compliance, export control (ECC), vulnerabilities, locking of attachments for project use, and vulnerabilities. +For each project, a number of attributes can be maintained, most notably external ids, which allow for a mapping to the dataset in SW360 with external systems. + +The main area of work in the projects section. SW360 uses the term project as synonym for products, services, or internal projects. The projects area starts with a listing of all projects which are visible to the user, according to the visibility setting of the project. + +For the license compliance, SW360 allows for maintaining a global clearing status for each release of a component. In addition, a clearing status can be set for use at each individual project. + +Not only the clearing status for each use of a release can be captured by SW360. Also, the type of usage (contained, side-by-side installation, etc.) can be saved as attribute. + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projectlist.png" title="Main area" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects01.png" title="Summary" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects02.png" title="Clearing Status" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects03.png" title="ECC Clearing Status" >}} + {{< /gallery/card >}} + +{{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects04.png" title="Releases and Projects" >}} + {{< /gallery/card >}} +{{< /gallery/gallery >}} + +## Components + +Components in SW360 can have multiple types, such as OSS, commercial component or a service (and more types), since license compliance matters for type of software, not only OSS. Components are in fact a container for releases, because license compliance information and other attributes change between different releases of a component. + +At each release, basic attributes can be stored, some of them are informal, but can give relevant input to usage statistics of software in an organisation. + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-components02.png" title="Component" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-components01.png" title="Component Edit" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-components04.png" title="Component Clearance" >}} + {{< /gallery/card >}} + +{{< /gallery/gallery >}} + + +## Search + +SW360 provides an index for all data, thus searching for keywords will yield results for all different datasets, such as projects, components, licenses, etc. Search for terms can be filtered by data set types. + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-search.png" title="Search" >}} + {{< /gallery/card >}} + +{{< /gallery/gallery >}} + +
+ diff --git a/content/ja/_index.html b/content/ja/_index.html new file mode 100644 index 0000000..7e5d925 --- /dev/null +++ b/content/ja/_index.html @@ -0,0 +1,60 @@ ++++ +title = "SW360" +linkTitle = "Eclipse SW360" ++++ + +{{}} +
+
+

+ {{< figure src="/sw360/img/logos/logo_full.svg" width="400">}} +

+ ソフトウェアサプライチェーン管理の決定版! +

+

+
+ +
+ +
+

+ SW360はEPL-2.0ライセンスのオープンソースソフトウェアプロジェクトであり、ソフトウェアコンポーネントに関する情報を収集、整理し、利用可能にするウェブアプリケーションとリポジトリを提供します。組織内のソフトウェアコンポーネントの中央ハブを確立します。 +

+
+ +
+   +  私たちのビジョン +  +
+ +{{}} + + +
+
+
+ {{% blocks/vision title="中央SWコンポーネントデータベース" %}} +360度のカバレッジを提供し、「コーディング」以外のSW開発にも対応する中央SWコンポーネントデータベース +{{% /blocks/vision %}} + +{{% blocks/vision title="ソフトウェアコンプライアンスのE2E統合" %}} +安定的で正確、透明性があり、制御可能で拡張しやすいOSSツールチェーンの長期運用 +{{% /blocks/vision %}} + +
+
+{{% blocks/vision title="長期管理可能なOSSツールチェーン" %}} +可能な限り自動化され、エンドツーエンドのコンプライアンス(法務、セキュリティ/SBOM、輸出管理)ツールチェーンとして + SW開発プロセス(例: DevOps)にシームレスに統合 +{{% /blocks/vision %}} + +{{% blocks/vision title="新技術の導入" %}} +コンテナや新しい種類のパッケージなど、新技術や新ツールの導入を容易に +{{% /blocks/vision %}} +
+
+
diff --git a/content/ja/about/index.md b/content/ja/about/index.md new file mode 100644 index 0000000..f053dda --- /dev/null +++ b/content/ja/about/index.md @@ -0,0 +1,42 @@ +--- +title: "Eclipse SW360について" +linkTitle: "について" +menu: + main: + weight: 10 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ +
+
+ +現代のソフトウェアは、多くの場合、ゼロから構築されるのではなく、さまざまな事前パッケージ化されたサードパーティ製ソフトウェアコンポーネントを使用して組み立てられます。その結果、組織はいくつかの課題に直面します: + +* **コンプライアンスの確認**: サードパーティ製ソフトウェアコンポーネントを使用する際のライセンスコンプライアンス、ECCチェック、IP評価の確認。 +* **知識の共有**: どのコンポーネントを推奨すべきか、どのコンポーネントを特定の基準に基づいて段階的に廃止すべきかなど、ソフトウェアコンポーネントとその特性に関する情報の共有。 +* **包括的な概要の提供**: 組織やそのサプライチェーンで使用されているコンポーネントを追跡し、どの資産が異なる製品やソリューションに統合されているかを把握。 + +これらの 3 つの主要なユースケースは、品質管理者、ソフトウェア開発者、法務担当者、ソフトウェアアーキテクト、R&D マネージャーなど、組織内のさまざまな役割に対応しています。しかし、すべての役割に共通するのは、ソフトウェアコンポーネントに関するインサイトを一元管理するためのハブが必要であるという点です。 + +**SW360** は、EPL-2.0 ライセンスの下で提供されるオープンソースソフトウェアプロジェクトであり、ソフトウェアコンポーネント情報を収集、整理、および利用可能にするための Web アプリケーションとリポジトリを提供します。SW360 は、組織内でのソフトウェアコンポーネント管理のための中央ハブとして機能し、以下のことを可能にします: + +* プロジェクトまたは製品で使用されるコンポーネントの追跡。 +* セキュリティ脆弱性の評価。 +* ライセンス義務の維持。 +* ポリシーの適用。 +* 法的文書の生成。 + +例えば、SW360 はオープンソースコンプライアンスツール **FOSSology** でクリアリングプロセスをトリガーし、その結果のクリアリングレポートをインポートできます。データは SW360 のデータベースに保存することも、外部ソースから動的にインポートすることも可能です。 + +将来的には、選択した情報を共有する SW360 インスタンスのフェデレーションを確立することを計画しています。 + +SW360 は Web ベースの UI に加えて、すべての機能を API 経由で利用できるため、既存の DevOps ツールとのシームレスな統合が可能です。 + +
+
+
\ No newline at end of file diff --git a/content/ja/docs/AdministrationGuide/User-Data-Model-Enumerations.md b/content/ja/docs/AdministrationGuide/User-Data-Model-Enumerations.md new file mode 100644 index 0000000..695eaed --- /dev/null +++ b/content/ja/docs/AdministrationGuide/User-Data-Model-Enumerations.md @@ -0,0 +1,274 @@ +--- +linkTitle: "Enumerations" +title: "Enumerations" +description: "SW360 enumeration values for the internal thrift API" +Weight: 12 +--- + + +SW360 thrift API is comprised of the following methods: + +* attachments +* codescoop +* components +* cvesearch +* fossology +* importstatus +* licenseinfo +* licenses +* moderation +* projectimport +* projects +* schedule +* search +* sw360 +* users +* vendors +* vulnerabilities + +Reference: https://github.com/eclipse-sw360/sw360/tree/main/libraries/datahandler/src/main/thrift + +## Attachments + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/attachments.thrift + +### AttachmentType + +| Value | Description. | +|---|---| +| DOCUMENT | justa document | +| SOURCE | original course code | +| DESIGN | design document | +| REQUIREMENT | requirements document | +| CLEARING_REPORT | OSS licensing reporting | +| COMPONENT_LICENSE_INFO_XML | XML document with licenseing information - e.g. SPDX | +| COMPONENT_LICENSE_INFO_COMBINED | XML document with licensing information covering multiple componnts at once - e.g. SPDX | +| SCAN_RESULT_REPORT | Output what a scanner for licenses has found | +| SCAN_RESULT_REPORT_XML | Output what a scanner for licenses has found this time in XML | +| SOURCE_SELF | Self assembled source code distribution | +| BINARY | Binary of component from vendor | +| BINARY_SELF | Self built binary | +| DECISION_REPORT | documenting importing decisions for using this item | +| LEGAL_EVALUATION | Some legal evaluation created for this item | +| LICENSE_AGREEMENT | A ruling license agreement for this item, note that this could be for commercial software for example | +| SCREENSHOT | Screenshot, usually screenshot of the Website with licensing information | +| OTHER | anything that dos not match to the given above | + +### CheckStatus + +| Value | Description. | +|---|---| +| NOTCHECKED | Default value after upload. | +| ACCEPTED | Reviewed and confirmed attachment. | +| REJECTED | Document or attachment cannot be used. | + +## CodeScoop Thrift File + +https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift + +## Components + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/components.thrift + +## cvesearch + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/cvesearch.thrift + +| Value | Description | +|---|---| +| NEW | ... | +| UPDATED | New information for a notification message, so it is updated | +| OLD | ... | +| FAILED | ... | + +## Fossology + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/fossology.thrift + +_No enumerations provided_ + +## Importstatus + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/importstatus.thrift + +_No enumerations provided_ + +## License Info + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/licenseinfo.thrift + +_No enumerations provided_ + +### LicenseInfoRequestStatus + +| Value | Description | +|---|---| +| SUCCESS | ... | +| NO_APPLICABLE_SOURCE | ... | +| FAILURE | ... | + +### OutputFormatVariant + +| Value | Description | +|---|---| +| REPORT | ... | +| DISCLOSURE | ... | + +## Licenses + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/licenses.thrift + +_No enumerations provided_ + +## Moderation + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/moderation.thrift + +### DocumentType + +| Value | Description | +|---|---| +| COMPONENT | ... | +| RELEASE | ... | +| PROJECT | ... | +| LICENSE | ... | +| USER | ... | + +## Project Import + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/projectimport.thrift + +_No enumerations provided_ + +## Projects + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/projects.thrift + +### Project State + +| Value | Description | +|---|---| +| ACTIVE | _well_ | +| PHASE_OUT | _well_ | +| UNKNOWN | _well_ | + +### Project Type + +| Value | Description | +|---|---| +| CUSTOMER | Project that delivers artifacts to customer outside organisation | +| INTERNAL | Project that provides artifacts or service for internal use | +| PRODUCT | Just that it is a product instead of a project | +| SERVICE | Project that provides services to customer outside organisation | +| INNER_SOURCE | Inner source project, meaning that everyone inside org can use it | + +### Project Relationship + +| Value | Description | +|---|---| +| UNKNOWN | _unknown_ | +| REFERRED | Sister project | +| CONTAINED | Sub project | +| DUPLICATE | _duplicate_ | + +### Project Clearing State + +| Value | Description | +|---|---| +| OPEN | not started | +| IN_PROGRESS | ... | +| CLOSED | ... | + +## Schedule + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/schedule.thrift + +_No enumerations provided_ + +## Search + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/search.thrift + +_No enumerations provided_ + +## General SW360 Thrift + +### Software Mainline States + +| Value | Description | +|---|---| +| OPEN | Not decided so far | +| MAINLINE | Organisation or person thinks that use of this software is recommended, which included multiple versions. | +| SPECIFIC | The software is not recommended in general, but for special use case or for this particular version it is acceptable. | +| PHASE_OUT | The software has issues, please consider removing it soon, if in use. | +| DENIED | Software which is not allowed for use. For example, software that does not have licensing. | + + +## General SW360 Thrift + +### Software Mainline States + +| Value | Description. | +|---|---| +| OPEN | Not decided so far | +| MAINLINE | Organisation or person thinks that use of this software is recommended, which included multiple versions. | +| SPECIFIC | The software is not recommended in general, but for special use case or for this particular version it is acceptable. | +| PHASE_OUT | The software has issues, please consider removing it soon, if in use. | +| DENIED | Software which is not allowed for use. For example, software that does not have licensing. | + +### Moderation States + +| Value | Description | +|---|---| +| PENDING | Not opened so far. | +| APPROVED | A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then. | +| REJECTED | A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request. | +| INPROGRESS | A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide. | + +### Visibility + +| Value | Description | +|---|---| +| PRIVATE | Only visible by creator (and admin which applies to all visibility levels). | +| ME_AND_MODERATORS | Visible by creator and moderators. | +| BUISNESSUNIT_AND_MODERATORS | All users of the same group and the moderators. | +| EVERYONE | Every user who is logged into the system. | + +### Verification State + +| Value | Description | +|---|---| +| NOT_CHECKED | No one has yet looked at this and verified it. | +| CHECKED | It is verified. | +| INCORRECT | It was decided that the verification should be rejected. | + +### Release Relationship + +| Value | Description | Clearing releav nt | +|---|---|---| +| CONTAINED | If you just do not know whether it is dynamically linked. | Yes | +| REFERRED | Referencing a stand alone used other part. | No | +| UNKNOWN | If you just do not know. | Yes | +| DYNAMICALLY_LINKED | Software dynamically linked - as the name says. | Yes | +| STATICALLY_LINKED | Software statically linked - as the name says. | Yes | +| SIDE_BY_SIDE | Not decided so far. | Yes | +| STANDALONE | Software is given as standalone delivery, ie. not technically connected. | Yes | +| INTERNAL_USE | Used for creating or building or ? the product or projects but not delivered. | Yes | +| OPTIONAL | Is not mandatory part of the installation. | Yes | +| TO_BE_REPLACED | Is there but should be moved out. | Yes | + +## Users + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/users.thrift + +## Vendors + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/vendors.thrift + +_No enumerations provided_ + +## Vulnerabilities + +https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/thrift/vulnerabilities.thrift + +_No enumerations provided_ diff --git a/content/ja/docs/AdministrationGuide/User-Scheduling-CVE-Search-by-Admins.md b/content/ja/docs/AdministrationGuide/User-Scheduling-CVE-Search-by-Admins.md new file mode 100644 index 0000000..57ecb68 --- /dev/null +++ b/content/ja/docs/AdministrationGuide/User-Scheduling-CVE-Search-by-Admins.md @@ -0,0 +1,55 @@ +--- +linkTitle: "CVE-Search Scheduling" +title: "CVE-Search Scheduling" +description: "How to schedule the CVE-Search Service" +Weight: 12 +--- + + +SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service. + +In what follows the synchronization between SW360 and the external CVE provider is described. + +`CveSearch-updates` can either be scheduled automatically when launching the `schedule-service` (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an `SW360 admin`. +It is automatically scheduled with the start of the scheduling service, if in the `/resources/sw360.properties` file of the `schedule-service` in the backend, `cvesearchService` is mentioned in the `autostart`-property: + +`` +autostart = cvesearchService +`` + +According to the default settings, cveSearch is _not_ auto-started with the scheduling service. + +For manually scheduling the CVE search service, open the `Schedule Portlet` of the `Admin` menu. Note that the `Admin` menu is only visible to `SW360 admins`. + +![](./images/UCAdminScheduling/01_adminMenu.png) + +In the `Schedule Portlet` of the `Admin` menu, a user with `admin` rights can turn on or off automatic updates of the cve-search service manually. +In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the `Schedule CveSearch Updates`-button is inactive, whereas the `Cancel Scheduled CveSearch Updates`-button is active and vice versa: + +![](./images/UCAdminScheduling/scheduleAdminPortlet.png) + +The `offset` (first run of the update) and the `interval` between updates can also be adjusted in the `/resources/sw360.properties` file of the `src-schedule` service. +The corresponding properties are `schedule.cvesearch.firstOffset.seconds` and `schedule.cvesearch.interval.seconds`. +The `offset` has to be given in seconds since midnight and also the `interval` has to be entered in seconds. +The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds). + + + `` + schedule.cvesearch.firstOffset.seconds = 0 + `` + + `` + schedule.cvesearch.interval.seconds = 86400 + `` + +With automatic scheduling the next synchronization moment according to the `offset` and the `interval` is computed. This will be the first moment when a `cveSearch-update` is run. +There is nothing like an `initial run` when autostarting of manually scheduling the `CveSearch-updates`. +Moreover, the configuration, i.e. `offset`, `interval` and `next synchronization` (where the latter is a consequence of `offset` and ` interval`) are shown in the portlet: + +![](./images/UCAdminScheduling/scheduleAdminPortletProperties.png) + + + +## Setup of a local instance +It is recommended to set up and use a local instance instead of the public cve-search instance. +The accompanying project sw360-chores contains a Dockerfile that can easily setup this service. diff --git a/content/ja/docs/AdministrationGuide/VulnerabilityManagement/User-Check-Vulnerabilities-for-Your-Project.md b/content/ja/docs/AdministrationGuide/VulnerabilityManagement/User-Check-Vulnerabilities-for-Your-Project.md new file mode 100644 index 0000000..40c3eb8 --- /dev/null +++ b/content/ja/docs/AdministrationGuide/VulnerabilityManagement/User-Check-Vulnerabilities-for-Your-Project.md @@ -0,0 +1,61 @@ +--- +linkTitle: "Search Vulnerabilities" +title: "Search Vulnerabilities" +description: "How to Check for Vulnerabilities Affecting Your Project" +weight: 101 +--- + + + +The CVE-Search service of SW360 checks for vulnerabilities that affect releases present in SW360. +The CVE-search service runs automatically at the time that has been scheduled by one of the `SW360-admins`. +Typically, this will happen at night. So, in the beginning, SW360 does not know any vulnerabilities for your project. + +## Vulnerabilites in the Project Portlet + +After a CVE-search run has been finished, you can see the number of vulnerabilities associated with your project in the `Projects Portlet`. +To that end, open the `Projects Portlet` and click on your project: + +![](./images/UCVulnerabilitiesProject/01_SelectProject.png) + +In the `Vulnerabilities tab` on the left hand side, you see the number of vulnerabilites that have been found for the releases that are directly linked +to your project. Actually, you see two numbers. The left number indicates how many vulnerabilities have not been evaluated or `rated` for this project yet. +Whenever this number is positive, the bullet surrounding the numbers will be red. Otherwise the bullet is grey. + +![](./images/UCVulnerabilitiesProject/02_NumberOfVulnerabilities.png) + +## The Vulnerabilities Tab +To view (and to rate the vulnerabilities for the project), click on the `Vulnerabilities Tab`. A list of vulnerabilities occurs. Each vulnerability has been found + for one of the releases that are directly linked to your project. In the first column, you see the name of that release. + +![](./images/UCVulnerabilitiesProject/03_VulnerabilityListProject.png) + +By clicking on the `external id` of a vulnerability, you can view the details of the vulnerability in the `Vulnerability Portlet`. +More details about the `Vulnerability Portlet` can be found [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#the-vulnerability-portlet). +The column `Priority` contains no special information when using `CVE-Search`, it is used when importing vulnerability information from different sources. +In the column `Matched By`, you see the `distance` with which the vulnerability was found, and in the mouse-over the corresponding `needle` is displayed. +Below the table, you see a report about how many vulnerabilities in your project were found with which `distance` by `heuristics` and how many of them have been found by a `matching CPE` respectively. +For more details on `distances`, `matches` and `needles`, click [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#heuristics). +In the column `Title`, the `External id` is repeated, and in the mouse-over, you can read the `description` of the vulnerability. + +## Evaluating Vulnerabilities for your Project +If you are allowed to edit the project, you can also `rate` the relevance of the vulnerability for your project. In this case, the column `Relevance for project` contains +drop-down menus, where you can select a `rating` for each vulnerability (compare [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#vulnerability-rating-for-projects)). +To change the rating for a project, simply select a different value from the drop-down menu, enter a comment and click `OK`. + +![](./images/UCVulnerabilitiesProject/04_ChangeRating.png) + +In order to update the number of checked and unchecked vulnerabilities in the bullet of the `Vulnerability tab`, you have to reload. +After that, you can also view the `history of rating changes` in the mouse-over of the corresponding vulnerability, +see also [here](https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#change-history-for-vulnerability-ratings-and-verifications). + +You can also view the vulnerabilities associated with a `component` and those associated with a `release` in the `Components Portlet`. +CVE Search associates vulnerabilities with a release in SW360 based on the data that SW360 knows for that release. +For a `release`, a `security admin` or an `admin` can judge whether a vulnerability does indeed refer to the `release`. +Vulnerabilities that have been classified as `INCORRECT` by an `admin` or `security admin` are not displayed to `USERs` any more and therefore do not distort the picture for your project. + + + + + + diff --git a/content/ja/docs/AdministrationGuide/VulnerabilityManagement/Vulnerabilities.md b/content/ja/docs/AdministrationGuide/VulnerabilityManagement/Vulnerabilities.md new file mode 100644 index 0000000..9e2e3ad --- /dev/null +++ b/content/ja/docs/AdministrationGuide/VulnerabilityManagement/Vulnerabilities.md @@ -0,0 +1,89 @@ +--- +linkTitle: "Vulnerabilities" +title: "Vulnerabilities" +weight: 100 +--- + +# 5.0 Vulnerabilities + +A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases. + +To open Vulnerabilities page, click on the **Vulnerabilities tab** from the main menu. + +{{< figure src="/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerabilities_Page.png" >}} + +|Sl.No.|Description| +|:----:|:----------| +|1| [Quick Filter](#52-quick-filter)| +|2|[Advanced Filter](#53-advanced-filter)| +|3| [Vulnerabilities List](#51-vulnerabilities-list) | + +## 5.1 Vulnerabilities List +On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information: + +1. **External Id** of the vulnerabilities. +2. **Title** of the vulnerabilities. +3. **Weighting**. +4. **Publish date**: This is the date that the vulnerability was published. +5. **Last Update**: This is the date that the vulnerability was last updated. + + +**NOTE: USE ![](/sw360/img/ImagesBasic/VulnerabiblitiesPage/SortIcon.png) TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.** + + +## 5.2 Quick Filter + +You can use the **Quick Filter** to search for a vulnerability. To search for a particular vulnerability, use the type field. + +## 5.3 Advanced Filter + +The **Advance Filter** dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure: + +1. Search the Vulnerability by **CVE ID** (Common Vulnerabilities and Exposures). +2. Search the vulnerability by **Vulnerable Configuration**. + +## 5.4 View Vulnerability + +To open a view mode for a Vulnerability: + +Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the **External ID**. When you click on External ID for a vulnerability you are displayed with the following information: + * Summary + * Metadata + * References + +```NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.``` + +### A. Summary + +To view summary information for the vulnerability, click on **Summary**. You can now view the following vulnerability information: + +![](/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_Summary.png) + +* Title +* Description +* External ID +* Publish date +* Last update date +* Priority +* Priority Text +* Action +* Impact +* Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool. +* Assigned External Component IDs +* Vendor Advisories: Here you can view the vendor and a web address to the release +* Vulnerability Scoring (CVVS) +* Access +* Common Weakness enumerations +* Vulnerable Configurations +* Linked releases: List of all the releases that the vulnerability is linked to. + +### B. Metadata (To be added) + +To view metadata for the vulnerability, click on **Metadata**. + +### C. References + +To view all the references for the vulnerability, click on **References**. +This page lists all referenced websites. + +![](/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_References.png) \ No newline at end of file diff --git a/content/ja/docs/AdministrationGuide/VulnerabilityManagement/_index.md b/content/ja/docs/AdministrationGuide/VulnerabilityManagement/_index.md new file mode 100644 index 0000000..39c89e3 --- /dev/null +++ b/content/ja/docs/AdministrationGuide/VulnerabilityManagement/_index.md @@ -0,0 +1,149 @@ +--- +title: "Vulnerability Management" +linkTitle: "Vulnerability Management" +oem_ignore: true +description: "SW360 Vulnerability Portlet" +--- + + In the `vulnerability portlet`, you can view the vulnerabilites that are currently present in SW360 in more detail, independent of the release or project they apply to. Clicking on the top level entry `Vulnerabilities`, a table listing all vulnerabilities is shown: + +![](./images/vulnerabilityView.png) + +Clicking on a vulnerability entry in the table, the details view of this vulnerability is shown. + +![](./images/vulnerabilityDetail.png) + +The details view is also linked from the `vulnerabilities view` in the `project portlet` and `component and release portlet`, respectively. + +# Vulnerability Verification for Releases + +Vulnerabilities automatically imported into SW360 - e.g. via the CVE search connection of SW360 - can be applicable for a release or not. The latter can happen, because release data in SW360 is incorrect or not complete. Then the CVE search service uses a more general search pattern yielding a lot of vulnerabilities, only some of which actually apply to the release. Therefore, in SW360 a vulnerability can be marked for a given release with one of the following `verification states`: + +1. NOT CHECKED +2. CHECKED +3. INCORRECT + +Only `admins` can mark a vulnerability or change the `verification state` and enter a comment to give reasons for the change. The verification state and the meta-information (when and by whom the verification state was changed and the comment) are stored as `VerificationStateInfo` at the appropriate `ReleaseVulnerabilityRelation`. + +The `verification state` is displayed in the detail mode of a `release`, at `vulnerabilities` in the column `Verification` of the `vulnerability table`. User without `admin`-rights can only see the vulnerabilities that are `NOT CHECKED` or `CHECKED` together with a tooltip containing the meta-info. The `INCORRECT` vulnerabilities are hidden from users without admin rights in the release detail view and also in the component detail view and in the project detail view. + +Admins see in the same table a dropdown menu, where they can adjust the state. An admin is shown all vulnerabilities belonging to a project, component or release, also those that are marked as `INCORRECT`. + +![](./images/releaseVulnerabilities.png) + +# Vulnerability Rating for Projects + +In the detail view of a `project`, in the category `Vulnerabilites`, the vulnerabilities belonging to the linked releases of the project are shown. Such a vulnerability in the context of a certain project can be assigned one of the following `Ratings`: + +1. NOT CHECKED +2. IRRELEVANT +3. RESOLVED +4. APPLICABLE + +Those ratings are shown in the vulnerability table of the project details view. A user that has writing permission for the project can change the rating via a drop-down menu. If he changes the value, he is asked to enter a comment. The `VulnerabilityRating` together with the meta-data (who has changed the rating, date of change of the rating and comment) is stored in one database object `ProjectVulnerabilityRating` per project. + +A user that has no writing permission on the project is shown the `Vulnerability Rating` in the table without the possibility to change the value. + +The number of vulnerabilities for a project with rating `NOT CHECKED` is displayed in the bullet of the `Vulnerability` tab of the `project detail` view. The bullet is red if there are vulnerabilities with status `NOT CHECKED` for the project. In the example 7 of the 10 existing vulnerabilities are `NOT CHECKED`. + +![](./images/VulnerabilitiesBullet.png) + +![](./images/projectVulnerabilities.png) + +# Change History for Vulnerability Ratings and Verifications + +The complete list of status changes for vulnerability ratings in the project portlet and for vulnerability verifications in the component portlet is shown when hovering with the mouse over the vulnerability rating/verification in the table. This is shown for the project vulnerability table in the picture below. + +![](./images/modifiedHistoryLayoutProjectVulnerabilities.png) + +#CVE-Search + +## Automatic update of vulnerabilities +See this [use case](https://github.com/eclipse/sw360/wiki/Doc-Use-Case:-Scheduling-CVE-Search-by-Admins). + + +## Heuristics +All heuristics start by looking at the cpe. If the cpe is valid, i.e. start with the string "cpe:" and are longer then 10 chars, this is used for the search. If the search fails it falls back to the other search levels. + +There are at the moment two different heuristics implemented which define how and in which order to search the cveSearch DB. + +They can actually be combined, i.e. one could be the fallback of the other. + +### Guessing heuristic (the new one) +The matching of vendor- and product-names is improved by using a lists of actual vendors resp. actual products of an vendor. + +From the information given for a release, which is expected to be either of the form + +1. vendor=`"VENDOR_NAME"`, name=`"PRODUCT_NAME"` and a version or +2. vendor=`""`, name=`"VENDOR_NAME PRODUCT_NAME"` and a version (as generated by the bdpimport). + +we try to find the best matches from the vendors list and then for these ones the best matches in their respective product lists. +The first run includes the version, and if no matching product with the correct version is found, a second run is made without the version restriction. + +##### Modified Levenshtein distance +For the definition which matches are good we use a variation of the Levenshtein distance with some asymmetric modifications. In the following we will call the left side **needle** and the right side **haystack**. The **needles** will come from the lists and the **haystack** will be (parts of) the raw information extracted from the release. The defining rules are + +1. Our Levenshtein distance is equal to the regular Levenshtein distance, if the **haystack** does not contain any spaces. +2. Skipping a **prefix ending with a space** or of the **haystack** does not cost anything, i.e. does not increase the distance +3. Skipping a **postfix starting with a space** of the **haystack** does not cost anything, i.e. does not increase the distance +4. If either the **needle** or the **haystack** is empty, the distance is `Integer.MAX_VALUE` + +This means that the string `"needle"` has +- distance 0 to itself, i.e. `"needle"` +- distance 0 to itself plus a postfix separated by a space, e.g. `"needle postfix"` +- distance 0 to itself plus a prefix separated by a space, e.g. `"prefix needle"` +- distance 2 to something which has regular distance of 2 surrounded by a prefix and a postfix which are separated by spaces, e.g. `"prefix nedles postfix"` + +##### Configuration + +The finetuning parameters can be configured by setting the following properties in `/etc/sw360/sw360.properties` or in the `configuration.yml` + + cvesearch.default.vendor.threshold=1 + cvesearch.default.product.threshold=0 + cvesearch.default.cutoff=6 + +##### Finetuning +There are three variables which can be used for finetuning of the algorithm + +- `cutoff` (defaults to `Integer.MAX_VALUE`, i.e. no cutoff) +- `vendorThreshold` (defaults to `0`, i.e. no vendor threshold) +- `productThreshold` (defaults to `0`, i.e. no product threshold) + +#### Cons +- is not able to find anything if no vendor but a unique product is given +- many search queries +- it will always try find the best match, e.g. also very bad matches, if cutoff is to large + +### Display How a Vulnerability was Found + +In the `vulnerability tables` of the `projects portlet` and the `component and release portlet` you can see, whether a vulnerability was found directly by the `CPE` or by `heuristics`. In the latter case, also the distance (and therefore the quality of the match with `0 = best possible match`) is displayed. + +![](./images/matchedBy.png) + +In addition, below the `vulnerability tables` of the `projects portlet` and the `component and release portlet`, you can see the number of directly linked releases that was found by `CPE` or `heuristic`, respectively: + + ![](./images/projectVulnerabilitiesWithStatisticsHighlighted.png) + +### Example 1: `{vendor="Apache",name="Maven",version="3.0.4"}` +#### Basic heuristic +This heuristic builds in the first step the correct needle +`cpe:2.3:.:.*apache.*maven.*3.0.4.*` and finds the cpe `cpe:2.3:a:apache:maven:3.0.4` +#### Guessing heuristic +The heuristic guesses the vendor `apache` and the product `maven`. Together with the version this results in the same cpe-needle `cpe:2.3:.:.*apache.*maven.*3.0.4.*`. + +### Example 2: `{vendor="",name="Apache Maven",version="3.0.4"}` +#### Basic heuristic +The first levels of this heuristic fails until the sixth level which does not use the vendor. The resulting needle is then `cpe:2.3:.:.*apache.*maven.*3.0.4.*` and finds the cpe `cpe:2.3:a:apache:maven:3.0.4` +#### Guessing heuristic +The heuristic guesses the vendor `apache` since it is a substring of `apache maven` and thus has distance `0`, the same is true for the productname `maven` which results in the same cpe-needle as above. + + + + + + + + + + + diff --git a/content/ja/docs/AdministrationGuide/_index.md b/content/ja/docs/AdministrationGuide/_index.md new file mode 100644 index 0000000..912638d --- /dev/null +++ b/content/ja/docs/AdministrationGuide/_index.md @@ -0,0 +1,7 @@ +--- +title: "Administration Guides" +linkTitle: "Administration Guides" +weight: 11 +icon: fas fa-tools +description: SW360 Administration Guides +--- diff --git a/content/ja/docs/AdministrationGuide/menu.md b/content/ja/docs/AdministrationGuide/menu.md new file mode 100644 index 0000000..e3c843b --- /dev/null +++ b/content/ja/docs/AdministrationGuide/menu.md @@ -0,0 +1,29 @@ +--- +linkTitle: "Administrator Menu" +title: "Administrator Menu" +weight: 9 +--- + +The **admin menu** consists of the following items: + +{{< figure src="/sw360/img/ImagesBasic/admin_menu.png">}} + +- **User**: Displays the list of **Liferay Users**. One can also download or upload new users in this section + +- **Vendors**: Displays the list of the **Vendors** that can be managed by the admin + +- **Bulk License Edit**: List of licenses can be edited together in this section + +- **Licenses**: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section + +- **Obligations**: To manage different types of Obligations on the basis of obligation level and obligation type + +- **Schedule**: To schedule tasks such as CVE Search + +- **Fosology**: Connection to the Fossology server + +- **Import and Export**: Can Import and Export **Component**, **Release** and **License** information + +- **Attachment Cleanup**: To cleanup attachment database + +- **Database Sanitization**: Helps in searching for duplicate identifiers diff --git a/content/ja/docs/AdministrationGuide/properties.md b/content/ja/docs/AdministrationGuide/properties.md new file mode 100644 index 0000000..ecfb4b1 --- /dev/null +++ b/content/ja/docs/AdministrationGuide/properties.md @@ -0,0 +1,26 @@ +--- +linkTitle: "Properties" +title: "Properties" +weight: 12 +--- + +**Frontend Properties**: All the sw360 frontend properties are mentioned in [sw360.properties](https://github.com/eclipse-sw360/sw360/blob/main/libraries/datahandler/src/main/resources/sw360.properties) file. +For example; +https://github.com/eclipse/sw360/wiki/ + - Different categories for components, + + component.categories=[ "framework", "SDK", "big-data", "build-management", "cloud", "content", "database", "graphics", "http", "javaee", "library", "mail", "mobile", "network-client", "network-server", "osgi", "security", "testing", "virtual-machine", "web-framework", "xml"] + + - Dropdown for project type, + + project.type=[ "Customer Project", "Internal Project", "Product", "Service", "Inner Source" ] + + - API Token generation, + + rest.apitoken.generator.enable=false + + - Activation of portlets and components + +**Backend Properties**: This, [sw360.properties](https://github.com/eclipse-sw360/sw360/blob/main/backend/common/src/main/resources/sw360.properties) file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility. + +You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected. diff --git a/content/ja/docs/AdministrationGuide/user-management-roles.md b/content/ja/docs/AdministrationGuide/user-management-roles.md new file mode 100644 index 0000000..1991e70 --- /dev/null +++ b/content/ja/docs/AdministrationGuide/user-management-roles.md @@ -0,0 +1,35 @@ +--- +linkTitle: "User Management Roles" +title: "User Management Roles" +weight: 10 +--- + +Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to; + +- The creator of the record +- The moderators for a record +- The clearing admins of the same group in SW360. + +Then, the proposed changes can be approved by them. + +## General SW360 Roles and Access + +There are two main types of roles. The first type are general roles on the system that apply in the default case: + +1. **User** - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created. +2. **Clearing Expert** - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests. +3. **Clearing Admin** - A clearing admin has the rights to work on the projects of the own group and to edit licenses. +4. **ECC Admin** - The only users who can edit (or approve as moderation request) ECC classifications. +5. **Secuirty Admin** - The only users to edit relevance for security vulnerabilities. +6. **SW360 Admin** - An admin has full rights on all (visible!) data items. Can elevate permissions of other users. + +In addition there are ACL-style roles, meaning that per data item access settings can be made: + +1. **Creator** - A creator can modify in addition to the user's read abilities, a user can be creator of a data item. +2. **Moderator** - A creator can define moderators for a data item. Moderators can change a data item as a creator can. +3. **Contributor** (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items. +4. **Project Owner** - A user who owns the project. +5. **Lead Architect** (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions. +6. **Project Responsible** (Project) - Is a contributor, just named differently to identify the responsible person. +7. **Security Responsible** - Users responsible for the security of the project. + diff --git a/content/ja/docs/Deployment/BareMetal/Deploy-19-Natively.md b/content/ja/docs/Deployment/BareMetal/Deploy-19-Natively.md new file mode 100644 index 0000000..1623b50 --- /dev/null +++ b/content/ja/docs/Deployment/BareMetal/Deploy-19-Natively.md @@ -0,0 +1,245 @@ +--- +linkTitle: "Version 19.x on Debian 12" +title: "Version 19.x on Debian 12" +weight: 101 +description: Bare metal deployment with Debian based Linux for SW360 v19.x +--- + +## Introduction + +We are covering the installation for Debian based Linux distros. sw360 may run +on a variety of other linux distributions or OSes such as Mac OSX (amd64 only). + +This is a guide with detailed explanation of how to install and run SW360 +natively on you local machine. It includes installation of all dependencies +manually, and will not use docker or other container system during the +installation or run. + +## Requirements + +The installation consists of quite some tasks, as an overview: + +* Java 21 +* Maven >= 3.5.0 +* Tomcat 11.0 +* Postgresql >= 16 +* CouchDB >= 3.4.x +* Thrift 0.20.0 +* NodeJS >= 20.x +* pnpm + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +```shell +sudo apt update +sudo apt upgrade +``` + +## 1. Installing backend services + +### 1.1. CouchDB + +CouchDB manages their own package repository, and we will be using it to get +latest packages for installation. + +Starting with adding keys and sources to APT and installing the couchdb and the +couchdb-nouveau (full-text search engine) packages. + +```shell +apt install curl gnupg2 apt-transport-https lsb-release +curl 'https://couchdb.apache.org/repo/keys.asc' | gpg2 --dearmor | sudo tee /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg >/dev/null 2>&1 +sudo chown root:root /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +sudo chmod 0644 /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +echo "deb [signed-by=/etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/couchdb.list +sudo chmod 0644 /etc/apt/sources.list.d/couchdb.list +sudo apt-get update -y +sudo apt-get install -y couchdb couchdb-nouveau +``` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind + address, if you would like to access the server from a remote computer + because your sw360 runs as a server in the network, you would need to change + accordingly. +2. Unless you know what you are doing, use standalone installation instead of + clustered option, for a regular single installation. +3. Enable Nouveau in CouchDB (if installed)?: We want to enable it so SW360 can + use it for search interface. Later, it can be customized to change index + storage location, if needed. +4. Admin user: For fresh installation for sure a very good idea. You can set the + password at sw360 for CouchDB in `couchdb.properties` and place it centrally + in `/etc/sw360`. + +### 1.2. Java 21 + +If you do not have installed java 21 yet on your setup: + +```shell +curl 'https://packages.adoptium.net/artifactory/api/gpg/key/public' | gpg2 --dearmor | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg >/dev/null 2>&1 +sudo chown root:root /etc/apt/trusted.gpg.d/apache-temurin.gpg +sudo chmod 0644 /etc/apt/trusted.gpg.d/apache-temurin.gpg +echo "deb [signed-by=/etc/apt/trusted.gpg.d/apache-temurin.gpg] https://packages.adoptium.net/artifactory/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/adoptium.list +sudo chmod 0644 /etc/apt/sources.list.d/adoptium.list +sudo apt-get update -y +sudo apt-get install -y temurin-21-jdk +``` + +### 1.3. Thrift + +To install Apache Thrift using the helper script in the SW360 project, run the install-thrift.sh script located in `third-party/thrift/install-thrift.sh`: [here](https://github.com/eclipse-sw360/sw360/blob/d7869d252c4b4c84e6ee389cbed44543cd37f7ac/third-party/thrift/install-thrift.sh) + +```bash +sudo ./scripts/install-thrift.sh +``` + +In case there is thrift in the package management of the OS you are running on, +just make sure, you have version 0.20 + +### 1.4. Maven + +If your OS has maven version 3.5.0 or above, you can simply go and install it. + +Otherwise, you can install maven manually: + +```shell +curl -L 'https://dlcdn.apache.org/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz' -o ~/Downloads/maven-3.9.9.tar.gz +sudo tar -xzvf ~/Downloads/maven-3.9.9.tar.gz -C /opt +sudo find /opt/apache-maven-3.9.9/ -type d -exec chmod 755 {} \; +sudo update-alternatives --install /usr/bin/mvn mvn /opt/apache-maven-3.9.9/bin/mvn 399 +printf 'export M2_HOME=/opt/apache-maven-3.9.9\nexport PATH=${M2_HOME}/bin:${PATH}' | sudo tee /etc/profile.d/maven.sh +sudo chmod 0644 /etc/profile.d/maven.sh +``` + +### 1.5. Install Apache Tomcat 11 + +Get the latest version of [Apache Tomcat 11](https://tomcat.apache.org/download-11.cgi). +and install it in `/opt` + +```shell +curl -L 'https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.4/bin/apache-tomcat-11.0.4.tar.gz' -o ~/Downloads/tomcat-11.0.4.tar.gz +sudo tar -xzvf ~/Downloads/tomcat-11.0.4.tar.gz -C /opt +sudo chown -R $USER:$USER /opt/apache-tomcat-11.0.4/ +``` + +### 1.6. Install KeyCloak (optional) + +You can configure KeyCloak with SW360 for IAM. SW360 on its own can do +authentication and authorization, but for corporate setup, you might want to +offload to KeyCloak. Thus, this step is optional. + +Get the latest 26.x.x version from [Keycloack downloads](https://www.keycloak.org/downloads). + +```shell +curl -L 'https://github.com/keycloak/keycloak/releases/download/26.1.3/keycloak-26.1.3.tar.gz' -o ~/Downloads/keycloak-26.1.3.tar.gz +sudo tar -xzvf ~/Downloads/keycloak-26.1.3.tar.gz -C /opt +sudo chown -R $USER:$USER /opt/keycloak-26.1.3/ +``` + +Install PostgreSQL used by KeyCloak for management. + +```bash +sudo apt install postgresql +``` + +or whatever package version is suitable here, for example version 15 for Debian 12. + +Follow the [Keycloak based authentication](../../deploy-keycloak-authentication/) +guide to set up KeyCloak for SW360 after the installation from 1.8 is done. + +### 1.7. Clone SW360 backend and create default user + +* Clone sw360 source code to folder + * `> git clone https://github.com/eclipse-sw360/sw360.git` +* Create default user + * Run `> ./scripts/addUnsafeDefaultClient.sh [OPTIONS]` + * **Options** + * `-d` : Should delete default client + * `-du` : Should delete default user + * `--host` : To change host from `http://127.0.0.1:5984` + * `--user` : To change username from `admin` + * `--pass` : To change password from `admin` + +### 1.8. Build sw360 version 19.x + +* Create config properties + * `$ sudo mkdir -p /etc/sw360 /etc/sw360/autorization /etc/sw360/rest` + * Find the relevant configurations at [Configurable Property Keys](../../Deployment/Deploy-Configuration-Files.md) +* Compile and install the application + * `> mvn clean install -Dbase.deploy.dir=/opt/apache-tomcat-11.0.4/ -Dlistener.deploy.dir=/opt/keycloak-26.1.3/providers -P deploy` + +This will install the jar and war files at appropriate locations. + +### 1.9. Start backend service + +* Start tomcat server + * `> /opt/apache-tomcat-11.0.4/bin/startup.sh` +* Check tomcat logs + * `> tail -f100 /opt/apache-tomcat-11.0.4/logs/catalina.out` + +Once you see message like +`org.apache.catalina.startup.Catalina.start Server startup in [**] milliseconds` +in the logs, the backend is up and can load the OpenAPI docs at +[http://localhost:8080/resource/v3/api-docs](http://localhost:8080/resource/v3/api-docs) + +The backend install SwaggerUI as well and accessible via +[http://localhost:8080/resource/swagger-ui/index.html](http://localhost:8080/resource/swagger-ui/index.html) + +## 2. Installing frontend services + +Since version 19, SW360 has separated the front-end as a React based project. +It is hosted at [Github SW360 Frontend repository](https://github.com/eclipse-sw360/sw360-frontend/) and needs to be +installed as well. + +### 2.1. Install node 20 + +First we need to install Node and NPM version 20 or above. Setting nvm is the +easiest and fastest way to do it for your user. Follow the [guide from installing and updating](https://github.com/nvm-sh/nvm?tab=readme-ov-file#installing-and-updating) + +```shell +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash +source ~/.bashrc +nvm install 20 +``` + +### 2.2. Install pnpm + +pnpm is an advanced package manager for node dependencies and can be installed +with the new npm installed above. + +```shell +npm install -g pnpm@latest-10 +``` + +### 2.3. Clone and install frontend + +* Clone sw360 source code to folder + `> git clone https://github.com/eclipse-sw360/sw360-frontend.git` + +* Setup `.env` file + + ```ini + NEXTAUTH_SECRET='secret' + NEXT_PUBLIC_SW360_API_URL='http://localhost:8080' + NEXTAUTH_URL='http://localhost:3000' + # possible values are sw360basic, sw360oauth, keycloak + NEXT_PUBLIC_SW360_AUTH_PROVIDER='sw360basic' + + # Enable if using KeyCloak + #SW360_KEYCLOAK_CLIENT_ID='client-from-kc' + #SW360_KEYCLOAK_CLIENT_SECRET='secret-from-kc' + #AUTH_ISSUER='http://localhost:8083/realms/sw360' + #NEXT_PUBLIC_SW360_AUTH_PROVIDER='keycloak' + ``` + +* Install dependencies and build pages + + ```shell + > pnpm install + > pnpm build + ``` + +* Start the server and visit [http://localhost:3000](http://localhost:3000) +`$ pnpm start` diff --git a/content/ja/docs/Deployment/BareMetal/Deploy-Natively.md b/content/ja/docs/Deployment/BareMetal/Deploy-Natively.md new file mode 100644 index 0000000..5927ba7 --- /dev/null +++ b/content/ja/docs/Deployment/BareMetal/Deploy-Natively.md @@ -0,0 +1,134 @@ +--- +linkTitle: "Ubuntu 22.04 / Debian 11" +title: "Ubuntu 22.04 / Debian 11" +weight: 100 +description: Bare metal deployment with Debian based Linux +--- + +## Introduction + +We are covering the update for Debian based Linux distros, because that is our main / agreed base system for running sw360. sw360 may run on a variety of other linux distributions or OSes such as Mac OSX (amd64 only). + +## Requirements + +The installation consists of quite some tasks, as an overview: + +* Java 11 +* Postgresql >= 15.x +* CouchDB >= 3.2.x +* Thrift 0.18.1 +* Liferay CE 7.4.3 GA18 + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +```shell +sudo apt update +sudo apt upgrade +``` + +## PostgreSQL + +You can go ahead install postgresql: + +```bash +sudo apt install postgresql +``` + +or whatever package version is suitable here, for example version 12 for ubuntu 20.04. + +The configuration for Liferay will come later. + +## CouchDB + +CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing: + +```shell +apt install curl gpg +curl https://couchdb.apache.org/repo/keys.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +echo "deb https://apache.jfrog.io/artifactory/couchdb-deb/ $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null +sudo apt-get update -y +sudo apt-get install -y couchdb +``` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly. +2. Unless you know what you are doing, use standalone install instead of clustered option, for a regular single installation. +3. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in `couchdb.properties` and place it centrally in `/etc/sw360` + +In case you added an admin accidentally and would like to remove it, + +## Thrift + +For thrift, the helper install script is located on sw360 `scripts/install-thrift.sh`: + +```bash +sudo ./install-thrift.sh +``` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16 + +## Java 11 + +If you do not have installed java 11 yet on your setup: + +```shell +curl https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg >/dev/null +echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.gpg +``` + +## Dependencies + +Use the included script located in: +```bash +./scripts/download_dependencies.sh +``` + +Required dependencies will be downloaded on the deps folder. + +For liferay, unpack it, ideally in the `/opt` directory. + +## Install Couchdb Lucene + +SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container. + +To build the custom CLucene jar: + +```shell +#!/bin/bash + +CLUCENE_VERSION=2.1.0 +mkdir /tmp/build +curl -JL https://github.com/rnewson/couchdb-lucene/archive/v"$CLUCENE_VERSION".tar.gz | tar -C /tmp/build -xz --strip-components=1 +cp ./scripts/patches/couchdb-lucene.patch /tmp/build +cp ./scripts/docker/couchdb-lucene.ini /tmp/build/src/main/resources/couchdb-lucene.ini +cd /tmp/build || exit 1 +patch -p1 < couchdb-lucene.patch \ +mvn -X install war:war \ + +## Deploy New SW360 + +Build with: + +```bash +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ \ + -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.4.18-ga4/tomcat-9.0.33/webapps/ -DskipTests +``` + +Tests are usually performed in CI, so skipping them locally is fine unless you've made changes to the code. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed: + +```bash +cd rest +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +``` + +## Final Steps in Liferay + +Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these steps cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. + +This is the legacy guide for Liferay CE 7.3.3 but is valid for current 7.4.3 deployment: + +https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ + diff --git a/content/ja/docs/Deployment/BareMetal/_index.md b/content/ja/docs/Deployment/BareMetal/_index.md new file mode 100644 index 0000000..4db9d68 --- /dev/null +++ b/content/ja/docs/Deployment/BareMetal/_index.md @@ -0,0 +1,7 @@ +--- +title: "Bare Metal" +linkTitle: "Bare Metal" +weight: 10 +oem_ignore: true +description: SW360 Bare Metal Deployment +--- diff --git a/content/ja/docs/Deployment/Deploy-Authorization-Concept.md b/content/ja/docs/Deployment/Deploy-Authorization-Concept.md new file mode 100644 index 0000000..2e206d9 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Authorization-Concept.md @@ -0,0 +1,50 @@ +--- +linkTitle: "Authorization Concept" +title: "Authorization Concept" +weight: 100 +description: + Describe different roles of authorization concepts on SW360 +--- + +The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: [role and access model](https://github.com/eclipse/sw360/wiki/Dev-Role-Authorisation-Model) + +## Roles Overview + +SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI. + +#### Setup Admin (Liferay Role) + +The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page. + +#### SW360 Admin (Liferay Role) + +The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role `CLEARING_ADMIN`. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the `SW360_ADMIN` role to allow users of this role to promote other users's roles, follow these steps: + +1. Go to control panel +2. Select the `Users` section +3. To subsection `Roles` +4. Select row for `SW360 Admin` and select action `Define permissions`. + +When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users. + +#### Clearing Admin (Liferay Role) + +The clearing admin can change all component and release records and project records of the same group. + +#### Security Admin (Liferay Role) + +In addition to the user rights, the security admin can set security vulnerabilities to irrelevant + +#### ECC Admin (Liferay Role) + +In addition to the user rights, the ECC admin can manipulate ECC data. + +#### User + +A user can create, modify and delete all own (=self created) records. A user cannot change records of others + +#### Summary + +### Moderation Requests + +If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record. diff --git a/content/ja/docs/Deployment/Deploy-CVE-search.md b/content/ja/docs/Deployment/Deploy-CVE-search.md new file mode 100644 index 0000000..d42d445 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-CVE-search.md @@ -0,0 +1,150 @@ +--- +linkTitle: "CVE Scheduler" +title: "CVE Scheduler" +weight: 100 +description: + SW360 CVE Schedules +--- + +# How to use SW360 CVE schedule + +SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server. +_Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active._ + +## Install CVE-search + +cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install. + +### Docker Installation [Github repo](https://github.com/cve-search/CVE-Search-Docker) + +Only clone and "docker-compose up". + +```sh + $ git clone https://github.com/cve-search/CVE-Search-Docker.git + $ cd CVE-Search-Docker + $ docker-compose up +``` + + +### Native Installation [Github repo](https://github.com/cve-search/cve-search) + +1. Clone source +```sh + $ git clone https://github.com/cve-search/cve-search + $ cd cve-search + $ git checkout {tag/branch} +``` +2. Install system requirements +```sh + $ sudo apt-get install -y < requirements.system +``` + +3. Install CVE-Search and its Python dependencies +```sh + pip3 install -r requirements.txt +``` + +4. Install mongodb +```sh + + $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - + + $ codename=$(lsb_release --codename --short) + + $ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu ${codename}/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list + +``` + +```sh + $ sudo apt-get update + + $ sudo apt-get install -y mongodb-org + + $ sudo systemctl daemon-reload + + $ sudo systemctl start mongod + + # Verify status of mongodb + $ sudo systemctl status mongod + + # if all is ok, enable mongodb to start on system startup + $ sudo systemctl enable mongod +``` + +5. Populating the database +```sh + $ sudo apt-get install redis redis-server + + #modify: stop-writes-on-bgsave-error yes -> no + $ sudo vim /etc/redis/redis.conf + + $ sudo systemctl daemon-reload + + $ sudo systemctl restart redis + + $ ./sbin/db_mgmt_cpe_dictionary.py -p + + $ ./sbin/db_mgmt_json.py -p + + $ ./sbin/db_updater.py -c # This will take > 45minutes on a decent machine, please be patient +``` + +6. Updating the database +```sh + $ ./sbin/db_updater.py -v +``` + +7. Starting and stopping the web-server + +```sh + # Install psutil >= 5.7.0 + $ pip3 install psutil>=5.7.0 + + # Starting web server + $ python3 web/index.py +``` +Default Web server: http://localhost:5000 + +To stop the server, press the `CTRL+C` + +**Note**: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust + +```sh + $ cd cve-search + $ cp etc/configuration.ini.sample etc/configuration.ini + $ vim etc/configuration.ini +``` + + +## Setup SW360 with CVE server + +1. Change default CVE server + +Change `cvesearch.host` with CVE server address. +```sh + $ vim ${SW360_DIR_INSTALL}/backend/src/src-cvesearch/src/main/resources/cvesearch.properties +``` + +2. Setting for schedule the CVE service + +The offset (first run of the update) and the interval between updates can also be adjusted. + +```sh + $ vim ${SW360_DIR_INSTALL}/backend/src/src-schedule/src/main/resources/sw360.properties +``` + +The `offset` has to be given in seconds since midnight and also the `interval` has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds). + +According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start `autostart = cvesearchService` + +3. Schedule task Adminstration + +View and start/stop schedule + +Click `Admin` > `Schedule` + +## Reference + +CVE guide: [https://cve-search.github.io/cve-search/database/database.html] + +User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins] diff --git a/content/ja/docs/Deployment/Deploy-Configuration-Country-Codes.md b/content/ja/docs/Deployment/Deploy-Configuration-Country-Codes.md new file mode 100644 index 0000000..74b1263 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Configuration-Country-Codes.md @@ -0,0 +1,20 @@ +--- +linkTitle: "Configuring Country Codes" +title: "Configuring Country Codes" +weight: 100 +description: + SW360 provides a feature for showing country codes and country names +--- + +This feature is available on: +- projects / Owner Country +- components / Owner Country + +![Country Code List](https://user-images.githubusercontent.com/29916928/36796378-551cf572-1c9d-11e8-96aa-85ce98e97ff3.jpg) + +Its supports preferred country codes, which are shown at the top of the country list.
+You can configure them by using the sw360.properties. + +| sw360 properties key | value | default | +| :---: | :---: | :---: | +| preferred.country.codes | (ISO 3166-1 alpha-2) | DE,AT,CH,US | diff --git a/content/ja/docs/Deployment/Deploy-Configuration-Files.md b/content/ja/docs/Deployment/Deploy-Configuration-Files.md new file mode 100644 index 0000000..99154b0 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Configuration-Files.md @@ -0,0 +1,246 @@ +--- +linkTitle: "Configurable Property Keys" +title: "Configurable Property Keys" +weight: 100 +description: + SW360 Configurable property keys +--- + + +### Introduction + +List of all applicable property files in sw360: +- sw360.properties +- fossology.properties +- couchdb.properties +- search.properties +- orgmapping.properties +- databasetest.properties +- authorization/application.yml +- rest/application.yml + + +### SW360.properties (/etc/sw360/sw360.properties) + +The following table shall give an overview about the general sw360 configuration settings. + +| Property Key | Default| +|:-----------|:------------| +| licenseinfo.spdxparser.use-license-info-from-files | true/false | +| mainline.state.enabled.for.user | true/false | +| key.auth.email | EMAIL | +| key.auth.extid | EXTID | +| key.auth.givenname | GIVENNAME | +| key.auth.surname | SURNAME | +| key.auth.department | DEPARTMENT | +| backend.url | http://127.0.0.1:8080 | +| cvesearch.vendor.threshold | 1 | +| cvesearch.product.threshold | 0 | +| cvesearch.cutoff | 6 | +| combined.cli.parser.external.id.correlation.key | - | +| schedule.cvesearch.firstOffset.seconds | 0 | +| schedule.cvesearch.interval.seconds | "(24*60*60)" | +| autostart | - | +| rest.write.access.usergroup | SW360_ADMIN | +| rest.access.token.validity.seconds | 3600 | +| rest.security.client.id | sw360-trusted-client | +| rest.security.client.secret | sw360-secret | +| programming.languages | ActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON | +| software.platforms | Adobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)| +| operating.systems | Android,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS | +| clearing.teams | org1,org2,org3 | +| state | Active,Phase out,Unknown | +| project.type | Customer Project,Internal Project,Product,Service,Inner Source | +| project.externalkeys | internal.id | +| license.identifiers | - | +| component.categories | framework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml | +| component.externalkeys | com.github.id,com.gitlab.id,purl.id | desc | +| custommap.project.roles |Stakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user | +| custommap.component.roles | Committer,Contributor,Expert | +| custommap.release.roles | Committer,Contributor,Expert | +| custommap.release.externalIds | - | +| release.externalkeys | org.maven.id,com.github.id,com.gitlab.id,purl.id | +| projectimport.hosts | - | +| preferred.country.codes | DE,AT,CH,US | +| MailUtil_from | _No_Reply__@sw360.org | +| MailUtil_host | - | +| MailUtil_port | 25 | +| MailUtil_enableStarttls | false | +| MailUtil_enableSsl |false | +| MailUtil_isAuthenticationNecessary | true | +| MailUtil_login | - | +| MailUtil_password | - | +| MailUtil_enableDebug | false | +| MailUtil_supportMailAddress | - | +| defaultBegin | - | +| defaultEnd | - | +| unsubscribeNoticeBefore | - | +| unsubscribeNoticeAfter | - | + + +### fossology.properties (/etc/sw360/fossology.properties) + +These configuration parameters are necessary to connect to a fossology server. + +| Property Key | Default| +|:-----------|:------------| +| fossology.host | localhost | +| fossology.port | 22 | +| fossology.user | sw360 | +| fossology.key.file | /fossology.id_rsa | +| fossology.key.pub.file | [fossology.key.file] + .pub | + + + +### couchdb.properties (/etc/sw360/couchdb.properties) + +CouchDB and Lucene search configuration properties. + +| Property Key | Default| +|:-----------|:------------| +| couchdb.url | http://localhost:5984 | +| couchdb.database | sw360db | +| couchdb.user | - | +| couchdb.password | - | +| couchdb.userdb | sw360users | +| couchdb.attachments | sw360attachments | +| couchdb.fossologyKeys | sw360fossologyKeys | +| couchdb.vulnerability_management | sw360vm | +| lucenesearch.limit | 25 | desc | +| lucenesearch.leading.wildcard* | false | + +> \* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. _(couchdb-lucene.ini is part of the couchdb-lucene .war package)_
+> [lucene]
+> allowLeadingWildcard=true + + +### search.properties (/etc/sw360/search.properties) + +The following table shall give an overview about the specific search properties + +| Property Key | Default| +|:-----------|:------------| +| search.name.max.length | 64 | + + + +### orgmapping.properties (/etc/sw360/orgmapping.properties) + +This configuration file is used to activate the sw360 orgmapping feature. + +| Property Key | Default| +|:-----------|:------------| +| match.prefix | false | +| enable.custom.mapping | false | + + +### databasetest.properties (/etc/sw360/databasetest.properties) + +Just for couchdb database test purpose. + +| Property Key | Default| +|:-----------|:------------| +| couch_db_url | http://localhost:5984 | +| couch_db_database | datahandlertestdb | +| couchdb.username | - | +| couchdb.password | - | + +### authorization/application.yml (/etc/sw360/authorization/application.yml) + +All of the following built-in properties can be overridden: + +``` + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + #username: + #password: + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API +``` + +### rest/application.yml (/etc/sw360/rest/application.yml) + +All of the following built-in properties can be overridden: + +``` +server: + port: 8091 + +spring: + http: + multipart: + max-file-size: 500MB + max-request-size: 600MB + + data: + rest: + base-path: /api + +# logging: +# level: +# org.springframework.web: DEBUG + +security: + oauth2: + resource: + id: sw360-REST-API + filter-order: 3 + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + +sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` diff --git a/content/ja/docs/Deployment/Deploy-Export-and-Import.md b/content/ja/docs/Deployment/Deploy-Export-and-Import.md new file mode 100644 index 0000000..e311384 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Export-and-Import.md @@ -0,0 +1,170 @@ +--- +linkTitle: "Export and Import" +title: "Export and Import" +weight: 100 +description: + SW360 Export and Import +--- + + +```diff +- note that only export and import of users is active, +- everything else is deprecated functionality. +- The export and import functionality has not been +- updated at some point and thus will not function +- properly anymore. +``` + +Full Export +=========== + +The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. +e.g. +``` +http://localhost:5984/_utils/config.html +``` +under +``` +view_index_dir /var/lib/couchdb +``` +This method of exporting has the advantage that all Ids remain the same. +An equally simple method it to use the Couch-DB replicator from Futon. + +This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with +``` +https://github.com/couchapp/couchapp +``` +and then follows the instructions from +``` +http://harthur.github.io/costco/ +``` +and +``` +couchapp push . http://localhost:5984/sw360users +``` + +then you go to +``` +http://localhost:5984/sw360users/_design/costco/index.html +``` +and you can run functions like: + +``` +function(doc) { + if (doc.type == 'user') { + if(doc.fullname == 'Homer J. Simons') { + doc.fullname = 'Homer Jay Simons'; + } + } + return doc; +} +``` + +You can also change the names of properties, e.g. + +``` +function(doc) { + if (doc.type == 'user') { + if(doc.fullname ) { + doc.fullname2 = doc.fullname; + delete doc.fullname; + } + } + return doc; +} +``` + +CSV Export +========== + +## Users +The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough. + +## Projects + +There is no CSV export or import for projects currently. + +## Components and Releases + +To Export the components and releases you need to do the following: +As Components and Releases are identified by their identifier ([name] or [name(version)]), these identifiers need to be unique. When importing duplicates in the identifiers are ignored and they are also not exported. +Therefore in the admin page you can check the database for such duplicates. + +After that "Download Component CSV" creates a CSV with components, releases and their source attachments. +The source attachments are created if the "DownloadURL" is a valid url. +These remote-only attachments will be download once the first download request occurs. +If the URL does not exist you get an error. + +Alternatively you can use +``` +sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java +``` +to bulk download the source only attachments. +The command line call to use it from the Siemens network looks like this: +``` + java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d +``` +## Attachments + +Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database. + +The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up. + +This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent. + +The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it. + +If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards. + +If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete. + +In general this should only be necessary if errors have occurred. +It is a good idea to run this before you export the attachments. + +## Release links + +Links between releases can be exported or imported. +Because release links are stored in maps, the procedure is idempotent by construction. +The old links are overwritten with the imported data. + +## Suggested Order for Exports + +1. Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding) +2. Clean up the attachments +3. Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported) +4. Export the Users, Components, Attachment Infos and release links +5. copy the sw360attachments.couch, this might be a huge files + +## Suggested Order for Imports +### On a fresh installation +1. Copy the sw360attachments.couch in its place +2. Start the licenses importer +3. restart the backend to make the design documents available and boot the frontend +4. Import the users +5. Import the component CSV +6. Import the Attachment Infos +7. Import the Release Link Infos. + +### Regular Maintenance Operations +1. Run the attachments clean up +2. Resolve name crashes with the search for duplicate Identifiers + +### Imports on a running instance +1. New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message. +2. Users can be added via CSV. +3. Release links can be added via CSV, duplicates overwrite existing links + +Attachments should not be imported on a running instance! +This should not break much, as without the entries in the couchDB there will be no import. +But potentially remote-only Attachments get deleted. +Nevertheless this scenario is not intended and maybe there are unforeseen side effects. + +## Troubleshooting + +#### Import failing in the Backend: No Department + +The import fails with some error message that a user does not have a department? + +1. First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail. +2. If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the "sw360users" database in couchdb. +3. Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates. diff --git a/content/ja/docs/Deployment/Deploy-Keycloak-Authentication.md b/content/ja/docs/Deployment/Deploy-Keycloak-Authentication.md new file mode 100644 index 0000000..c7465f8 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Keycloak-Authentication.md @@ -0,0 +1,329 @@ +--- +linkTitle: "Keycloak based authentication" +title: "Keycloak based authentication" +weight: 101 +description: + Using Keycloak based authentication for the new SW360 setup. +--- + +## Install Java 21 + +* Update the package index: `sudo apt update` +* Install OpenJDK 21: `sudo apt install openjdk-21-jdk` + +## Set JAVA_HOME + +* Edit the `~/.bashrc` file: `vim ~/.bashrc` +* Add the following line at the end of the file: `export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64` +* Save and exit the editor. +* Update the environment variables: `source ~/.bashrc` +* Or you can set environment variable in `/etc/environment` file + +## Install PostgreSQL + +* Install PostgreSQL 14 or higher. +``` +sudo apt update && sudo apt upgrade -y +sudo apt install postgresql-14 +``` + +## Set Username and Password in PostgreSQL + +* Switch to the PostgreSQL user: `sudo su postgres` +* Access the PostgreSQL console: `psql` +* Execute the following SQL commands: +``` +CREATE USER keycloak WITH ENCRYPTED PASSWORD 'mystrongandsecurepassword'; +CREATE DATABASE keycloak; +GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; +``` + +## Install Keycloak + +* Download Keycloak 26.0.6 from the official repository. +* Or download the tar file `wget https://github.com/keycloak/keycloak/releases/download/26.0.6/keycloak-26.0.6.tar.gz` +* Extract the downloaded file to the /opt folder, `sudo tar -xvf myfiles.tar -C /opt` +* Goto `/opt/keycloak-26.x.x/conf` folder and setup the following in `keycloak.conf` file: +``` +# Database + +# The database vendor. +db=postgres + +# The username of the database user. +db-username=keycloak + +# The password of the database user. +db-password=mystrongandsecurepassword + +# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. +db-url=jdbc:postgresql://localhost/keycloak + +# Changes for SW360 +keycloak-admin=admin +keycloak-admin-password=admin + +log=console,file + +# Should be true for productive +hostname-strict-backchannel=false +hostname-strict-https=false + +# Should be false for productive +http-enabled=true +http-port=8083 + +https-port=8533 +``` + +## Start Keycloak + +* Navigate to the Keycloak directory, `cd /opt/keycloak-26.x.x/bin` +* Run the start-dev command for development (with HTTP): +``` +./kc.sh start-dev +``` +* Run the start command for productive (with HTTPS): +``` +./kc.sh start +``` +* Run the start command with the necessary parameters(with debug mode): +``` +sudo ./kc.sh start-dev --log="console,file" --debug --log-level=INFO,org.eclipse.sw360.keycloak.spi:debug,org.eclipse.sw360.keycloak.event.listener:debug +``` + +## Build the Backend + +* Build the SW360 backend code using Maven, + ```shell + mvn clean install -DskipTests -Dbase.deploy.dir=/opt/apache-tomcat-11.x.x/ -Dlistener.deploy.dir=/opt/keycloak-26.x.x/providers -P deploy + ``` +* Start the Apache Tomcat server. + +## Keycloak Providers and Libraries +Providers are used to read users from SW360 DB and register users from keycloak to SW360 DB. + +* After building the backend with deploy profile, following files should be + copied and available at `/opt/keycloak-26.x.x/providers/`: +``` +commonIO-19.0.0.jar +datahandler-19.0.0.jar +httpcore5-5.2.5.jar +libthrift-0.20.0.jar +spring-security-crypto-6.3.3.jar +sw360-keycloak-event-listener.jar +sw360-keycloak-user-storage-provider.jar +``` + +## Keycloak Admin Console + +* Login to Keycloak admin console. + + {{< figure src="/sw360/img/keycloak/keycloak-signin.png" >}} + + ``` + username: admin + password: admin + ``` + +* Create Realm and name it sw360. + + {{< figure src="/sw360/img/keycloak/keycloak-realm.png" >}} + +* Get the JWT issuer and key set for realm and update the backend file at + `rest/resource-server/src/main/resources/application.yml` and reinstall the + backend. Restart the Tomcat server. + * Select "OpenID Endpoint Configuration" from the "Realm Settings" and copy + `jwks_uri`. It will look something like + `http://localhost:8083/realms/sw360/protocol/openid-connect/certs` + {{< figure src="/sw360/img/keycloak/keycloak-jwks.png" >}} + * Update the `issuer-uri` and `jwk-set-uri` in the `application.yml` file + with this copied `jwks_uri`. + * Build and install the backend one more time. + +* Create Client in Keycloak. + + {{< figure src="/sw360/img/keycloak/keycloak-client.png" >}} + + * Follow the below steps for client creation: + * Under *General settings*, enter Client ID which will be used in `.env` + file (SW360 Frontend Repo) as well as in rest. + + {{< figure src="/sw360/img/keycloak/keycloak-create-client.png" >}} + + * In *Capability config* enable Client authentication. + + {{< figure src="/sw360/img/keycloak/keycloak-client-authentication.png" >}} + + * Goto *Login settings* and enter below fields: + + {{< figure src="/sw360/img/keycloak/keycloak-client-settings.png" >}} + + ``` + Home URL: http://localhost:3000 + Valid redirect URIs: http://localhost:3000/api/auth/callback/keycloak, https://oauth.pstmn.io/v1/callback + Valid post logout redirect URIs: + + Web origins: * + ``` + +* Create Client Scopes. + * Create `READ` scope by clicking on *Create client scope* button. + + {{< figure src="/sw360/img/keycloak/keycloak-client-scope.png" >}} + + * Similarly create `WRITE` scope. + +* Add Scopes to our Client. + * Goto Clients, then select your newly created client in *Client lists* + page. + * Goto *Client scopes* page, click on Add client scope and there you will + see your *READ* and *WRITE* scopes that you need to add. + * Select both scopes and then click on Add (default). + + {{< figure src="/sw360/img/keycloak/keycloak-client-scope-add.png" >}} + +* Create Groups. + * Goto *Groups* and create different groups that we are going to use in + sw360. + + {{< figure src="/sw360/img/keycloak/keycloak-groups.png" >}} + + * Create 7 groups: `ADMIN`, `CLEARING_ADMIN`, `CLEARING_EXPERT`, + `ECC_ADMIN`, `SECURITY_ADMIN`, `SW360_ADMIN`, `USER`. + + {{< figure src="/sw360/img/keycloak/keycloak-groups-create.png" >}} + +* Create an Attribute. + * Goto Realm settings then click on *User profile* page where we can create + a new attribute. + + {{< figure src="/sw360/img/keycloak/keycloak-attribute.png" >}} + + * Create a new attribute by the name `Department` and give the required + permissions as shown in screenshot. + + {{< figure src="/sw360/img/keycloak/keycloak-attribute-settings.png" >}} + +* Add Event Listener. + * Goto *Events* page in Realm settings. + * Click on event listeners dropdown and select *sw360-add-user-to-couchdb*. + + {{< figure src="/sw360/img/keycloak/keycloak-event-listener.png" >}} + +* Access to external Databases. + * Goto User federation and select *sw360-user-storage-jpa providers*. + + {{< figure src="/sw360/img/keycloak/keycloak-providers.png" >}} + + * Give proper name and create the custom provider. + + {{< figure src="/sw360/img/keycloak/keycloak-providers-create.png" >}} + +* Check Authentication Settings + * Goto Authentication and apply the permissions in *Required actions* as + shown in screenshot. + + {{< figure src="/sw360/img/keycloak/keycloak-authentication-settings.png" >}} + +* Create Users + * To create a new user one can goto Users section. + + {{< figure src="/sw360/img/keycloak/keycloak-users-create.png" >}} + * Also check whether user is created in CouchDB or not. + * Set password for the newly created user by selecting the user and going to + the *Credentials* page. + + {{< figure src="/sw360/img/keycloak/keycloak-users-password.png" >}} +## Adding Identity Providers in Keycloak for Azure AD Integration + +### Prerequisites +- Keycloak 26.0.5 installed and running +- Azure AD tenant with necessary permissions + +### Step 1: Create an Application in Azure AD +### Step 2: Configure the Application +### Step 3: Configure Keycloak +1. Log in to the Keycloak admin console. +2. Select the realm sw360 to add the identity provider. +3. Go to **Identity Providers** and select **OpenID Connect v1.0** from the dropdown. +4. Fill in the following details: + - **Alias**: `azure-foss360` + - **Display Name**: `Login with AzureAD` + - **Authorization URL**: `https://login.microsoftonline.com//oauth2/v2.0/authorize` + - **Token URL**: `https://login.microsoftonline.com//oauth2/v2.0/token` + - **Logout URL**: `https://login.microsoftonline.com//oauth2/v2.0/logout` + - **User Info URL**: `https://graph.microsoft.com/oidc/userinfo` + - **Issuer**: `https://login.microsoftonline.com//v2.0` + - **JWKS URL**: `https://login.microsoftonline.com//discovery/v2.0/keys` + - **Validate Signatures**: ON + - **Use JWKS URL**: ON + - **Trust Email**: ON + - **Client ID**: The Application (client) ID from Azure AD + - **Client Secret**: The client secret you created in Azure AD + - **Default Scopes**: `openid profile email` +5. Click **Save**. + +### Step 4: Test the Integration +1. Click on Authentication from Left hand Configure Group section +2. Click on Browser Flow +3. Click config of Identity Provider Redirector {{< figure src="/sw360/img/keycloak/keycloak-browser-flow-identity-provider-redirector-config.png" >}} +4. Provide Default Identity Provider as the value which was given in Identity Providers Alias ( e.g. `azure-foss360` in previous section) and click on save. +5. With this configuration update now access http://localhost:8080 and verify the automatic login with Azure ID redirect. + +## Clone SW360 Frontend Repository + +* Run the git clone command, + `git clone git@github.com:eclipse-sw360/sw360-frontend.git` +* Create `.env` file inside the repository and add the following data: +``` +NEXTAUTH_SECRET = 'secret' +NEXT_PUBLIC_SW360_API_URL = 'http://localhost:8080' +NEXTAUTH_URL='http://localhost:3000' +NEXT_PUBLIC_SW360_REST_CLIENT_ID='trusted-sw360-client' +NEXT_PUBLIC_SW360_REST_CLIENT_SECRET='sw360-secret' +NEXT_PUBLIC_ENABLE_SW360_OAUTH_PROVIDER='true' +#possible values are sw360basic, sw360oauth, keycloak +NEXT_PUBLIC_SW360_AUTH_PROVIDER='keycloak' +SW360_KEYCLOAK_CLIENT_ID= +SW360_KEYCLOAK_CLIENT_SECRET= +AUTH_ISSUER=http://localhost:8083/realms/sw360 +``` +* Get `SW360_KEYCLOAK_CLIENT_ID` and `SW360_KEYCLOAK_CLIENT_SECRET` from + Keycloak console + * `SW360_KEYCLOAK_CLIENT_ID` will be present in your client's *Settings* page. + * `SW360_KEYCLOAK_CLIENT_SECRET` will be present in your client's + *Credentials* page + +## Install NVM + +* Installs NVM (Node Version Manager) + `curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.4/install.sh | bash` +* Download and Install Node.js + `nvm install 20.5.1` +* Verifies the right Node.js version is in the environment + `node -v` # should print `v20.5.1` +* Verifies the right NPM version is in the environment + `npm -v` # should print `10.2.4` + +## Build the Frontend +``` +npm install +npm run build +npm run start +/usr/bin/google-chrome-stable --disable-web-security --user-data-dir="/home/${USER}/cors" --allow-file-access-from-files +``` + +## Token Creation for REST + +* Type of authorization will be OAuth 2.0. +* Enter the below details while creating a new Bearer token: + + {{< figure src="/sw360/img/keycloak/keycloak-postman.png" >}} + +``` +Clallback URL: https://oauth.pstmn.io/v1/callback +Auth URL: http://localhost:8083/realms/sw360/protocol/openid-connect/auth +Access Token URL: http://localhost:8083/realms/sw360/protocol/openid-connect/token +Get Client Id and Client Secret from Keycloak client +Scope: openid READ WRITE +``` diff --git a/content/ja/docs/Deployment/Deploy-Requirements.md b/content/ja/docs/Deployment/Deploy-Requirements.md new file mode 100644 index 0000000..17b8a92 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Requirements.md @@ -0,0 +1,89 @@ +--- +linkTitle: "System Requirements" +title: "System Requirements" +weight: 100 +description: + SW360 minimal system requirements based on system class +--- + +For deploying the SW360, there are the following hardware requirements below. Please note that the main memory consumer is the tomcat application container. Accordingly, this requires different settings (see `$TOMCAT_HOME/bin/setenv.sh`). + +Please note that you can review the current memory situation of the application in the liferay administration section as well (see `Configuration`-> `Server Administration`). + +## Hardware and Infrastructure + +### CD-based test instances + +When there is a continuous deployment and continuous delivery directly deployed to machine the following machine is recommended: + +* 1 core +* 4GB RAM +* 40GB normal file system +* 10Mbit Ethernet link + +In this case, the sw360 solution runs fairly well for clicking around and creation of a few data sets. Note that Tomcat should have 2GB. + +### Staging instances + +Testing and working with normal data sets for staging and pre-productive testing. Pre productive does not need to have the same execution speed of the machine, however, requires enough RAM and file system to run a clone on the data set. + +* 2 cores +* 8GB RAM +* 500GB normal file system +* 100Mbit Ethernet link + +The tomcat should be adjusted to 4GB RAM + +### Productive instances + +Productive with for example: 10K releases, 2k users which deploys the entire solution onto a single larger machine. It does not apply to a docker based setup. + +* 4 cores +* 16GB RAM +* 500GB SSD based file system +* 1GBit link Ethernet link + +Tomcat should be adjusted to 10-12GB RAM. Note: normally, you could also run Tomcat with significantly lees RAM, if you put common dependencies in a shared lib folder. + +### Network + +The following table shall give an overview about the inbound ports + +| Port | Service | Remarks| +|:-----------|:------------|:------------| +| 443 | https | Accessing the application | +| 22 | ssh | Administering the application | +| 80 | http | if you would like to access the solution over http | +| 5984/5985 | http/https | if access to the couchdb (admin) interface is required | + +Overview about the *additional* outbound ports: + +| Port | Service | Remarks| +|:-----------|:------------|:------------| +| 3269 | sldap | If you do authentication using secure LDAP | +| 443 | sldap | If you do consume services over https (e.g. vulnerabilty pulling) | +| 53 | dns | ... | +| 22 | ssh | the old way of calling a fossology server | + +Outbound ports for http / https may be required for downloading system updates. Ports for ssh may not be required outbound. + +## Software: + +As for the software, the sw360 can be run on many platforms, even on Windows seven. We have the following reference platform for development: + +until 5: + +* OpenJDK 8 +* Unbunu 16.04 LTS + +after 5: + +* openjdk 8 +* ubuntu 18.04 LTS + +after 11: + +* openjdk 11 +* ubuntu 18.04 LTS + +More information about requirements can be found here: https://github.com/sw360/sw360vagrant/wiki diff --git a/content/ja/docs/Deployment/Deploy-Secure-Deployment.md b/content/ja/docs/Deployment/Deploy-Secure-Deployment.md new file mode 100644 index 0000000..204d147 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-Secure-Deployment.md @@ -0,0 +1,34 @@ +--- +linkTitle: "Security" +title: "Security" +weight: 100 +description: + SW360 security checklist pre and post deployment +--- + +After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components: + +* Lifearay +* Tomcat +* Couchdb + +For the applications, the following very first line measure should be considered: + +* Change password of Liferay administrator user or check if that is appropriately secure. + +* You should check the permissions of the involved users in the user management in Liferay. + +* Assign individual passwords for users, also you could force the users to change their passwords at login if you like. + +* Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only. + +* Also for Tomcat you limit port access from localhost only. + +* Do you need the ssh ports open or can you just go to the machine (physically). + +* Fix the admin party on couchdb + +* Add https access to couchdb + +* check that sw360 runtime user does not have sudo rights and config files for sw360 are `600` only. + diff --git a/content/ja/docs/Deployment/Deploy-SpecialDeployment.md b/content/ja/docs/Deployment/Deploy-SpecialDeployment.md new file mode 100644 index 0000000..0d35567 --- /dev/null +++ b/content/ja/docs/Deployment/Deploy-SpecialDeployment.md @@ -0,0 +1,9 @@ +--- +linkTitle: "Special Deployment Guides" +title: "Special Deployment Guides" +weight: 100 +--- + +### General Deployment Guides + +* [Comprehensive blog post on SW360 Installation in Japanese](https://qiita.com/K-Hama/items/1582b4e1bf248025eabb) diff --git a/content/ja/docs/Deployment/Legacy/Deploy-Liferay.md b/content/ja/docs/Deployment/Legacy/Deploy-Liferay.md new file mode 100644 index 0000000..516cfaa --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/Deploy-Liferay.md @@ -0,0 +1,123 @@ +--- +linkTitle: "Initial Setup of Liferay 6.2 and sw360" +title: "Initial Setup of Liferay 6.2 and sw360" +weight: 100 +--- + +### Liferay administrator steps + +This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the [sw360vagrant](https://github.com/sw360/sw360vagrant) or the [sw360chores](https://github.com/sw360/sw360chores) deployment, the default setup user credentials are `setup@sw360.org` with the unsafe password `sw360fossy`. + +1. Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances) + +2. Go to + + Menu Admin -> Item Control Panel -> Section Users, Password Policies -> Default Password Policy -> Actions -> Edit + +3. Then + + uncheck ```Change Required``` and then + save + +4. Then we need to grant new users the right to see SW360 + + Control Panel -> Configuration -> Users(on the right) -> Default User Associations + + check ```Apply to Existing Users``` + write in Sites: ```SW360 ``` + save (on the right) + +4. Do not allow stranger to create accounts ... + + Control Panel -> Configuration -> Users(on the right) -> Authentication + + uncheck ```Allow strangers to create ...``` + uncheck ```Allow strangers to verify ...``` + save (on the right) + + +5. Then, to deactivate self registration + + Control Panel -> Authentication -> remove checkmarks for creating accounts by strangers + save (on the right) + + Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required) + +6. Then we go to + + Admin -> Pages + +7. and import the lar files from + + ``` + frontend/configuration/public_pages.lar + frontend/configuration/private_pages.lar + ``` + for the respective pages, using the tabs ```Public Pages``` and ```Private Pages```. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually. + +8. ( DO NOT CHECK Pages -> Change -> Delete Missing Pages) + + We check on first page + + Application Configuration -> Choose Applications (leave all checked) + + Permissions -> Permissions + + Permissions -> Permissions Assigned to Roles + + => Click Continue + +9. We check on second page of the import agent: + + Update Data -> Mirror with overwriting + + Authorship of the Content -> Use the Current User as Author + +10. If this was successful we can go to + + Private Pages -> users + +11. We can then import a csv file that looks like that + + ``` + GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash + user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK + ``` + + Note that + + 1. The GID must be unique + 1. The hash here means "t" + 1. The GID is called external Id in the thrift-based datamodel + +### Some notes and troubleshooting + +#### Check Liferay Configuration Options + +There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable: + +* Auto login or self registration functionality +* Site statistics +* Password policies +* Configurability options +* many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options. + +#### Liferay crashes at startup with exception: Dockbar + +If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem ...). + +#### Strange behavior + +If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider: + +``` +CATALINA_OPTS="$CATALINA_OPTS -Xms2048m -Xmx2048m +- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m +- -XX:MaxPermSize=512m" +``` + +if you run Java prior to 8. + +#### Surfing to the main page shows blank page with exception message + +If the "null pointer page" shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after). diff --git a/content/ja/docs/Deployment/Legacy/Deploy-Liferay7.3.md b/content/ja/docs/Deployment/Legacy/Deploy-Liferay7.3.md new file mode 100644 index 0000000..60f5974 --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/Deploy-Liferay7.3.md @@ -0,0 +1,133 @@ +--- +linkTitle: "Initial Setup of Liferay 7.3 and sw360" +title: "Initial Setup of Liferay 7.3 and sw360" +weight: 100 +--- + +After successful installation, the vagrant ends like the following terminal output: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png" >}} + +Then if you open the server with the URL `https://localhost:8443/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +Sign in_the icon_the upper left corner. If you did not change the values in `configuration.rb`the default login is `setup@sw360.org` and `sw360fossy`. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png" >}} + +# User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png" >}} + +In this area, go for Security > Password Policies: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png" >}} + +Finally, sice Liferay 7.3 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +# Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `PublicPages.lar` file the selection `Public Pages` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `PrivatePages.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png" >}} + +Make sure that `Private Pages` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png" >}} + +# Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png" >}} + +# Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png" >}} diff --git a/content/ja/docs/Deployment/Legacy/Deploy-Liferay7.md b/content/ja/docs/Deployment/Legacy/Deploy-Liferay7.md new file mode 100644 index 0000000..ae44e8a --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/Deploy-Liferay7.md @@ -0,0 +1,134 @@ +--- +linkTitle: "Initial Setup of Liferay 7.2 and sw360" +title: "Initial Setup of Liferay 7.2 and sw360" +weight: 100 +--- + +# Starting SW360 for the First Time + +So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know. + +Until then, some tasks need to be done manually, after everything has been built up: + +* import *.lar files +* set password policies not to change after first login (it is annoying when developing) +* set the default area to be SW360 when users login to liferay +* apply some more settings, like users cannot create accounts on their own + +# Setup Login + +After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png" >}} + +Sign in_the icon_the upper left corner. If you did not change the values in `configuration.rb`the default login is `setup@sw360.org` and `sw360fossy`. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png" >}} + +# User Settings in SW360 + +Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users > Password Policies and disable `change Required` if you wish to do so. Click on Save to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png" >}} + +Then, in `Configuration` > `Instance Settings` > `Users` > `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png" >}} + +Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png" >}} + +# Import *.lar Files + +Then, in the `SW360` area > `Publishing` > `Import` klick on the plus sign in order to import the *.lar file for public pages. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `PublicPages.lar` file the selection `Public Pages` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png" >}} + +Overwriting and the write as current user needs to be selected. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png" >}} + +After successful importing the following view should appear. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png" >}} + +The same steps shall be repeated for the `PrivatePages.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png" >}} + +Make sure that `Private Pages` is selected. Follow the other selections made as shown on the screenshots. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png" >}} + +Importing permissions ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png" >}} + +Mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png" >}} + +Then the successful result should be shown like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png" >}} + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png" >}} + +# Import User Accounts for Testing + +Assuming you are still logged in, the main view of SW360 looks as follows: + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png" >}} + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png" >}} + +You can find a user file to import in the `sw360vagrant` project in the folder `shared`. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png" >}} + +After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png" >}} + +After the user have been imported successfully, they should appear in the table view. + +# Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png" >}} + +After the successful login, SW360 will look as in the following screenshot. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png" >}} + +For example, click on `Projects` to see that no projects have been created so far ... + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png" >}} diff --git a/content/ja/docs/Deployment/Legacy/Deploy-Natively-11.md b/content/ja/docs/Deployment/Legacy/Deploy-Natively-11.md new file mode 100644 index 0000000..b7088a0 --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/Deploy-Natively-11.md @@ -0,0 +1,237 @@ +--- +linkTitle: "Ubuntu 18.04 and Java 11" +title: "Ubuntu 18.04 LTS, Java 11" +weight: 100 +description: + Bare metal deployment with Ubuntu 18.04 LTS and Java 11 +--- + +## Introduction + +We are covering the update for Ubuntu 18.04 LTS here because it is our main and agreed-upon base system for running SW360. While SW360 may run on a variety of other Linux distributions or operating systems such as macOS, we have agreed to use Ubuntu Long-Term Releases as a reference OS to avoid compatibility issues. The author of this guide also uses macOS with Homebrew, which works fairly well. + + + +Please note that during the time, the dependencies are updated and the version info might change. + +## Overview + +The installation consists of quite some tasks, as an overview: + +5. Java 11 +6. Postgresql, if we want to use it instead of hypersonic db +7. CouchDB 2.X at the time of starting this guide, but 3.1.X seems to work well +8. Thrift to 0.13, later updated to 0.14 +9. Liferay CE 7.3.3 and 7.3.4 has been also tested +10. Adjust `/etc/ini.d/tomcat` with path of new liferay +13. Adjust `$liferay_install` variable +14. add Java prerequisites to OSGi container +15. Install couchdb-lucene (2.1) +16. Deploy new version of sw360 +17. Go ahead with Liferay steps + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +`# sudo apt update` + +`# sudo apt upgrade` + +## PostgreSQL + +You can go ahead install postgresql 10: + +`sudo apt install postgresql-10` + +or whatever package version is suitable here, for example version 12 for ubuntu 20.04. + +The configuration for Liferay will come later. + +## CouchDB + +CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing: + +`curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -` + +The add the repo to the sources: + +`echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list` + +Then, add its contents to the package database by updating apt: + +`sudo apt-get update -y` + +Ultimately install CouchDB, we tried with 2.1.2 install: + +`sudo apt-get install -y couchdb=2.1.2~bionic` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly. +2. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in `couchdb.properties` and place it centrally in `/etc/sw360` + +In case you added an admin accidentally and would like to remove it, + +## Thrift + +For thrift, we need version 0.13. The installation script in `scripts/install-thrift.sh` will help you: + +`sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.13 + +## OpenJDK 11 + +First check, what is installed. + +`# sudo apt list openjdk* --installed` + +Then you could check what is available: + +`# sudo apt list openjdk*` + +And install OpenJDK 11 + +`# sudo apt install openjdk-11-jdk` + +Then the `$JAVA_HOME` needs to be updated, most likely in `/etc/environment`. Please check for your installation how to set the `$JAVA_HOME` correctly (most likely: `JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64`). + +## Liferay CE 7.3.3 + +Download Liferay from this link + +https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz + +and unpack it, ideally in the `/opt` directory, so resulting path would look like `/opt/liferay-ce-portal-7.3.3-ga4`. + +Then, you need to update the `$LIFERAY_INSTALL` in `/etc/environment` from `LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ +` to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4. + +### Auto Start + +For auto start, you need an according init.d entry. It could be a file like `/etc/init.d/tomcat`. The file could be created if not there already, with the following contents: + +``` +#!/bin/bash + +### BEGIN INIT INFO +# Provides: tomcat7 +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop Tomcat server +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +start() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh +} + +stop() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh +} + +case $1 in + start|stop) $1;; + restart) stop; start;; + *) echo "Run as $0 "; exit 1;; +esac +``` + +Te user `siemagrant` is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server should run under. In the ideal case, it is unprivileged user. + +### Adjust Memory + +When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in `$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh` should be adapted again. + +### PostgreSQL instead of Hypersonic + +Liferay CE comes with the hypersonic database. Just for making a long-term setup in the berginning, we are advising to use postgresql from the start. The settings for postgrsql can be found in `portal-ext.properties`. Please do not forget to create the user and the database in the database server first. + +## Install Prerequisites + +There are some install libraries to be downloaded and installed as OSGi modules. You can check the download script from the sw360vaghrant project for list of URLs that help you. + +https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh + +An URL for libtrift is: + +https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar + +An URL for commons-compress is: + +https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar + +If you have downloaded every thing, copy them to the `deploy` folder of your liferay installation: + +``` +# cp libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ +# cp commons-lang-2.4.jar $LIFERAY_HOME/deploy +# cp commons-io-2.6.jar $LIFERAY_HOME/deploy +# cp commons-csv-1.4.jar $LIFERAY_HOME/deploy +# cp commons-collections4-4.4.jar $LIFERAY_HOME/deploy +# cp commons-codec-1.12.jar $LIFERAY_HOME/deploy +# cp commons-compress-1.20.jar $LIFERAY_HOME/deploy +# cp commons-logging-1.2.jar $LIFERAY_HOME/deploy +# cp gson-2.8.5.jar $LIFERAY_HOME/deploy +# cp guava-21.0.jar $LIFERAY_HOME/deploy +# cp jackson-annotations-2.11.3.jar $LIFERAY_HOME/deploy +# cp jackson-core-2.11.3.jar $LIFERAY_HOME/deploy +# cp jackson-databind-2.11.3.jar $LIFERAY_HOME/deploy +``` + +if you use PostgreSQL as your database, you need to install postgres.jar in Liferay. + +``` +# wget https://jdbc.postgresql.org/download/postgresql-42.2.9.jar postgresql-42.2.9.jar +# cp postgresql-42.2.9.jar $LIFERAY_HOME/tomcat-9.0.33/lib/ext +``` + +[Note] In case you use other database with Liferay, you need to set other jar file of corresponding database. + +## Install Couchdb Lucene + +SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container. + +Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be `couchdb-lucene`: + +`# wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz` + +Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene: + +https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh + +Please note that the patching issue is well known in the project and it is unclear why it is not merged: + +* https://github.com/rnewson/couchdb-lucene/issues/161 "allow context-root other than "/" when running in servlet container" +* https://github.com/rnewson/couchdb-lucene/pull/162 +* https://github.com/rnewson/couchdb-lucene/pull/152 + +## Deploy New SW360 + +You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 (or later) or some few commits before that. Then build in the sw360 project root using: + +`mvn clean install -DskipTests` + +This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same directory: + +``` +# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests +``` + +Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed: + +``` +# cd rest +# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +``` + +## Final Steps in Liferay + +Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. For Liferay CE 7.3.3 please continue here: + +https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3 + diff --git a/content/ja/docs/Deployment/Legacy/NativeInstall/Native-Install-SW360-Version-14.0.0-and-16.0.0.md b/content/ja/docs/Deployment/Legacy/NativeInstall/Native-Install-SW360-Version-14.0.0-and-16.0.0.md new file mode 100644 index 0000000..1168aaf --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/NativeInstall/Native-Install-SW360-Version-14.0.0-and-16.0.0.md @@ -0,0 +1,1060 @@ +--- +linkTitle: "Native-Install v14 and v16" +title: "Native Install v14 and v16" +weight: 100 +description: + Native-Install-Version-14-and-Version-16 +--- + +# How to install and run SW360 v16.0.0 +# These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers. + +### This is a guide with detailed explanation of how to install and run SW360 natively on you local machine. +### It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run. + +SW360 is an Open Source project. The [SW360] repository and [SW360 website] repositories are published on GitHub. + +## In this file you will find how to: +- Install SW360 and its dependencies +- Run SW360 and its dependencies +- Check all services are working +- Be aware of cautions and notes + +## What does SW360 use to construct the UI. +- [Java] - Java is a class-based, object-oriented programming language. +- [Maven] - Maven is a build automation tool for Java projects. +- [Liferay bundled with Tomcat] - Liferay is a Java-based web application platform for the development of customizable portals and websites. + And Apache Tomcat provides a "pure Java" HTTP web server environment in which Java code can run. +- [PostgreSQL] - PostgreSQL or Postgres, is a relational database management system. +- [Couchdb] - Apache CouchDB is a document-oriented NoSQL database, it uses JSON to store data, and provides HTTP for an API. +- [CVE-Search] - CVE-Search is a tool to perform local searches for known vulnerabilities (CVE - Common Vulnerabilities and Exposures). + + +## 1. Install SW360 and its dependencies + +### 1.1 Clone the SW360 Github repository and checkout to stable version. + +```sh +$ git clone https://github.com/eclipse/sw360.git +$ cd sw360/ +$ git checkout sw360-16.0.0-M1 +``` +> Check if you have correct repository version +```sh +$ git branch +``` + +### 1.2. Install Java, Maven + +> Install java and maven: +```sh +$ sudo apt install openjdk-11-jre-headless +``` +> You may use this "$ sudo apt install default-jdk" command instead. +> Check if java is installed: +```sh +$ java --version [check] +``` +> Install maven: +```sh +$ sudo apt update +$ sudo apt install maven +``` +> Check if Maven is installed: +```sh +$ mvn --version +``` + +### 1.3. Install Liferay portal and its dependencies + +```sh +$ ./scripts/docker-config/download_dependencies.sh +$ ls -la ./deps [check if all dependencies have proper sizes] +$ ./scripts/install-thrift.sh +$ thrift --version [check] +``` +> After this step, check whether the "./deps/jars/libthriftxxx.jar" has version at the end of its name instead of xxx, and has size of 345Kb. If no, download the correct jar from this link: +```sh +$ wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar +$ mv libthrift-0.16.0.jar ./deps/jars +``` +> Once the correct Thrift library is found, install Liferay and copy dependency ".jar" files under "liferay_xxx/osgi/modules" folder: +```sh +$ tar -xzvf liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz +$ cp ./deps/jars/* deps/liferay-ce-portal-7.3.4-ga5/osgi/modules/ +``` +> Now set all environment variables of SW360 path to your local ".bashrc": +> You may use other text editor instead of vim. +```sh +$ vim ~/.bashrc +``` +> Scroll till the end of the .bashrc file and add following lines, make sure to put correct absolute paths of your local machine in the place of {absolute path to sw360 repository folder}. +```sh +export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java)))) +export PATH=$PATH:$JAVA_HOME/bin +export LIFERAY_INSTALL="/{absolute path to sw360 repository folder}/sw360/deps/liferay-ce-portal-7.3.4-ga5" +export SW360_DIR_INSTALL="{absolute path to sw360 repository folder}/sw360" +``` +> Save the .bashrc file and run it: +```sh +$ source ~/.bashrc +``` +### 1.4. Make and build SW360 +> Go to sw360 repository folder firstly. + +> We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360. +```sh +$ vim frontend/configuration/setenv.sh +``` +```sh +# The following settings should be adapted to your needs +JAVA_MEMORY_MIN="3g" +JAVA_MEMORY_MAX="6g" + +# The following settings should not be touched unless you know what you are doing +# Misconfiguration may be lead to an unusable instance. +JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF8" +JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false" +JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT" +JAVA_OPTS="$JAVA_OPTS -Xms${JAVA_MEMORY_MIN} -Xmx${JAVA_MEMORY_MAX}" +JAVA_OPTS="$JAVA_OPTS -XX:+UseG1GC" +JAVA_OPTS="$JAVA_OPTS -XX:+CMSParallelRemarkEnabled" +JAVA_OPTS="$JAVA_OPTS -XX:SurvivorRatio=20" + +JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true" +``` + +> Then we can type the following command to install: +> "sudo" might not be necessary, and this will take time, around 5 min] +```sh +$ mvn clean +$ sudo mvn install -DskipTests +``` +> If the installation was successful, then need to deploy the project to be able to run. +> Check which tomcat version do you have and put that in the place of {existing version 9.0.33}, normally it should be just "tomcat-9.0.33". +```sh +sudo mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -DskipTests +``` +> This will create /deploy under root, so sudo is necessary, however you can chmod /deploy. +> This will take time, around 5 - 10 min. +> After deploying the project, you should copy the portal-ext.properties to the place of the Liferay. +```sh +cp frontend/configuration/portal-ext.properties ${LIFERAY_INSTALL}/ +``` +> Then modify the file: setup.wizard.enabled=false -> setup.wizard.enabled=true +> Then copy the files in the directory scripts/docker-config/etc_sw360/ to the directory /etc/sw360/. If the directory /etc/sw360/ does not exist, create it and chmod it. +```sh +cp -r scripts/docker-config/etc_sw360/* /etc/sw360/ +``` +> After this step, you should be able to run Tomcat server and see the index page of SW360 portal. [Check SW360] +### 1.5. Install PostgreSQL +> Install PostgerSQL manually, you can install through "apt install" too: +```sh +$ sudo apt install zlib1g-dev -y +$ sudo apt install libreadline-dev -y +$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +$ tar -xvf postgresql-10.14.tar.gz +$ cd postgresql-10.14/ +$ mkdir -p /PATH_TO/sw360postgres +$ ./configure -prefix=/PATH_TO/sw360postgres +$ make +$ sudo make install +``` +> Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step. +```sh +$ vim ~/.bashrc +``` +> Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as "/home/username": +```sh +$ export PATH=$HOME/sw360postgres/bin:$PATH +$ export PGDATA=$HOME/sw360postgres/data +$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib +$ export PGPORT=5432 +``` +> Check if paths have been set, result must be the absolute paths: +```sh +$ echo $PATH +$ echo $PGDATA +$ echo $LD_LIBRARY_PATH +$ echo $PGPORT +``` +> After paths are set, postgres service can be run: +```sh +$ cd /PATH_TO/sw360postgres/bin +$ ./initdb --encoding=UTF8 --no-locale +$ ./pg_ctl start +``` +> You will see that the server has started. +> Note: If you installed through "apt install" then start the postgres service by following command, where after @ comes the installed version, if postgres isn't running you won't be able to connect to the server, and the error message is not explaining well that server isn't actually running at the moment: +```sh +sudo systemctl status postgresql@12-main.service +sudo systemctl start postgresql@12-main.service +``` +Normally, Default postgres creates user "postgres" with "postgres" password, use that to enter PostgreSQL terminal: +```sh +$ sudo -i -u postgres +$ psql + ``` +> You will be logged in as user named "postgres". +```sh +$ psql postgres +postgres=# \du +postgres=# create database lportal; +postgres=# ALTER USER postgres WITH PASSWORD 'sw360fossy'; +postgres=# ALTER ROLE postgres with superuser; +postgres=# \q +``` +> Connect to postgres shell, and check users information +```sh +$ psql -d lportal +# \du +# \dt +# \l +``` +### 1.6. Install Couch DB + +> To install from aptitute type: + +```sh +$ sudo apt update +$ sudo apt install -y couchdb +``` + +> You may refer to the bottom Native Installation 14 version CouchDB manual configuration for seting credentials. + +> After, run CouchDb service, check if it's working: + +```sh +$ sudo systemctl start couchdb.service +``` +> Check if CouchDB is responding: +```sh +$ curl localhost:5984 +``` +> This should return json containing version information +> You can use "start/stop/status/restart" command with systemctl for controlling CouchDB service. + +### 1.7. Install CVE-Search + +> Follow these detailed instructions: + +```sh +[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst] +``` + +> To connect it to SW360, see following instructions: + +```sh +https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +``` +##### Notes: +- In the instruction be careful with setting apt link for mongodb, if somehow it destroys your "sudo apt update" command, go to "/etc/apt/sources.list" file and comment out the broken line, that's probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions. + +### 1.8. Configure SW360 + +> Before going to configuration page, need to start the Liferay Tomcat server: + +```sh +$ {path to sw360 installation}/./deps_backup/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh +``` +> You can use ...bin/shutdown.sh script to stop the server. +> If startup.sh script responded "Tomcat started. Then you are close to see SW360 portal page: +> To do so, open this url from your browser: + +```sh +http://127.0.0.1:8080 +``` + +> This will take time, around 5 min. +> If you can see liferay page, then go to the following links to configure SW360 portal. + +- https://qiita.com/K-Hama/items/1582b4e1bf248025eabb#liferaygui%E8%A8%AD%E5%AE%9A - instructions in Japanese. +- https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 - instrutions in English + +##### Notes: + +- Probably your postgres user and password are different, then replace the configurations "deps/liferay-ce-portal-7.3.4-ga5/portal-setup-wizard.properties" file or add the new user into postgres with required credentials. + +- After creating user, if you can't sign in to SW360 portal https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png try to login with "test" password and the same email "setup@sw360.org" as you set in during configuration. + +## 2. Run SW360 and its dependencies + +### 2.1. Run dependencies + +> Turn on the CouchDB and Postgres services + +```sh +$ sudo systemctl start couchdb.service +$ sudo systemctl start postgres@@12-main.service +``` + +> Check if both are running: + +```sh +$ sudo systemctl status couchdb.service +$ sudo systemctl status postgres@@12-main.service +``` + +> You should be able to see something like this: + +```sh +... systemd[1]: Started PostgreSQL Cluster 12-main. +... +... halt systemd[1]: Started Apache CouchDB. +``` + +> Run Liferay portal + +```sh +$ ./deps/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh +``` + +> Make sure to type correct path to the startup.sh file. + +### 2.3. Run SW360 + +> Open the localhost:8080 page from the browser +If all the previous steps were successfuly done you will be able to see this page: +https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png +Now enjoy SW360 portal! + +## Check all services are working + +To fully use SW360 you need to have following services running, please check one by one by opening your browser and typing url, or using curl from command line: +| Service | URL/Port | Notes +| ------ | ------ | ------ +| Tomcat | http://127.0.0.1:8080 | When Tomcat is installed without liferay it uses same 8080 port | +| Liferay | http://127.0.0.1:8080 | If Liferay version is correct you will see Liferay white-blue index page not Tomcat yellow-green page. +| PostgreSQL | http://127.0.0.1:5432 | +| CouchDB | http://127.0.0.1:5984/_utils | +| CVE-Search | http://127.0.0.1:5000/admin | + +## Be aware of cautions and notes + +> There are various versions of Tomcat with or without Liferay, however here we use Liferay which has already bundled Tomcat inside it's installation archive, that means you don't have to install Tomcat separately. In this case, when script liferay- xxx / tomcat- yyy/start.sh is run, the 8080 page will be visible, and will be overwritten by Liferay. + +> If the service has problem with Liferay then you will not see Liferay blue-white page. If you see other than that then you need to go through 3rd step of Liferay installation, check it's version and reinstall it. + +> If you still face the problem with Thrift or Liferay page isn't responding properly, type this command in the shell, to set the missing Thrift version environment variable, and run the ./scripts/install-thrift.sh again, then start from 3rd step of installation again: + +```sh +THRIFT_VERSION=${THRIFT_VERSION:-0.16.0} +``` +--- + +# Native Install SW360 Version-14.0.0 + +# SW360 Version up test + +## 1. Overview +### 1.1 SW360 Portal + +A software component catalogue application - designed to work with FOSSology. + +SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information. + +This material helps user to install SW360 14.0 + +### 1.2 Environment + +| Package Name | Version | +|:--------------|:--------:| +| Ubuntu | 20.04 | +| Apt | 2.0.2 | +| Wget | 1.20.3 | +| Curl | 7.68.0 | +| Git | 2.25.1 | +| Maven | 3.6.0 | +| OpenJDK | 11.0.5 | + +## 2.Install & Config proxy for Environment +``` +2.1 Apt +2.2 Wget +2.3 Curl +2.4 Git +2.5 Maven +2.6 OpenJDK +``` +### 2.1 Apt +#### Create file with name proxy.conf in folder `/etc/apt/apt.conf.d` + + - `$ sudo gedit /etc/apt/apt.conf.d/proxy.conf` + +#### Add the following line few files `proxy.conf` +``` + Acquire { + HTTP::proxy "http://username:password@server:port"; + HTTPS::proxy "http://username:password@server:port"; + } +``` +### 2.2 Wget +#### Create file `~/.wgetrc` + + - `$ sudo gedit ~/.wgetrc` + +#### Add the following line few files `~/.wgetrc` +``` + use_proxy=yes + http_proxy=http://username:password@server:port + https_proxy=http://username:password@server:port +``` +### 2.3 Curl +#### 2.3.1 Install Curl + - `$ sudo apt update` + - `$ sudo apt install curl` + +#### 2.3.2 Config proxy +* Create file `~/.curlrc` + + - `$ sudo gedit ~/.curlrc` + +* Add the following line few files `~/.curlrc` +``` + proxy=http://username:password@server:port/ +``` + +### 2.4 Git + +#### 2.4.1 Install Git +- `$ sudo apt update` +- `$ sudo apt install git` +#### 2.4.2 Config proxy +* Create file `~/.gitconfig` + + - `$ sudo gedit ~/.gitconfig` + +* Add the following line few files `~/.gitconfig` + ``` + [http] + proxy = http://username:password@server:port + sslverify = false + [https] + proxy = http://username:password@server:port + + ``` +### 2.5 Maven +#### 2.5.1 Install Maven +*Go to back Home in Terminal + +- `$ sudo apt update` +- `$ sudo apt install maven` + +#### 2.5.2 Config proxy for Maven + +* Create Folder with path `/home/user/.m2` +- `$ mkdir /home/user/.m2` + +* Create File in Folder `.m2` +- `$ touch /home/user/.m2/settings.xml` + +* Copy the following lines into tag + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + +### 2.6 OpenJDK 11 + +* And install OpenJDK 11 + - `$ sudo apt install openjdk-11-jdk` +* Check version: + - `$ java --version` + - Output: + ``` + openjdk version "11.0.15" 2022-04-19 + OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) + OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) + ``` + - Install JDK successfully +## 3. Native install 14.0 (without docker-compose) + +### The installation consists of some tasks:: +``` +3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules +3.2 Install Couchdb version 3.2.2 +3.3 Install Couchdb Lucene +3.4 Clone Project sw360 with version 14 +3.5 Install Thrift version 14.0 +3.6 Compiling and deploying +3.7 Version Management Table +``` +### 3.1 Install A Liferay Community Edition bundled with Tomcat + +* Make folder `work` in path of work: `/home/user` + + - `$ mkdir work` + +* Download Liferay Portal CE 7.3.4 GA5 + - `$ cd work` + - `$ wget --no-check-certificate https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz/download -O liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz` + +* Extract downloaded file + - `$ tar -xzf liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Move to `${LIFERAY_INSTALL}/deploy` and Run command: + + * `$ cd ${LIFERAY_INSTALL}/deploy` + + * ` wget https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar -O commons-codec-1.12.jar ` + * ` wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar -O commons-collections4-4.4.jar ` + * ` wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-csv/1.4/commons-csv-1.4.jar -O commons-csv-1.4.jar ` + * ` wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.6/commons-io-2.6.jar -O commons-io-2.6.jar` + * ` wget https://search.maven.org/remotecontent?filepath=commons-lang/commons-lang/2.4/commons-lang-2.4.jar -O commons-lang-2.4.jar` + * ` wget https://search.maven.org/remotecontent?filepath=commons-logging/commons-logging/1.2/commons-logging-1.2.jar -O commons-logging-1.2.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.5/gson-2.8.5.jar -O gson-2.8.5.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/21.0/guava-21.0.jar -O guava-21.0.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.11.3/jackson-annotations-2.11.3.jar -O jackson-annotations-2.11.3.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar -O jackson-core-2.11.3.jar` + * ` wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar -O jackson-databind-2.11.3.jar` + * ` wget https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar -O commons-compress-1.20.jar` + * ` wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -O libthrift-0.13.0.jar` + + +* Create `portal-ext.properties` file in `liferay-ce-portal-7.3.4-ga5` folder + +* Copy content from https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties + +- Edit `portal-ext.properties`: uncomment below lines + + # default.admin.password=sw360fossy + + # default.admin.screen.name=setup + + # default.admin.email.address.prefix=setup + + # default.admin.first.name=Setup + + # default.admin.last.name=Administrator + +* Remove files in folder `hypersonic` with path: `/home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic` + - `$ rm -rf /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic/*` + + +* Move folder `liferay-ce-portal-7.3.4-ga5` to `/opt` + + - `$ sudo mv liferay-ce-portal-7.3.4-ga5 /opt` + +### 3.2 Install Couchdb version 3.2.2 + +* Run the following commands: + - `$ sudo apt update && sudo apt install -y curl apt-transport-https gnupg` + - `$ curl https://couchdb.apache.org/repo/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1 ` + - `$ source /etc/os-release ` + - `$ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" \ ` + ` | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null ` + - `$ sudo apt update ` + - `$ sudo apt install -y couchdb ` + + +* Config and Setup Couchdb follow images: + * Config Couchdb Type +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/ConfigTypeCouchdb.jpg" title="Type Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + +   + * Config node name +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/ConfigDomainCouchdb.jpg" title="Domain Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Set up magic cookie +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/SetupMagicCookie.jpg" title="Setup Magic Cookie" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Config bind address +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/ConfigIPCouchdb.jpg" title="IP Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Set up Couchdb Password +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/SetupPassword.jpg" title="Setup Password" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Repeat Password +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/RepeatPassword.jpg" title="Repeat Password" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Start and status of Couchdb +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/StatusStartCouchdb.jpg" title="Status Start Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + * Stop and status of Couchdb +   + {{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/couchdb/StatusStopCouchdb.jpg" title="Status Stop Couchdb" >}} + + {{< /gallery/card >}} + + {{< /gallery/gallery >}} + + +* Url and account when config couchdb + - Username: `admin` + - Password: `password` + - Url: `http://localhost:5984/_utils` + +* Command Line When Start, Stop, check status Couchdb + - Start Couchdb: `$ sudo service couchdb start` + - Stop Couchdb: `$ sudo service couchdb stop` + - Check status: `$ sudo service couchdb status` +### 3.3 Install Couchdb Lucene + +* SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene + +* Run command download Couchdb Lucene + - `wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz` + +* Note Extract liferay To folder `work` with path of work: `/home/user/work` + - `tar -xzf couchdb-lucene.tar.gz` + +* Run command: + - `cd couchdb-lucene-2.1.0` + - `sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini ` + - `sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini ` + - `wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch ` + - `patch -p1 < couchdb-lucene.patch ` + - `mvn clean install war:war` + - `cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/webapps/couchdb-lucene.war` + + +### 3.4 Clone sw360 with version 14.0.0 + +* Clone sw360 source code to folder `work` with path: `/home/user/work` + + - `$ git clone https://github.com/eclipse/sw360` + +* Checkout to tag 14.0.0 version + - `$ cd sw360` + - `$ git checkout sw360-14.0.0-M1` + +### 3.5 Install Thrift version 0.14 + +* For thrift, we need version 0.14. The installation script in Path: `SW360_REPOSITORY/scripts/install-thrift.sh` + +* Run command: + - `$ chmod +x install-thrift.sh` + - `$ sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.14 +* Check version thrift + + - `$ thrift --version` + + - Output: + ``` + Thrift version 0.14.0 + + ``` + - Install Thrift successfully +### 3.6 Compile and deploy + +* Start couchdb + - `$ sudo service couchdb start` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +1. To clean everything and install without running the tests + - `$ mvn clean install -DskipTests ` + +2. For deployment run the command + - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` + +#### 3.6.1 Start and Configure Liferay +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*` + +* Url SW360 : `https://localhost:8080` +#### 3.6.2 Configure Liferay Portal + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` + + +### 3.7 Version Management Table (sw360 14.0) + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.3.4 | +| Tomcat | 9.0.33 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.14.0 | +| SW360 | 14.0.0 | + + + +### 3.8 Config couchdb with Sw360 (sw360 14.0) + +* Create folder `sw360` in path `/etc/` + + - `sudo mkdir sw360` + +* Create 2 folder `authorization` and `rest` in path `/etc/sw360` + + - `sudo mkdir authorization` + - `sudo mkdir rest` + +* Create file `application.yml` in path `/etc/sw360/authorizaton` with content: +``` + # + # Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + # Port to open in standalone mode + server: + port: 8090 + + # Connection to the couch databases. Will be used to store client credentials + couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: password + + jwt: + secretkey: sw360SecretKey + + spring: + jackson: + serialization: + indent_output: true + + # Common SW360 properties + sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + + security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API + +``` +* Create file `application.yml` in path `/etc/sw360/rest` with content: +``` + # + # Copyright Siemens AG, 2017. Part of the SW360 Portal Project. + # Copyright Bosch.IO GmbH 2020 + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + server: + port: 8091 + + management: + endpoints: + enabled-by-default: false + web: + base-path: + endpoint: + health: + enabled: true + show-details: always + info: + enabled: true + web: + base-path: / + + spring: + servlet: + multipart: + max-file-size: 500MB + max-request-size: 600MB + + # logging: + # level: + # org.springframework.web: DEBUG + + security: + oauth2: + resource: + id: sw360-REST-API + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + + sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` + +* Create file `couchdb.properties` in path `/etc/sw360` with content: + +``` + # + # Copyright Siemens AG, 2020. Part of the SW360 Portal Project. + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + couchdb.url = http://localhost:5984 + couchdb.user = admin + couchdb.password = password + couchdb.database = sw360db + couchdb.usersdb = sw360users + couchdb.attachments = sw360attachments + lucenesearch.limit = 10000 + +``` +* Create file `sw360.properties` and `/etc/sw360` with content: + +``` + # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. + # + # This program and the accompanying materials are made + # available under the terms of the Eclipse Public License 2.0 + # which is available at https://www.eclipse.org/legal/epl-2.0/ + # + # SPDX-License-Identifier: EPL-2.0 + # + + # common property file for the backend services + backend.url= http://localhost:8080 + + licenseinfo.spdxparser.use-license-info-from-files=true + mainline.state.enabled.for.user=false + + # settings for the mail utility: + # if host is not set, e-mailing is disabled + MailUtil_host= + MailUtil_from=__No_Reply__@sw360.org + MailUtil_port=25 + MailUtil_enableStarttls= + MailUtil_enableSsl= + MailUtil_isAuthenticationNecessary= + MailUtil_login= + MailUtil_password= + MailUtil_enableDebug= + MailUtil_supportMailAddress= + + # text patterns for mail utility + defaultBegin = \ + *** This is an automatically generated email, please do not reply. ***\n\n\ + Dear SW360-user,\n\n + defaultEnd = \ + With best regards,\n\ + SW360-support + unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: + unsubscribeNoticeAfter =. *** + + subjectForNewModerationRequest= New moderation request + subjectForUpdateModerationRequest= Update on moderation request + subjectForAcceptedModerationRequest= Your moderation request has been accepted + subjectForDeclinedModerationRequest= Your moderation request has been declined + subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined + subjectForNewComponent= New component created + subjectForUpdateComponent= Component updated + subjectForNewRelease= New release created + subjectForUpdateRelease= Release updated + subjectForNewProject= New project created + subjectForUpdateProject= Project updated + subjectForNewClearingRequest= New clearing request <%s> for Project <%s> + subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s> + subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s> + subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s> + subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s> + subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated + + textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n + textForUpdateModerationRequest= \ + one of the moderation requests previously added to your \ + SW360-account has been updated.\n\n + textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n + textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n + textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n + textForNewComponent= a new component %s, in which you take part, has been created.\n\n + textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n + textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n + textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n + textForNewProject= a new project %s %s, in which you take part, has been created.\n\n + textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n + textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n + textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n + #attachment.store.file.system.location=/opt/sw360tempattachments + #enable.attachment.store.to.file.system=false + #attachment.store.file.system.permission=rwx------ + #attachemnt.delete.no.of.days=30 + + #Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. + #sw360changelog.config.file.location=/etc/sw360/log4j2.xml + enable.sw360.change.log=false + sw360changelog.output.path=sw360changelog/sw360changelog + +``` + +## References for more information +- [SW360] +- [CVE-Search] +- [Java] +- [Maven] +- [Thrift] +- [Liferay bundled with Tomcat] +- [PostgreSQL] +- [CouchDB] + + +## License + +[SPDX-License-Identifier: EPL-2.0] + +[//]: # (These are reference links used in the body of this instructions markdown file.) + [Check SW360]: + [Check CouchDB]: + [Check PostgreSQL]: + [SW360]: + [SW360 website]: + [CVE-Search]: + [Java]: + [Maven]: + [Thrift]: + [Liferay bundled with Tomcat]: + [PostgreSQL]: + [CouchDB]: + diff --git a/content/ja/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-17.0.0.md b/content/ja/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-17.0.0.md new file mode 100644 index 0000000..73306ef --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-17.0.0.md @@ -0,0 +1,999 @@ +--- +linkTitle: "Native-Install v17" +title: "Native Install v17" +weight: 100 +description: + Native-Install-Version-17 +--- + +# How to install and run SW360 v17.0.0 +# These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers. + +## This is a guide with detailed explanation of how to install and run SW360 natively on you local machine. +## It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run. + +SW360 is an Open Source project. The [SW360] repository and [SW360 website] repositories are published on GitHub. +## 1. Overview +### 1.1 SW360 Portal + +A software component catalogue application - designed to work with FOSSology. + +SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information. + +This material helps user to install SW360 17.0.0 + +### 1.2 Environment + +| Package Name | Version | +|:--------------|:--------:| +| Ubuntu | 20.04 | +| Apt | 2.0.2 | +| Wget | 1.20.3 | +| Curl | 7.68.0 | +| Git | 2.25.1 | +| Maven | 3.6.0 | +| OpenJDK | 11.0.5 | + +## 2.Install & Config proxy for Environment +``` +2.1 Apt +2.2 Wget +2.3 Curl +2.4 Git +2.5 Maven +2.6 OpenJDK +``` +### 2.1 Apt +#### Create file with name proxy.conf in folder `/etc/apt/apt.conf.d` + + - `$ sudo gedit /etc/apt/apt.conf.d/proxy.conf` + +#### Add the following line few files `proxy.conf` +``` + Acquire { + HTTP::proxy "http://username:password@server:port"; + HTTPS::proxy "http://username:password@server:port"; + } +``` +### 2.2 Wget +#### Create file `~/.wgetrc` + + - `$ sudo gedit ~/.wgetrc` + +#### Add the following line few files `~/.wgetrc` +``` + use_proxy=yes + http_proxy=http://username:password@server:port + https_proxy=http://username:password@server:port +``` +### 2.3 Curl +#### 2.3.1 Install Curl + - `$ sudo apt update` + - `$ sudo apt install curl` + +#### 2.3.2 Config proxy +* Create file `~/.curlrc` + + - `$ sudo gedit ~/.curlrc` + +* Add the following line few files `~/.curlrc` +``` + proxy=http://username:password@server:port/ +``` + +### 2.4 Git + +#### 2.4.1 Install Git +- `$ sudo apt update` +- `$ sudo apt install git` +#### 2.4.2 Config proxy +* Create file `~/.gitconfig` + + - `$ sudo gedit ~/.gitconfig` + +* Add the following line few files `~/.gitconfig` + ``` + [http] + proxy = http://username:password@server:port + sslverify = false + [https] + proxy = http://username:password@server:port + + ``` +### 2.5 Maven +#### 2.5.1 Install Maven +*Go to back Home in Terminal + +- `$ sudo apt update` +- `$ sudo apt install maven` + +#### 2.5.2 Config proxy for Maven + +* Create Folder with path `/home/user/.m2` +- `$ mkdir /home/user/.m2` + +* Create File in Folder `.m2` +- `$ touch /home/user/.m2/settings.xml` + +* Copy the following lines into tag + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + +### 2.6 OpenJDK 11 + +* And install OpenJDK 11 + - `$ sudo apt install openjdk-11-jdk` +* Check version: + - `$ java --version` + - Output: + ``` + openjdk version "11.0.15" 2022-04-19 + OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) + OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) + ``` + - Install JDK successfully +## 3. Native install 17.0.0 (without docker-compose) + +### The installation consists of some tasks:: +``` +3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules +3.2 Install Couchdb version 3.2.2 +3.3 Install Couchdb Lucene +3.4 Clone Project sw360 with version 17.0.0 +3.5 Install Thrift version 16.0 +3.6 Compiling and deploying +3.7 Version Management Table +``` +### 3.1 Install A Liferay Community Edition bundled with Tomcat + +* Make folder `work` in path of work: `/home/user` + + - `$ mkdir work` + +* Download Liferay Portal CE 7.4.3.18 GA18 + - `$ cd work` + - `$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Extract downloaded file + - `$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Create `portal-ext.properties` file in `liferay-ce-portal-7.4.3.18-ga18` folder + +* Copy content from https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties + +- Edit `portal-ext.properties`: uncomment below lines + + # default.admin.password=sw360fossy + + # default.admin.screen.name=setup + + # default.admin.email.address.prefix=setup + + # default.admin.first.name=Setup + + # default.admin.last.name=Administrator + +- Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password + +``` + # Postgres configuration + jdbc.default.driverClassName=org.postgresql.Driver + jdbc.default.url=jdbc:postgresql://localhost:5432/lportal + jdbc.default.username=${postgres_user} + jdbc.default.password=${postgres_password} +``` + +- Add lines to setup passsword policies +``` + # Passsword policies + passwords.default.policy.change.required=false + company.security.send.password.reset.link=false + company.security.auto.login=false + company.security.auth.type=emailAddress + company.security.strangers=false + company.security.strangers.with.mx=false + company.security.strangers.verify=false +``` + +* Remove files in folder `hypersonic` with path: `/home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic` + - `$ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*` + +* Move folder `liferay-ce-portal-7.4.3.18-ga18` to `/opt` + + - `$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt` + +### 3.2 Install Database + +#### 3.2.1 Install Couch DB + +* To install from aptitute type: + +```sh +$ sudo apt update +$ sudo apt install -y couchdb +``` + +* You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials. + +* After, run CouchDb service, check if it's working: + +```sh +$ sudo systemctl start couchdb.service +``` +* Check if CouchDB is responding: +```sh +$ curl localhost:5984 +``` +* This should return json containing version information +* You can use "start/stop/status/restart" command with systemctl for controlling CouchDB service. + + +#### Install Couchdb Lucene + +* SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene + +* Run command download Couchdb Lucene + - `wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz` + +* Note extract couchdb-lucene to folder `work` with path of work: `/home/user/work` + - `tar -xzf couchdb-lucene.tar.gz` + +* Run command: + - `cd couchdb-lucene-2.1.0` + - `sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini ` + - `sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini ` + - `wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch ` + - `patch -p1 < couchdb-lucene.patch ` + - `mvn clean install war:war` + - `cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war` + +### 3.2.2 Install PostgreSQL + +* Install PostgerSQL manually, you can install through "apt install" too: +```sh +$ sudo apt install zlib1g-dev -y +$ sudo apt install libreadline-dev -y +$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +$ tar -xvf postgresql-10.14.tar.gz +$ cd postgresql-10.14/ +$ mkdir -p /PATH_TO/sw360postgres +$ ./configure -prefix=/PATH_TO/sw360postgres +$ make +$ sudo make install +``` +* Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step. +```sh +$ vim ~/.bashrc +``` +* Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as "/home/username": +```sh +$ export PATH=$HOME/sw360postgres/bin:$PATH +$ export PGDATA=$HOME/sw360postgres/data +$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib +$ export PGPORT=5432 +``` +* Check if paths have been set, result must be the absolute paths: +```sh +$ echo $PATH +$ echo $PGDATA +$ echo $LD_LIBRARY_PATH +$ echo $PGPORT +``` +* After paths are set, postgres service can be run: +```sh +$ cd /PATH_TO/sw360postgres/bin +$ ./initdb --encoding=UTF8 --no-locale +$ ./pg_ctl start +``` +* You will see that the server has started. +* Note: If you installed through "apt install" then start the postgres service by following command, where after @ comes the installed version, if postgres isn't running you won't be able to connect to the server, and the error message is not explaining well that server isn't actually running at the moment: +```sh +sudo systemctl status postgresql@12-main.service +sudo systemctl start postgresql@12-main.service +``` +* Postgres will create an user with username ${ubuntu_user} (username login to ubuntu) +* Use theses command to change password of user ${ubuntu_user} in postgres sql. +```sh +$ psql postgres +postgres=# \du +postgres=# create database lportal; +postgres=# ALTER USER ${ubuntu_user} WITH PASSWORD 'sw360fossy'; +postgres=# ALTER ROLE ${ubuntu_user} with superuser; +postgres=# \q +``` +* Connect to postgres shell, and check users information +```sh +$ psql -d lportal +# \du +# \dt +# \l +``` +### 3.3 Install CVE-Search + +* Follow these detailed instructions: + +```sh +[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst] +``` + +* To connect it to SW360, see following instructions: + +```sh +https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +``` +##### Notes: +- In the instruction be careful with setting apt link for mongodb, if somehow it destroys your "sudo apt update" command, go to "/etc/apt/sources.list" file and comment out the broken line, that's probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions. + +### 3.4 Clone sw360 with version 17.0.0 + +* Clone sw360 source code to folder `work` with path: `/home/user/work` + + - `$ git clone https://github.com/eclipse/sw360` + +* Checkout to tag 17.0.0 version + - `$ cd sw360` + - `$ git checkout sw360-17.0.0-M1` + +* export path to repository sw360 + - `$ export SW360_REPOSITORY=/home/user/work/sw360` +### 3.5 Install Thrift version 0.16 + +* For thrift, we need version 0.16. The installation script in Path: `${SW360_REPOSITORY}/scripts/install-thrift.sh` + +* Run command to install libraries: + - `$ sudo apt-get install -y clang-tidy` + - `$ sudo apt-get install flex` + - `$ sudo apt-get install -y clang-tools` + - `$ sudo apt-get install bison` + - `$ sudo apt-get install cmake` + +* Run command: + - `$ chmod +x install-thrift.sh` + - `$ sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16 +* Check version thrift + + - `$ thrift --version` + + - Output: + ``` + Thrift version 0.16.0 + + ``` + - Install Thrift successfully + +### 3.6 Config properties files with Sw360 (sw360 17.0.0) + +* Create folder `sw360` in path `/etc/` + + - `sudo mkdir sw360` + +* Create 2 folder `authorization` and `rest` in path `/etc/sw360` + + - `sudo mkdir authorization` + - `sudo mkdir rest` + +* Create file `application.yml` in path `/etc/sw360/authorizaton` with content: +``` +# +# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: password + +jwt: + secretkey: sw360SecretKey + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API + +``` +* Create file `application.yml` in path `/etc/sw360/rest` with content: +``` +# +# Copyright Siemens AG, 2017. Part of the SW360 Portal Project. +# Copyright Bosch.IO GmbH 2020 +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +server: + port: 8091 + +management: + endpoints: + enabled-by-default: false + web: + base-path: + endpoint: + health: + enabled: true + show-details: always + info: + enabled: true + web: + base-path: / + +spring: + servlet: + multipart: + max-file-size: 500MB + max-request-size: 600MB + +# logging: +# level: +# org.springframework.web: DEBUG + +security: + oauth2: + resource: + id: sw360-REST-API + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + +sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` + +* Create file `couchdb.properties` in path `/etc/sw360` with content: + +``` +# +# Copyright Siemens AG, 2020. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +couchdb.url = http://localhost:5984 +couchdb.user = admin +couchdb.password = password +couchdb.database = sw360db +couchdb.usersdb = sw360users +couchdb.attachments = sw360attachments +lucenesearch.limit = 10000 + +``` +* Create file `sw360.properties` and `/etc/sw360` with content: + +``` +# Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# common property file for the backend services +backend.url= http://localhost:8080 + +licenseinfo.spdxparser.use-license-info-from-files=true +mainline.state.enabled.for.user=false + +# settings for the mail utility: +# if host is not set, e-mailing is disabled +MailUtil_host= +MailUtil_from=__No_Reply__@sw360.org +MailUtil_port=25 +MailUtil_enableStarttls= +MailUtil_enableSsl= +MailUtil_isAuthenticationNecessary= +MailUtil_login= +MailUtil_password= +MailUtil_enableDebug= +MailUtil_supportMailAddress= + +# text patterns for mail utility +defaultBegin = \ +*** This is an automatically generated email, please do not reply. ***\n\n\ +Dear SW360-user,\n\n +defaultEnd = \ +With best regards,\n\ +SW360-support +unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: +unsubscribeNoticeAfter =. *** + +subjectForNewModerationRequest= New moderation request +subjectForUpdateModerationRequest= Update on moderation request +subjectForAcceptedModerationRequest= Your moderation request has been accepted +subjectForDeclinedModerationRequest= Your moderation request has been declined +subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined +subjectForNewComponent= New component created +subjectForUpdateComponent= Component updated +subjectForNewRelease= New release created +subjectForUpdateRelease= Release updated +subjectForNewProject= New project created +subjectForUpdateProject= Project updated +subjectForNewClearingRequest= New clearing request <%s> for Project <%s> +subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s> +subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s> +subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s> +subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s> +subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated + +textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n +textForUpdateModerationRequest= \ +one of the moderation requests previously added to your \ +SW360-account has been updated.\n\n +textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n +textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n +textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n +textForNewComponent= a new component %s, in which you take part, has been created.\n\n +textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n +textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n +textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n +textForNewProject= a new project %s %s, in which you take part, has been created.\n\n +textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n +textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n +textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n +#attachment.store.file.system.location=/opt/sw360tempattachments +#enable.attachment.store.to.file.system=false +#attachment.store.file.system.permission=rwx------ +#attachemnt.delete.no.of.days=30 + +#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. +#sw360changelog.config.file.location=/etc/sw360/log4j2.xml +enable.sw360.change.log=false +sw360changelog.output.path=sw360changelog/sw360changelog + +``` + +* Configure the sw360ChangeLog path +#### 1. Create log4j2.xml file +- Based on log4j2.xml file from https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml, update the content as below, then place this file to etc/sw360 folder. + +``` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` +* Set the environment variable for the changelog directory (`${env:FILE_PATH}/sw360changelog.log`) + - Create Folder `sw360changelog` in `var/log/`: + - `$ sudo mkdir sw360changelog ` + - If `/var/log/sw360changelog` folder requires permission, set permission for this folder: + - `$ sudo chown -R $USER:$USER /var/log/sw360changelog` + + - `$ export FILE_PATH=/var/log/sw360changelog` + +* NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable + +#### 2. Enable changelog config + +Add the following lines to the sw360.properties file (or uncomment if they are existing) + +* `sw360changelog.config.file.location=/etc/sw360/log4j2.xml` +* `enable.sw360.change.log=true` + +#### 3. Compile and deploy + + * Set `sw360.liferay.company.id = 20099` in `sw360.properties` file + + * Set the environment variable for the LIFERAY_INSTALL directory + + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + + * Note: Should add -DskipTests when building sw360 to avoid test data write to log file + + * To clean everything and install without running the tests + + - `$ mvn clean install -DskipTests` + + * For deployment, run the command + + - `$ cd /home/user/work/sw360` + - `$ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -DskipTests` + +#### 4. Start and configure Liferay + +* Set the environment variable for the LIFERAY_INSTALL directory + + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Start liferay + + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh` + +* Log + + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/*` + +* SW360 URL: `https://localhost:8080` + +#### 5. How to check the logs +- Edit (update) a project, component, or release in SW360. +- Then check the logs in `${FILE_PATH}/sw360changelog/sw360changelog.log` file +\ + +### 3.7 Compile and deploy + +* Start Database +* Turn on the CouchDB and Postgres services + +```sh +$ sudo systemctl start couchdb.service +$ sudo systemctl start postgres@@12-main.service +``` + +* Check if both are running: + +```sh +$ sudo systemctl status couchdb.service +$ sudo systemctl status postgres@@12-main.service +``` + +* You should be able to see something like this: + +```sh +... systemd[1]: Started PostgreSQL Cluster 12-main. +... +... halt systemd[1]: Started Apache CouchDB. +``` +* install python and pip + - `$ sudo apt-get install python3 -y` + - `$ sudo -E apt-get install python3-pip -y` +* install mkdocs + - Without proxy: + + `$ sudo -E pip3 install mkdocs` + + `$ sudo -E pip3 install mkdocs-material` + - Via proxy: + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs` + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs-material` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +1. To clean everything and install without running the tests + - `$ mvn clean install -DskipTests ` + +2. For deployment run the command + - `mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false` + +#### 3.7.1 Start and Configure Liferay + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* After run command "mvn clean install -DskipTests" above, copy dependency in folder `/home/user/work/sw360/utils/jars` to `${LIFERAY_INSTALL}/osgi/modules` + + - `$ cd /home/user/work/sw360/utils/jars` + - `$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/` + +* We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360. + + - `$ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh` + - `$ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out` + +* Url SW360 : `https://localhost:8080` + +#### 3.7.2 Configure Liferay Portal + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` + +- Setup liferay: + +After successful , Then if you open the server with the URL `https://localhost:8080/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/1.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/2.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/3.png" >}} + +#### User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/4.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/6.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy74/7.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/8.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/9.png" >}} + +Finally, sice Liferay 7.4 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/10.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/11.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +#### Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/12.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/19.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/20.png" >}} + +#### Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/21.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/22.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy74/23.png" >}} + +#### Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/24.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/25.png" >}} + +### 3.8 Version Management Table (sw360 17.0.0) + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.4.3.18| +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | +| SW360 | 17.0.0 | + + + + +## References for more information +- [SW360] +- [CVE-Search] +- [Java] +- [Maven] +- [Thrift] +- [Liferay bundled with Tomcat] +- [PostgreSQL] +- [CouchDB] + + +## License + +[SPDX-License-Identifier: EPL-2.0] + +[//]: # (These are reference links used in the body of this instructions markdown file.) + [Check SW360]: + [Check CouchDB]: + [Check PostgreSQL]: + [SW360]: + [SW360 website]: + [CVE-Search]: + [Java]: + [Maven]: + [Thrift]: + [Liferay bundled with Tomcat]: + [PostgreSQL]: + [CouchDB]: diff --git a/content/ja/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-18.1.0.md b/content/ja/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-18.1.0.md new file mode 100644 index 0000000..8e7dc8c --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/NativeInstall/Native-install-SW360-Version-18.1.0.md @@ -0,0 +1,976 @@ +--- +linkTitle: "Native-Install v18.1" +title: "Native Install v18.1" +weight: 100 +description: + Native-Install-Version-18.1 +--- + +# How to install and run SW360 v18.1.0 +# These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers. + +## This is a guide with detailed explanation of how to install and run SW360 natively on you local machine. +## It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run. + +SW360 is an Open Source project. The [SW360] repository and [SW360 website] repositories are published on GitHub. +## 1. Overview +### 1.1 SW360 Portal + +A software component catalogue application - designed to work with FOSSology. + +SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information. + +This material helps user to install SW360 18.1.0 + +### 1.2 Environment + +| Package Name | Version | +|:--------------|:--------:| +| Ubuntu | 20.04 | +| Apt | 2.0.2 | +| Wget | 1.20.3 | +| Curl | 7.68.0 | +| Git | 2.25.1 | +| Maven | 3.6.0 | +| OpenJDK | 11.0.5 | + +## 2.Install & Config proxy for Environment (if you are behind a proxy server) +``` +2.1 Apt +2.2 Wget +2.3 Curl +2.4 Git +2.5 Maven +2.6 OpenJDK +``` +### 2.1 Apt +##### Create file with name proxy.conf in folder `/etc/apt/apt.conf.d` + + - `$ sudo gedit /etc/apt/apt.conf.d/proxy.conf` + +##### Add the following line few files `proxy.conf` +``` +Acquire { + HTTP::proxy "http://username:password@server:port"; + HTTPS::proxy "http://username:password@server:port"; +} +``` +### 2.2 Wget +##### Create file `~/.wgetrc` + + - `$ sudo gedit ~/.wgetrc` + +##### Add the following line few files `~/.wgetrc` +``` +use_proxy=yes +http_proxy=http://username:password@server:port +https_proxy=http://username:password@server:port +``` +### 2.3 Curl +##### 2.3.1 Install Curl + - `$ sudo apt update` + - `$ sudo apt install curl` + +##### 2.3.2 Config proxy +* Create file `~/.curlrc` + + - `$ sudo gedit ~/.curlrc` + +* Add the following line few files `~/.curlrc` +``` +proxy=http://username:password@server:port/ +``` + +### 2.4 Git + +##### 2.4.1 Install Git +- `$ sudo apt update` +- `$ sudo apt install git` +##### 2.4.2 Config proxy +* Create file `~/.gitconfig` + + - `$ sudo gedit ~/.gitconfig` + +* Add the following line few files `~/.gitconfig` +``` +[http] + proxy = http://username:password@server:port + sslverify = false +[https] + proxy = http://username:password@server:port + +``` +### 2.5 Maven +##### 2.5.1 Install Maven +*Go to back Home in Terminal + +- `$ sudo apt update` +- `$ sudo apt install maven` + +##### 2.5.2 Config proxy for Maven + +* Create Folder with path `/home/user/.m2` +- `$ mkdir /home/user/.m2` + +* Create File in Folder `.m2` +- `$ touch /home/user/.m2/settings.xml` + +* Copy the following lines into tag + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + + + optional1 + + true + + http + + username + + password + + server + + port + + local.net + + + + +### 2.6 OpenJDK 11 + +* And install OpenJDK 11 + - `$ sudo apt install openjdk-11-jdk` +* Check version: + - `$ java --version` + - Output: + ``` + openjdk version "11.0.15" 2022-04-19 + OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) + OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) + ``` + - Install JDK successfully + +## 3. Native install 18.1.0 (without docker-compose) + +**The installation consists of some tasks**: + +- [3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules](#ref1) + +- [3.2 Install databases](#ref2) + +- [3.3 Install CVE Search](#ref3) + +- [3.4 Clone Project sw360 with version 18.1.0](#ref4) + +- [3.5 Install Thrift version 16.0](#ref5) + +- [3.6 Config properties files with Sw360 (sw360 18.1.0)](#ref6) + +- [3.7 Compile and deploy](#ref7) + +- [3.8 Version Management Table (sw360 18.1.0)](#ref8) + + +### 3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules {#ref1} + +* Make folder `work` in path of work: `/home/user` + + - `$ mkdir work` + +* Download Liferay Portal CE 7.4.3.18 GA18 + - `$ cd work` + - `$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Extract downloaded file + - `$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Create `portal-ext.properties` file in `liferay-ce-portal-7.4.3.18-ga18` folder + +* Copy content from https://github.com/eclipse/sw360/blob/sw360-18.1.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties + +- Edit `portal-ext.properties`: uncomment below lines +```sh +# default.admin.password=sw360fossy + +# default.admin.screen.name=setup + +# default.admin.email.address.prefix=setup + +# default.admin.first.name=Setup + +# default.admin.last.name=Administrator +``` +- Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password + +```sh + # Postgres configuration + jdbc.default.driverClassName=org.postgresql.Driver + jdbc.default.url=jdbc:postgresql://localhost:5432/lportal + jdbc.default.username=${postgres_user} + jdbc.default.password=${postgres_password} +``` + +- Add lines to setup passsword policies +```sh + # Passsword policies + passwords.default.policy.change.required=false + company.security.send.password.reset.link=false + company.security.auto.login=false + company.security.auth.type=emailAddress + company.security.strangers=false + company.security.strangers.with.mx=false + company.security.strangers.verify=false +``` + +* Remove files in folder `hypersonic` with path: `/home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic` + - `$ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*` + +* Move folder `liferay-ce-portal-7.4.3.18-ga18` to `/opt` + + - `$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt` + +### 3.2 Install Database {#ref2} + +##### 3.2.1 Install CouchDB + +* To install from aptitute type: + +```sh +$ sudo apt update +$ sudo apt install -y couchdb +``` + +* You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials. + +* After, run CouchDb service, check if it's working: + +```sh +$ sudo systemctl start couchdb.service +``` +* Check if CouchDB is responding: +```sh +$ curl localhost:5984 +``` +* This should return json containing version information +* You can use "start/stop/status/restart" command with systemctl for controlling CouchDB service. + + +##### 3.2.2 Install PostgreSQL + +* Install PostgerSQL manually, you can install through "apt install" too: +```sh +$ sudo apt install zlib1g-dev -y +$ sudo apt install libreadline-dev -y +$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +$ tar -xvf postgresql-10.14.tar.gz +$ cd postgresql-10.14/ +$ mkdir -p /PATH_TO/sw360postgres +$ ./configure -prefix=/PATH_TO/sw360postgres +$ make +$ sudo make install +``` +* Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step. +```sh +$ vim ~/.bashrc +``` +* Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as "/home/username": +```sh +$ export PATH=$HOME/sw360postgres/bin:$PATH +$ export PGDATA=$HOME/sw360postgres/data +$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib +$ export PGPORT=5432 +``` +* Check if paths have been set, result must be the absolute paths: +```sh +$ echo $PATH +$ echo $PGDATA +$ echo $LD_LIBRARY_PATH +$ echo $PGPORT +``` +* After paths are set, postgres service can be run: +```sh +$ cd /PATH_TO/sw360postgres/bin +$ ./initdb --encoding=UTF8 --no-locale +$ ./pg_ctl start +``` +* You will see that the server has started. +* Note: If you installed through "apt install" then start the postgres service by following command, where after @ comes the installed version, if postgres isn't running you won't be able to connect to the server, and the error message is not explaining well that server isn't actually running at the moment: +```sh +sudo systemctl status postgresql@12-main.service +sudo systemctl start postgresql@12-main.service +``` +* Postgres will create an user with username ${ubuntu_user} (username login to ubuntu) +* Use theses command to change password of user ${ubuntu_user} in postgres sql. +```sh +$ psql postgres +postgres=# \du +postgres=# create database lportal; +postgres=# ALTER USER ${ubuntu_user} WITH PASSWORD 'sw360fossy'; +postgres=# ALTER ROLE ${ubuntu_user} with superuser; +postgres=# \q +``` +* Connect to postgres shell, and check users information +```sh +$ psql -d lportal +# \du +# \dt +# \l +``` +### 3.3 Install CVE Search {#ref3} + +* Follow these detailed instructions: + +```sh +[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst] +``` + +* To connect it to SW360, see following instructions: + +```sh +https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +``` +###### Notes: +- In the instruction be careful with setting apt link for mongodb, if somehow it destroys your "sudo apt update" command, go to "/etc/apt/sources.list" file and comment out the broken line, that's probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions. + +### 3.4 Clone sw360 with version 18.1.0 {#ref4} + +* Clone sw360 source code to folder `work` with path: `/home/user/work` + + - `$ git clone https://github.com/eclipse/sw360` + +* Checkout to tag 18.1.0 version + - `$ cd sw360` + - `$ git checkout sw360-18.1.0-M1` + +* export path to repository sw360 + - `$ export SW360_REPOSITORY=/home/user/work/sw360` +### 3.5 Install Thrift version 0.16 {#ref5} + +* For thrift, we need version 0.16. The installation script in Path: `${SW360_REPOSITORY}/scripts/install-thrift.sh` + +* Run command to install libraries: + - `$ sudo apt-get install -y clang-tidy` + - `$ sudo apt-get install flex` + - `$ sudo apt-get install -y clang-tools` + - `$ sudo apt-get install bison` + - `$ sudo apt-get install cmake` + +* Run command: + - `$ chmod +x install-thrift.sh` + - `$ sudo ./install-thrift.sh` + +In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16 +* Check version thrift + + - `$ thrift --version` + + - Output: + ``` + Thrift version 0.16.0 + + ``` + - Install Thrift successfully + +### 3.6 Config properties files with Sw360 (sw360 18.1.0) {#ref6} + +##### 3.6.1 Create folder `sw360` in path `/etc/` + + $ sudo mkdir sw360 + +##### 3.6.2 Create 2 folder `authorization` and `rest` in path `/etc/sw360` + + $ sudo mkdir authorization + $ sudo mkdir rest + +##### 3.6.3 Create file `application.yml` in path `/etc/sw360/authorizaton` with content (remember to replace couchdb username and password): +``` +# +# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: password + +jwt: + secretkey: sw360SecretKey + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API + +``` +* Create file `application.yml` in path `/etc/sw360/rest` with content: +``` +# +# Copyright Siemens AG, 2017. Part of the SW360 Portal Project. +# Copyright Bosch.IO GmbH 2020 +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +server: + port: 8091 + +management: + endpoints: + enabled-by-default: false + web: + base-path: + endpoint: + health: + enabled: true + show-details: always + info: + enabled: true + web: + base-path: / + +spring: + servlet: + multipart: + max-file-size: 500MB + max-request-size: 600MB + +# logging: +# level: +# org.springframework.web: DEBUG + +security: + oauth2: + resource: + id: sw360-REST-API + jwt: + keyValue: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy + VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ + 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ + 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg + 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da + d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ + PQIDAQAB + -----END PUBLIC KEY----- + +sw360: + thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} + test-user-id: admin@sw360.org + test-user-password: sw360-password + couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +``` + +* Create file `couchdb.properties` in path `/etc/sw360` with content: + +``` +# +# Copyright Siemens AG, 2020. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +couchdb.url = http://localhost:5984 +couchdb.user = ${COUCHDB_USER} +couchdb.password = ${COUCHDB_PASSWORD} +couchdb.database = sw360db +couchdb.usersdb = sw360users +couchdb.attachments = sw360attachments +lucenesearch.limit = 10000 + +``` +* Create file `sw360.properties` and `/etc/sw360` with content: + +``` +# Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# common property file for the backend services +backend.url= http://localhost:8080 + +licenseinfo.spdxparser.use-license-info-from-files=true +mainline.state.enabled.for.user=false + +# settings for the mail utility: +# if host is not set, e-mailing is disabled +MailUtil_host= +MailUtil_from=__No_Reply__@sw360.org +MailUtil_port=25 +MailUtil_enableStarttls= +MailUtil_enableSsl= +MailUtil_isAuthenticationNecessary= +MailUtil_login= +MailUtil_password= +MailUtil_enableDebug= +MailUtil_supportMailAddress= + +# text patterns for mail utility +defaultBegin = \ +*** This is an automatically generated email, please do not reply. ***\n\n\ +Dear SW360-user,\n\n +defaultEnd = \ +With best regards,\n\ +SW360-support +unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: +unsubscribeNoticeAfter =. *** + +subjectForNewModerationRequest= New moderation request +subjectForUpdateModerationRequest= Update on moderation request +subjectForAcceptedModerationRequest= Your moderation request has been accepted +subjectForDeclinedModerationRequest= Your moderation request has been declined +subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined +subjectForNewComponent= New component created +subjectForUpdateComponent= Component updated +subjectForNewRelease= New release created +subjectForUpdateRelease= Release updated +subjectForNewProject= New project created +subjectForUpdateProject= Project updated +subjectForNewClearingRequest= New clearing request <%s> for Project <%s> +subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s> +subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s> +subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s> +subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s> +subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated + +textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n +textForUpdateModerationRequest= \ +one of the moderation requests previously added to your \ +SW360-account has been updated.\n\n +textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n +textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n +textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n +textForNewComponent= a new component %s, in which you take part, has been created.\n\n +textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n +textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n +textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n +textForNewProject= a new project %s %s, in which you take part, has been created.\n\n +textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n +textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n +textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n +#attachment.store.file.system.location=/opt/sw360tempattachments +#enable.attachment.store.to.file.system=false +#attachment.store.file.system.permission=rwx------ +#attachemnt.delete.no.of.days=30 + +#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. +#sw360changelog.config.file.location=/etc/sw360/log4j2.xml +enable.sw360.change.log=false +sw360changelog.output.path=sw360changelog/sw360changelog + +``` + +##### 3.6.4 Configure the sw360ChangeLog path +**Create log4j2.xml file:** +- Based on log4j2.xml file from https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml, update the content as below, then place this file to etc/sw360 folder. + +``` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` +**Set the environment variable for the changelog directory (`${env:FILE_PATH}/sw360changelog.log`):** + +- Create Folder **sw360changelog** in **var/log/**: + + `$ sudo mkdir sw360changelog ` +- If **/var/log/sw360changelog** folder requires permission, set permission for this folder: + + `$ sudo chown -R $USER:$USER /var/log/sw360changelog` + + `$ export FILE_PATH=/var/log/sw360changelog` + +* NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable + +**Enable changelog config:** + +Add the following lines to the sw360.properties file (or uncomment if they are existing) + +* `sw360changelog.config.file.location=/etc/sw360/log4j2.xml` +* `enable.sw360.change.log=true` + +### 3.7 Compile and deploy {#ref7} + +##### 3.7.1. Start Database: +* Turn on the CouchDB and Postgres services + +```sh +$ sudo systemctl start couchdb.service +$ sudo systemctl start postgres@@12-main.service +``` + +* Check if both are running: + +```sh +$ sudo systemctl status couchdb.service +$ sudo systemctl status postgres@@12-main.service +``` + +* You should be able to see something like this: + +```sh +... systemd[1]: Started PostgreSQL Cluster 12-main. +... +... halt systemd[1]: Started Apache CouchDB. +``` +##### 3.7.2. Install python and pip: + +```sh +$ sudo apt-get install python3 -y +$ sudo -E apt-get install python3-pip -y +``` + +##### 3.7.3. Install mkdocs: + - Without proxy: + + `$ sudo -E pip3 install mkdocs` + + `$ sudo -E pip3 install mkdocs-material` + - Via proxy: + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs` + + `$ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs-material` + +##### 3.7.4. Set Environment for `${LIFERAY_INSTALL}`: + +```sh +$ cd /home/user/work/sw360 +$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18 +``` + +##### 3.7.5. Config Couchdb Lucene: + +Run following commands to config Couchdb Lucene (remember to replace **COUCHDB_USER** and **COUCHDB_PASSWORD** by username and password of couchdb installed at step [3.2.1](#321-install-couchdb)): + +```sh +$ cd third-party/couchdb-lucene/ +$ sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini +$ sed -i "s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/" ./src/main/resources/couchdb-lucene.ini +``` + +##### 3.7.6. Clean everything and install without running the tests: + +```sh +$ mvn clean install -DskipTests +``` + +##### 3.7.7. Deploy: + +```sh +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false +``` + +##### 3.7.8 Start and Configure Liferay: + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* After run command "mvn clean install -DskipTests" above, copy dependency in folder `/home/user/work/sw360/utils/jars` to `${LIFERAY_INSTALL}/osgi/modules` + + - `$ cd /home/user/work/sw360/utils/jars` + - `$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/` + +* We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360. + + - `$ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh` + - `$ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out` + +* Url SW360 : `https://localhost:8080` + +##### 3.7.9 Configure Liferay Portal: + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` + +- Setup liferay: + +After successful , Then if you open the server with the URL `https://localhost:8080/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/1.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/2.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/3.png" >}} + +##### User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/4.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/6.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy74/7.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/8.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/9.png" >}} + +Finally, sice Liferay 7.4 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/10.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/11.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +##### Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/12.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/19.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/20.png" >}} + +##### Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/21.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/22.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy74/23.png" >}} + +##### Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/24.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/25.png" >}} + +### 3.8 Version Management Table (sw360 18.1.0) {#ref8} + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.4.3.18| +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | +| SW360 | 18.1.0 | + + + + +## References for more information +- [SW360] +- [CVE-Search] +- [Java] +- [Maven] +- [Thrift] +- [Liferay bundled with Tomcat] +- [PostgreSQL] +- [CouchDB] + + +## License + +[SPDX-License-Identifier: EPL-2.0] + +[//]: # (These are reference links used in the body of this instructions markdown file.) + [Check SW360]: + [Check CouchDB]: + [Check PostgreSQL]: + [SW360]: + [SW360 website]: + [CVE-Search]: + [Java]: + [Maven]: + [Thrift]: + [Liferay bundled with Tomcat]: + [PostgreSQL]: + [CouchDB]: diff --git a/content/ja/docs/Deployment/Legacy/NativeInstall/_index.md b/content/ja/docs/Deployment/Legacy/NativeInstall/_index.md new file mode 100644 index 0000000..eafb0fc --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/NativeInstall/_index.md @@ -0,0 +1,7 @@ +--- +title: "Native Install" +linkTitle: "Native Install" +weight: 20 +oem_ignore: true +description: SW360 Native Install Deployment +--- diff --git a/content/ja/docs/Deployment/Legacy/_index.md b/content/ja/docs/Deployment/Legacy/_index.md new file mode 100644 index 0000000..e4d9575 --- /dev/null +++ b/content/ja/docs/Deployment/Legacy/_index.md @@ -0,0 +1,7 @@ +--- +title: "Legacy Deployment Guides" +linkTitle: "Legacy Guides" +weight: 20 +oem_ignore: true +description: SW360 Legacy deployment guides +--- diff --git a/content/ja/docs/Deployment/Upgrading/Deploy-Upgrade-to-Liferay-7.3-and-Java-11.md b/content/ja/docs/Deployment/Upgrading/Deploy-Upgrade-to-Liferay-7.3-and-Java-11.md new file mode 100644 index 0000000..8bdbdbd --- /dev/null +++ b/content/ja/docs/Deployment/Upgrading/Deploy-Upgrade-to-Liferay-7.3-and-Java-11.md @@ -0,0 +1,358 @@ +--- +linkTitle: "Liferay 7.3 and Java 11" +title: "Liferay 7.3 and Java 11" +weight: 100 +description: + Upgrading previous sw360 instances to Liferay 7.3.x and Java 11 +--- + + +## Introduction + +We are covering the update for ubuntu here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. + +With the update to Java 11, we upgraded from Ubuntu 16.04 to Ubuntu 18.04, both LTS version. This OS is used for example by the https://github.com/sw360/sw360vagrant project. + +So the update covers the following: + +| orign | target | +|---|---| +| Ubuntu 16.04 LTS | Ubuntu 18.04 LTS | +| CoucbdDB 1.X (comes with Ubuntu) | CouchDB 2.X (not with Ubuntu anymore) | +| Postgresql 9.X (comes with Ubuntu) | Postgresql 10.X (comes with Ubuntu) | +| OpenJDK 8 (comes with Ubuntu) | openJDK 11 (comes with Ubuntu) | +| Apache Thrift 0.11/0.12 | Apache Thrift 0.13 | + +## Overview + +The upgrade consists of quite some tasks, as an overview: + +1. Make a backup +2. Execute sw360 migration scripts +3. Linux release upgrade +5. Java 11 +6. Postgresql +7. CouchDB 2.X +8. Thrift to 0.13 +9. Liferay ce 7.3.3 +10. Copy your existing `portal-ext.properties` to now liferay_install location +11. copy from old liferay installation the `data/document_library` to the new liferay +12. Adjust `/etc/ini.d/tomcat` with path of new liferay +13. Adjust `$liferay_install` variable +14. add Java prerequisites to OSGi container +15. Update couchdb-lucene +16. Deploy new version of sw360 +17. Adjust Liferay + +## Initial steps + +In order to "calibrate the system" just run the update / upgrade cycle once: + +`# sudo apt update` + +`# sudo apt upgrade` + +### Keeping More Settings Files + +**apache.conf:** Keep also the mod security conf files that are asked to update during installation + +**sshd:** Changes on the ssh / sshd conf files should be kept in case you have setup up dome remote public private key login (usually the case for server installation). Otherwise you re locked out maybe. + +**Maven:** if you change Maven, for example with your proxy settings, keep it too. + +In general, whenever there is functionality you need, consider keeping existing settings files. + +## Ubuntu Release Upgrade + +There is maybe the remark to overwrite the current apache configuration. We propose to keep the currently installed apache files. + +`# sudo do-release-upgrade` + +Answer "yes" for the download of packages and also confirm the update of the glibc, of course. Update the `system.conf`(install maintainer's version), depending on if you actually edited this. Some for `sysctl.conf`. + +## Migration of PostgreSQL + +The existing 9.5 will not be upgraded, instead this message comes: After the release upgrade, you can check again if postgresql is installed: + +`sudo apt list postgre* --installed` + +Postgresql 9.5 should be the only installed. The old postgresql 9.5 must stay in fact, because the migration tool needs to be executing on a running postgresql 9.5 instance. Just having popstgresql 10 and a database only from postgresql 9.5 will not work. You can go ahead install postgresql 10: + +`sudo apt install postgresql-10` + +Then, apply the instruction to update from 9.5 to 10.0 from this page: https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04 + +``` +# service postgresql stop +... +# pg_dropcluster --stop 10 main +... +# pg_upgradecluster -m upgrade 9.5 main +... +# pg_dropcluster 9.5 main --stop +... +# apt-get autoremove --purge postgresql-9.5 +... +# service postgresql start +``` +(note that # means you need to be root or execute with sudo) + +## Migration of CouchDB + +CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDb package repository to install it, first the key for signing: + +`curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -` + +The add the repo to the sources: + +`echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list` + +Then, add its contents to the package database by updating apt: + +`sudo apt-get update -y` + +Ultimately install CouchDB, we tried with 2.1.2 initiall not to make a too far jump from 1.X, later versions may work as well. Note that for upgrading to CouchDB 3.X you would need an upgrade to 2.X first. + +`sudo apt-get install -y couchdb=2.1.2~bionic` + +The installer will ask a couple of questions: + +1. Bind address: for CouchDB and SW360 `127.0.0.1` (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly. +2. Admin user: **Warning** The couchdb migration utility does not support authentication! Please do not enter an admin password, but apply it later. You can set the password for CouchDB in `couchdb.properties` and place it centrally in `/etc/sw360` +3. Migration: yes you need to use `couchup` for migrating the databases + +In case you added an admin and need to remove it, try: + +`curl -X DELETE http://admin:password@127.0.0.1:5984/_config/admins/admin` + +where the two occurrences `admin` is the name of the admin user in the URL, whatever the user was called. + +### Migration of CouchDB Databases + +As a preparation: the CouchDB migration works by copying the databases, so the file system needs at least as much free space as the CouchDB databases use. + +CouchDB offers a migration utility. It is advised that you remove all test databases as they do not seem to work with the migration utility. Important links are: + +* https://docs.couchdb.org/en/2.3.1/install/upgrading.html +* https://github.com/apache/couchdb/pull/483 + +For some reason after installation, the `couchup`utility is not part of the path, so execute: + +`/opt/couchdb/bin/couchup list` + +It lists all DBs found. The go ahead with: + +`/opt/couchdb/bin/couchup replicate -a` + +It should replicate all databases in `/var/lib/couchdb`. Please refer to the couchup documentation, for the subsequent steps. A few remarks from our experience: + +1. The rebuold of the couchdb does not work for our test databases. Please refer to the documentation how to do this manually if you like. +2. The couchup utility crashes for large DB sizes with a time out error. Consider using the timeout option: `/opt/couchdb/bin/couchup replicate -a --timeout==10000` (with almost infinite timeout here) +3. On very large attachment database sizes (500GB), the couchdb configuration must be changed. We increased almost every related value by factor 10 (timeouts, memory, etc) in `/opt/couchdb/etc/default.ini` and good success with this. + +## Update Thrift + +For thrift, we need version 0.13. The installation script `scripts/install-thrift.sh`allows for uninstalling old versions: + +`sudo ./install-thrift.sh --uninstall` + +and then install + +`sudo ./install-thrift.sh` + +## From OpenJDK 8 to OpenJDK 11 + +First check, what is installed. + +`# sudo apt list openjdk* --installed` + +Then you could check what is available: + +`# sudo apt list openjdk*` + +It should be that OpenJDK 8 is installed and both OpenJDK 8 and 11 are available. Then, remove the OpenJDK 8 and install 11: + +``` +sudo apt remove openjdk-8-jdk +sudo apt remove openjdk-8-jre +sudo apt remove openjdk-8-jdk-headless +sudo apt remove openjdk-8-jre-headless +``` + +check if nothing is installed: + +`# sudo apt list openjdk* --installed` + +Then install the openjdk-11-jdk: + +`# sudo apt install openjdk-11-jdk` + +Then the `$JAVA_HOME` needs to be updated, most likely it is defined in `/etc/environment`. Please check for your installation how to set the `$JAVA_HOME` correctly. + +## Updating Liferay + +Download Liferay from this link + +https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz + +and unpack it, ideally in the `/opt` directory, so resulting path would look like `liferay-ce-portal-7.3.3-ga4`. + +Then, you need to update the `$LIFERAY_INSTALL` in `/etc/environment` from `LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ +` to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4`. + +First, you will need to copy the `portal-ext.properties` from the old liferay folder to the new liferay folder (or new `$LIFERAY_HOME`): + +`# cp /$old-liferay/portal-ext.properties $LIFERAY_INSTALL/portal-ext.properties` + +### Migration of existing database + +For a version upgrade from Liferay CE 7.2 to Liferay 7.3, migration scripts must be applied, they are located in `$LIFERAY_HOME/ +tools/portal-tools-db-upgrade-client`. From there the following files needs to be adapted: + +* `app-server.properties`: most likely uncomment tomcat, because we re using liferay with tomcat. +* `portal-upgrade-database.properties`: uncomment postgresql section and add database user, default from installation is `liferay/liferay`, or it is stored in `portal-ext.properties` right where the JDBC driver is selected. Please note that your `portal-ext.properties` file in `$LIFERAY_INSTALL`can have the following line `include-and-override=/etc/sw360/portal-ext.properties`. In this case, consider the `portal-ext.properties`at that location. +* `portal-upgrade-ext.properties`: just the liferay home, you can leave it as it is + +If everything is done (and the postgresql migration took place), execute: + +`# ./db_upgrade.sh` + +It should return a battery of `INFO` log level messages end with: + +``` +Completed Liferay core upgrade process in 96 seconds +Checking to see if all upgrades have completed... done. +``` + +### More Migration + +The liferay migration covers apparently only the database, but not the files in the `$LIFERAY_HOME/data` folder. It would have been nicer, if that would have been covered too. Instead these must be copied manually. In fact, for the migration, it is advised to copy only the `/old-liferay/data/document_library` to the new location. Something like (different pwd ...): + +`# cp -r _attic/liferay-portal-7.2.1-ga2/data/document_library/ liferay-ce-portal-7.3.3-ga4/data/` + +### Auto Start + +For auto start, you need an according init.d entry. It could be a file like `/etc/init.d/tomcat`. The file could be created if not there already, with the following contents: + +``` +#!/bin/bash + +### BEGIN INIT INFO +# Provides: tomcat7 +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop Tomcat server +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +start() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh +} + +stop() { + su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh +} + +case $1 in + start|stop) $1;; + restart) stop; start;; + *) echo "Run as $0 "; exit 1;; +esac +``` + +Te user `siemagrant` is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server runs under in vagrant. Regardless how the user is named, it is important that liferay runs under an unprivileged user (for security reasons). + +### Adjust Memory + +When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in `$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh` should be adapted again. + +## Install Prerequisites + +For old installations, libthrift is not there (which causes an error at container startup), it should be downloaded and deployed: + +``` +wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar +mv libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ +``` + +The the existing prerequisites needs to be copied from the `osgi/modules` from the old liferay installation: + +``` +cp commons-lang-2.4.jar $LIFERAY_HOME/deploy +cp commons-io-2.6.jar $LIFERAY_HOME/deploy +cp commons-csv-1.4.jar $LIFERAY_HOME/deploy +cp commons-collections4-4.1.jar $LIFERAY_HOME/deploy +cp commons-codec-1.12.jar $LIFERAY_HOME/deploy +cp commons-logging-1.2.jar $LIFERAY_HOME/deploy +cp gson-2.8.5.jar $LIFERAY_HOME/deploy +cp guava-21.0.jar $LIFERAY_HOME/deploy +cp jackson-annotations-2.9.8.jar $LIFERAY_HOME/deploy +cp jackson-core-2.9.8.jar $LIFERAY_HOME/deploy +cp jackson-databind-2.9.8.jar $LIFERAY_HOME/deploy +``` + +note that with the [commit](https://github.com/eclipse/sw360/commit/71348b4fffa6e3e5fd761a3f63590a0a60663827) to sw360-13.0.0-M1 you need also another dependency for apache poi: + +``` +cp commons-compress-1.20.jar $LIFERAY_HOME/deploy +``` + +## Install Couchdb Lucene + +SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main thing is that it requires pathing for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container. + +Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be `couchdb-lucene`: + +`wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz` + +Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene: + +https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh + +Please note that the patching issue is well known in the project and it is unclear why it is not merged: + +* https://github.com/rnewson/couchdb-lucene/issues/161 "allow context-root other than "/" when running in servlet container" +* https://github.com/rnewson/couchdb-lucene/pull/162 +* https://github.com/rnewson/couchdb-lucene/pull/152 + +Now, for CouchDB 2.X the hook for integration of a search component has chaned compared to CouchDB 1.X. Accordingly, the old couchdb-lucene component must be replaced with the latest version. + +## Deploy New SW360 + +You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 or some few commits before that. Then build in the sw360 project root using: + +`mvn clean install -DskipTests` + +This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same: + +``` +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests +``` + +Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed: + +``` +cd rest +mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +``` + +## Final Steps in Liferay + +Liferay CE 7.3 bring some changes that still require manually applied settings to the running liferay server. Thus, you could start the liferay server or just restart the entire machine. The following two things need to be adaptedin liferay after successful startup in order to get the migration done: + +1. The automatic verification of e-mail adresses maybe be needed to be switched off, because it kicks in also for existing users. This can be done in "Control Panerl" -> "Instance Settings" -> "User Authentication" -> "" + +2. The JavaScript components jquery and fontawesone (that come with liferay) must be manually enabled now. For this got into "Control Panel" -> "System Settings" -> "Thrid Party". and from then select the two JavaScript components from the left and enable them accordingly. + +## Known Issues + +### Database Availability Right after Update + +Right after updating, the sw360 will not show up data at all, but sometimes nothing or "portlet unavailable". The problem is the re-indexing of the DB and the search index which takes a while. You can trigger reindexing in the systems. A lazy way is call all (main) views so the database stumbles accross it and starts the indexing tasks (see job view in the couchdb admin interface of Futon). The sam eis for searches, the first searches will fail and the lucene will do some internal updates. leaving the system working for some time and follow the log will help. Could take 30 minutes. + +### E-Mail Verification Trap + +Liferay has automatically enabled password verification for all accounts right after migration. Not sure what motivates persons to enable such feature by default right after migration from an instance where it was not there? In case you have attached the system to an external login solution, but your liferay is not configured to send mails, then it is a trap, because you cannot verify the e-mail address and thus, cannot login. You need to disable the external login solution and use the original initial setup user to login (which is not asked for verification by e-mail) to disable this feature (see above). diff --git a/content/ja/docs/Deployment/Upgrading/Upgrade-SW360-from-14.0.0-to-15.0.0.md b/content/ja/docs/Deployment/Upgrading/Upgrade-SW360-from-14.0.0-to-15.0.0.md new file mode 100644 index 0000000..b3913b6 --- /dev/null +++ b/content/ja/docs/Deployment/Upgrading/Upgrade-SW360-from-14.0.0-to-15.0.0.md @@ -0,0 +1,90 @@ +--- +linkTitle: "Upgrade Sw360 from 14.0 to 15.0" +title: "Upgrade Sw360 from 14.0 to 15.0" +weight: 100 +description: + Upgrade Sw360 from 14.0 to 15.0 +--- + +# Upgrade SW360 version 15.0 + +## 1. Upgrade sw360 from 14.0 to 15.0 +``` +1.1 Checkout source code SW360 to Tag Version 15 +1.2 Version of libraries +1.3 Migrate database +1.4 Build and deploy Sw360 Version 15.0 +``` +### 1.1 Checkout source code SW360 to Tag Version 15 + +Link contains source: + +* Path `SW360_REPOSITORY` = `/home/user/work/sw360` + +* Source code sw360 is in master branch with commit version 14.0 . User into `${SW360_REPOSITORY}` use git checkout to tag version 15 on the master branch of SW360 +* Checkout to tag Version 15.0.0 + - `$ git checkout . ` + - `$ git checkout sw360-15.0.0-M1` + +### 1.2 Version of libraries + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.3.4 | +| Tomcat | 9.0.33 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.14.0 | +| SW360 | 14.0.0 | + +### 1.3 Migrate database + +* Check migrate scripts from 14.0 to 15.0 by + +- There is no migrate script, skip this step. + +### 1.4 Build and deploy SW360 Version 15.0 + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Stop SW360 version 14.0, ensure that couchdb is accessible (try to open `http://localhost:5984/_utils/`) + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh` + +## 2. Compile and deploy + +* Start couchdb + - `$ sudo service couchdb start` + +* Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +1. To clean everything and install without running the tests + - `$ mvn clean install -DskipTests ` + +2. For deployment run the command + - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` + +### 2.1 Start and Configure Liferay +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*` + +* Url SW360 : `https://localhost:8080` +### 2.2 Configure Liferay Portal + +* Can follow the steps in the following link https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3 or follow these steps: + +- Import users + 1. Open the panel on the left side by clicking the button on the top left. + 2. Click on `SW360` on the top right to go to the homepage. + 3. Click on `Start` inside the "Welcome" section. + 4. Go to `Admin` -> `User` (URL: `/group/guest/users`). + 5. Scroll down to section `UPLOAD USERS`, select a user file from the very + beginning and click `Upload Users` on the right side. [A user file can be found here in the sw360vagrant project](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) + * Download: `$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv` \ No newline at end of file diff --git a/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_15_To_16.md b/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_15_To_16.md new file mode 100644 index 0000000..4a1f459 --- /dev/null +++ b/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_15_To_16.md @@ -0,0 +1,145 @@ +--- +linkTitle: "Upgrade Sw360 from 15.0 to 16.0" +title: "Upgrade Sw360 from 15.0 to 16.0" +weight: 100 +description: + Upgrade Sw360 from 15.0 to 16.0 +--- + +# Upgrade SW360 version 16.0 + +## 1. Upgrade sw360 from 15.0 to 16.0 +``` +1.1 Checkout source code SW360 to Tag Version 16 +1.2 Version of libraries +1.3 Migrate database +1.4 Build and deploy Sw360 Version 16 +1.5 Start and Configure Liferay +``` +### 1.1 Create Folder contains source code SW360 to Tag Version 16 + +Link contains source: + +* Path `SW360_REPOSITORY` = `/home/user/work15to16/sw360` + +* Source code sw360 is in main branch with commit version 14.0 . User into `${SW360_REPOSITORY}` use git checkout to tag version 16 on the main branch of SW360 +* Checkout to tag Version 16.0.0 or checkout commit "d15db4a1b07112fff126016103c1a8d8dd03c230" + - `$ git checkout d15db4a1b07112fff126016103c1a8d8dd03c230 ` or `$ git checkout sw360-16.0.0-M1` + +* Upgrade Thrift from 0.14.0 to 0.16.0 + - Move to folder sw360 with path `/home/user/work15to16/sw360` + + Run command line: + + Uninstall thrift version 0.14.0 + + - `./scripts/install-thrift.sh --uninstall` + + Install thrift version 0.16.0 + + - `./scripts/install-thrift.sh` + + Check version thrift + + - `thrift --version` + +* Update Dependency for SW360 version 16 + + Download dependency: + - `wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.7/commons-io-2.7.jar -O commons-io-2.7.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.9/gson-2.8.9.jar -O gson-2.8.9.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/31.0.1-jre/guava-31.0.1-jre.jar -O guava-31.0.1-jre.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.13.2/jackson-annotations-2.13.2.jar -O jackson-annotations-2.13.2.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.13.2/jackson-core-2.13.2.jar -O jackson-core-2.13.2.jar` + - `wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.13.2.2/jackson-databind-2.13.2.2.jar -O jackson-databind-2.13.2.2.jar` + - `wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar -O libthrift-0.16.0.jar` + + Move dependency to folder `/opt/liferay-ce-portal-7.3.4-ga5/deploy` + +### 1.2 Version of libraries + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.3.4 | +| Tomcat | 9.0.33 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | + +### 1.3 Migrate database + +* Check migrate scripts from 15.0 to 16.0 by + +* 3 file migration: + - `https://github.com/eclipse/sw360/blob/main/scripts/migrations/048_add_component_businessunit.py` + - `https://github.com/eclipse/sw360/blob/main/scripts/migrations/049_migrate_admin_obligation.py` + - `https://github.com/eclipse/sw360/blob/main/scripts/utilities/003_update_project_field_value_couchdb_2_x.py` + + Install enviroment for python 2.7 + - `$ sudo apt-add-repository universe` + - `$ sudo apt update` + - `$ sudo apt install python2-minimal` + + Check version + - `$ python2 --version` + + Install pip for python 2.7 + -`curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py` + -`sudo python2 get-pip.py --proxy=http://username:password@hostname` + -`pip --version` + + Import package couchdb + -`pip install --proxy=http://username:password@hostname couchdb` + + How to run migration data + 1. stop SW360 (i.e. the tomcat) + * Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + + * Stop SW360 version 15.0, ensure that couchdb is accessible (try to open `http://localhost:5984/_utils/`) + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh` + + 2. ensure that couchdb is accessible (try to open http://localhost:5984/_utils/) + + 3. run the migration scripts (i.e. for each script call python2 /PATH/TO/00?_some_migration_script.py) + be aware that some scripts are using an internal dry-run switch which you have to change manually in the script's code. + + 3.1 move to folder with path `/home/user/work15to16/sw360/scripts/migrations` + + Run command: + - `python2 048_add_component_businessunit.py` + - `python2 049_migrate_admin_obligation.py` + + Check data change in file log: + - 048_add_component_businessunit.log + - 049_migrate_admin_obligation.log + + 3.2 move to folder with path `/home/user/work15to16/sw360/scripts/utilities` + - `python2 003_update_project_field_value_couchdb_2_x.py` + + Check data change in file log: + - 003_update_project_field_value_couchdb_2_x.log + +### 1.4. Compile and deploy + + * Set Environment for `${LIFERAY_INSTALL}` + - `$ cd /home/user/work/sw360` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + + To clean everything and install without running the tests + + - `mvn clean install -DskipTests ` + + For deployment run the command + - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` + +### 1.5 Start and Configure Liferay +* Set Environment for `${LIFERAY_INSTALL}` + - `$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5` + +* Start liferay + - `$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh` +* Log + - `$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*` + +* Url SW360 : `https://localhost:8080` \ No newline at end of file diff --git a/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_16_To_17.md b/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_16_To_17.md new file mode 100644 index 0000000..e6b282e --- /dev/null +++ b/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_16_To_17.md @@ -0,0 +1,293 @@ +--- +linkTitle: "Upgrade SW360 from 16.0 to 17.0" +title: "Upgrade SW360 from 16.0 to 17.0" +weight: 100 +--- + + +[Checkout source code SW360 to Tag Version 17](#ref1) + +[Version of libraries](#ref2) + +[Migrate Database](#ref3) + +[Build and deploy SW360 Version 17](#ref4) + +[Start and Configure Liferay](#ref5) + + +## Prepare source code to use release 17 {#ref1} + +Link contains source: + +* Path `SW360_REPOSITORY` = `/home/user/work16to17/sw360` + +* Source code sw360 is in main branch with commit version 16.0.0 . User into `${SW360_REPOSITORY}` use git checkout to tag version 16 on the main branch of SW360 +* Checkout to tag Version 17.0.0 + + * `$ git checkout 6c1aeacea3b0c5f37dc1752b5409cce1433e40c2` + +* Check version thrift + + * `thrift --version` + +* If thrift version 0.14.0 then upgrade Thrift from 0.14.0 to 0.16.0 + + * Move to folder sw360 with path `/home/user/work16to17/sw360` + + To uninstall thrift version 0.14.0: + + * `./scripts/install-thrift.sh --uninstall` + + To install thrift version 0.16.0 + + * `./scripts/install-thrift.sh` + +* Download Liferay Portal CE 7.4.3.18 GA18 + + * `$ cd work16to17` + + * `$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Extract downloaded file + + * `$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz` + +* Copy file `portal-ext.properties` from `liferay-ce-portal-7.3.4-ga5` folder to `liferay-ce-portal-7.4.3.18-ga18` folder + +* Remove files in folder `hypersonic` with path: `/home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic` + + `$ rm -rf /home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*` + +* Copy all file `liferay-ce-portal-7.3.4-ga5/osgi/configs` folder to `liferay-ce-portal-7.4.3.18-ga18/osgi/configs` folder + +## Liferay Database Migration + + +* Go to `liferay-ce-portal-7.4.3.18-ga18/tools/portal-tools-db-upgrade-client` folder + +* Edit `app-server.properties` to add the following parameters: + +``` + dir={LIFERAY_PATH_7.4}/tomcat-9.0.56 + extra.lib.dirs=/bin + global.lib.dir=/lib + portal.dir=/webapps/ROOT + server.detector.server.id=tomcat +``` + +* Edit `portal-upgrade-database.properties` to add the following parameters: + +``` + jdbc.default.driverClassName=org.postgresql.Driver + jdbc.default.url=jdbc:postgresql://{POSTGRE_HOST}:5432/lportal + jdbc.default.username={POSTGRES_USER} + jdbc.default.password={POSTGRES_PASSWORD} +``` + +* Edit `portal-upgrade-ext.properties` to add the following parameter: + +``` + liferay.home={LIFERAY_PATH_7.4} +``` + +* Finally, you can run the script with the following command: + +``` +$ ./db_upgrade.sh -j "-Xmx8000m -Dfile.encoding=UTF-8 -Duser.timezone=GMT" +``` + +* Move folder `liferay-ce-portal-7.4.3.18-ga18` to `/opt` + + `$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt` + +* Set Environment for `${LIFERAY_INSTALL_7_4}` + + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Move folder `/home/user/work16to17/sw360` run command + + `$ mvn clean install -DskipTests` + +* After run command "mvn clean install -DskipTests" above, copy dependency in folder `/home/user/work16to17/sw360/deploy/jars` to `${LIFERAY_INSTALL_7_4}/deploy` + + ```bash + $ cd /home/user/work16to17/sw360/deploy/jars + $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/deploy/ + ``` + +* We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360 or can reuse 7.3.4's setenv.sh. + + ```bash + $ sudo rm -rf ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/setenv.sh + $ sudo cp /home/user/work16to17/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/ + ``` + +## Install Couchdb Lucene + +* SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene + +* Run command download Couchdb Lucene + - `wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz` + +* Note extract couchdb-lucene to folder `work` with path of work: `/home/user/work` + - `tar -xzf couchdb-lucene.tar.gz` + +* Run command: + - `cd couchdb-lucene-2.1.0` + - `sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini ` + - `sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini ` + - `wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch ` + - `patch -p1 < couchdb-lucene.patch ` + - `mvn clean install war:war` + - `sudo cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war` + +## Version of libraries {#ref2} + +| Package Name | Version | +|:--------------|:--------:| +| Liferay | 7.4.3 | +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | + +* To check couchdb version: run `curl http://localhost_or_yourcouchdbserver:5984 | json_pp` +## Migrate database {#ref3} + +* Check migrate scripts from 16.0 to 17.0 by + +* File migration: + + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/050_cleanup_eccinformation_duplicate_attributes.py` + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/051_change_eccStatus.py` + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/052_migrate_clearing_request_status.py` + * `https://github.com/eclipse/sw360/blob/main/scripts/migrations/053_remove_whitespace_component_name.py` + + +* Install pip for python 3 + + if there is no proxy, skip option `--proxy=http://username:password@hostname:port` + + ```bash + $ sudo apt update + $ sudo apt install python3-pip + ``` + +* Import package couchdb + `pip3 install --proxy=http://username:password@hostname:port couchdb` + + How to run migration data + 1. stop SW360 (i.e. the tomcat) + * Set Environment for `${LIFERAY_INSTALL_7_4}` + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + + * Stop SW360 version 16.0 with path `LIFERAY_INSTALL_7_3= /opt/liferay-ce-portal-7.3.4-ga5` + `$ ${LIFERAY_INSTALL_7_3}/tomcat-9.0.33/bin/shutdown.sh` + + 2. Ensure that couchdb is accessible (try to open `http://localhost:5984/_utils/`) + + 3. run the migration scripts (i.e. for each script call python3 /PATH/TO/00?_some_migration_script.py) + be aware that some scripts are using an internal dry-run switch which you have to change manually in the script's code. + + * Move to folder with path `/home/user/work16to17/sw360/scripts/migrations` + * Edit file migration to add the following parameters: + + ``` + DRY_RUN = False + # set admin name and password for couchdb3 + DB_USER_NAME = 'admin' + DB_USER_PASSWORD = 'password' + # set credentials for couchdb3 + couch.resource.credentials=(DB_USER_NAME, DB_USER_PASSWORD) + ``` + * Need to update 052 for python script + - Python 2.x code with Python 3.x. In Python 2, print is a statement and can be used without parentheses. However, in Python 3, print is a function and therefore always requires parentheses. + - Install library `pandas` of python. + - ```$ pip3 install pandas ``` + + - Run command: + + ```bash + $ python3 050_cleanup_eccinformation_duplicate_attributes.py + $ python3 051_change_eccStatus.py + $ python3 052_migrate_clearing_request_status.py + $ python3 053_remove_whitespace_component_name.py + ``` + + Check data change in file log: + + * 050_cleanup_eccinformation_duplicate_attributes.py.log + * 051_change_eccStatus.py.log + * 052_migrate_clearing_request_status.log + * 053_remove_whitespace_component_name.log + +## Compile and deploy {#ref4} + +* Set Environment for `${LIFERAY_INSTALL_7_4}` + `$ cd /home/user/work16to17/sw360` + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + + To clean everything and install without running the tests + `mvn clean install -DskipTests` + +* For deployment run the command + `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true ` + +## Start and Configure Liferay {#ref5} + +* Set Environment for `${LIFERAY_INSTALL_7_4}` + `$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` + +* Start liferay + + * `$ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh` + +* Log + + * `$ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/*` + +* Url SW360 : `https://localhost:8080` + + +### Re-indexing search indexes is required for major version upgrades. Here’s how to re-index: + +``` +1. Click on the Global Menu (Global Menu icon) and select the Control Panel tab. The Control Panel appears. + +2. Click on Search in the Configuration section, select the Index Actions tab, and click Execute for Re-index all search indexes. The re-index executes and displays a success message when done. +``` + +{{< figure src="/sw360/img/sw360screenshots/ReIndexSearch.png" >}} + + +### Setup SW360 for Liferay: Import *.lar Files + +- ```You need over-import *.lar files to the portet can show the sw360 icons/images``` + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png" >}} + + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} diff --git a/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_17_To_18.md b/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_17_To_18.md new file mode 100644 index 0000000..d342ac1 --- /dev/null +++ b/content/ja/docs/Deployment/Upgrading/Upgrade_Version_SW360_17_To_18.md @@ -0,0 +1,155 @@ +--- +linkTitle: "Upgrade SW360 from 17.0 to 18.1.0" +title: "Upgrade SW360 from 17.00 to 18.1.0" +weight: 100 +--- + +[Version of libraries](#ref1) + +[Checkout source code SW360 to Tag Version 18.1.0](#ref2) + +[Config Couchdb Lucene](#ref3) + +[Build and deploy](#ref4) + +[Start and Configure Liferay](#ref5) + +[Setup SW360 for Liferay: Import *.lar Files](#ref6) + +## Version of libraries {#ref1} + +| Package Name | Version | +| :----------- | :-----: | +| Liferay | 7.4.3 | +| Tomcat | 9.0.56 | +| Couchdb | 3.2.2 | +| Open JDK | 11.0.15 | +| Thrift | 0.16.0 | + +To check couchdb version: run `curl http://localhost_or_yourcouchdbserver:5984 | json_pp` + +## Prepare source code to use release 18.1.0 {#ref2} + +Link contains source: + +Create folder to store new source code of version 18.1.0: + +```sh +$ mkdir /home/user/work17to18 +``` + +Clone source code from github: + +```sh +$ git clone https://github.com/eclipse/sw360.git +``` + +Checkout to tag Version 18.1.0 + +```sh +$ git checkout sw360-18.1.0-M1 +``` + +Set Environment for `${LIFERAY_INSTALL_7_4}` + +```sh +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18 +``` + +Move folder `/home/user/work17to18/sw360` run command + +```sh +$ mvn clean install -DskipTests +``` + +Copy dependencies from folder **/home/user/work17to18/sw360/deploy/jars** to **${LIFERAY_INSTALL_7_4}/osgi/modules** + +```sh +$ cd /home/user/work17to18/sw360/utils/jars +$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/ +``` + +## Config Couchdb Lucene {#ref3} + +Run following commands to config Couchdb Lucene (remember to replace **COUCHDB_USER** and **COUCHDB_PASSWORD** by username and password of couchdb): + +```sh +$ cd /home/user/work17to18/sw360/third-party/couchdb-lucene/ +$ sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini +$ sed -i "s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/" ./src/main/resources/couchdb-lucene.ini +$ mvn clean install war:war +$ cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war +``` + +## Build and deploy {#ref4} + +Set Environment for `${LIFERAY_INSTALL_7_4}` + +```sh +$ cd /home/user/work17to18/sw360 +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18 +``` + +To clean everything and install without running the tests + +```sh +$ mvn clean install -DskipTests +``` + +For deployment run the command + +```sh +$ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true +``` + +## Start and Configure Liferay {#ref5} + +Set Environment for `${LIFERAY_INSTALL_7_4}` + +```sh +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18` +``` + +Start liferay + +```sh +$ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh +``` + +Log + +```sh +$ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/catalina.out +``` + +SW360 url : [https://localhost:8080](https://localhost:8080) + +## Setup SW360 for Liferay: Import \*.lar Files {#ref6} + +**You need over-import lar files to the portet can show the sw360 icons/images** + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +{{< figure src="/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the \*.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} diff --git a/content/ja/docs/Deployment/Upgrading/_index.md b/content/ja/docs/Deployment/Upgrading/_index.md new file mode 100644 index 0000000..0c280c5 --- /dev/null +++ b/content/ja/docs/Deployment/Upgrading/_index.md @@ -0,0 +1,7 @@ +--- +title: "Upgrade from previous instances" +linkTitle: "Upgrade" +weight: 11 +oem_ignore: true +description: SW360 Bare Metal Deployment +--- diff --git a/content/ja/docs/Deployment/_index.md b/content/ja/docs/Deployment/_index.md new file mode 100644 index 0000000..367ec84 --- /dev/null +++ b/content/ja/docs/Deployment/_index.md @@ -0,0 +1,158 @@ +--- +title: "Deployment" +linkTitle: "Deployment" +weight: 20 +icon: fas fa-truck +description: SW360 Deployment Guides +--- + +## Recommended SW360 Deployment + +For current SW360 deployment is recommended use docker compose, as base setup of the necessary third party tools are present. + +You can find [SW360 official docker-compose reference here](https://github.com/eclipse-sw360/sw360/raw/main/docker-compose.yml). + +This docker compose comes with default admin passwords for couchdb and postgres. Is recommended for production to customize this file. + +Donload the file mentioned above an just run: + +```bash +docker compose up -d +``` + +Three nested docker containers will be created for sw360, couchdb and postgres, and the respective volumes for the containers. They run in a closed sw360 docker network. + +## Next steps: Setup liferay + +After successful , Then if you open the server with the URL `https://localhost:8080/` the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/1.png" >}} + +Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside. +The default sw360 login username is *setup@sw360.org* and default password is *sw360fossy*. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/2.png" >}} + +After login the sw360 is not setup, thus the server does not display much, but a screen like the following: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/3.png" >}} + +### User and Login Settings in Liferay + +Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/4.png" >}} + +Edit this password policy and disable `change Required` if you wish to do so. Click on Save_the bottom of the page to save the selection. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/6.png" >}} + +Then, go: in `Configuration` > `Instance Settings` > `Users` > + +{{< figure src="/sw360/img/sw360screenshots/deploy74/7.png" >}} + +In this area, select `Default User Associations` to enter SW360 and apply it also to existing users. Click on Save to save the selection: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/8.png" >}} + +Then, in `Configuration` > `Instance Settings` > `User Authentication` > `General` to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/9.png" >}} + +Finally, since Liferay 7.4 some of the bundled modules need to be activated: + +* jquery +* font awesome + +In oder to do this, please select from the `Configuration` > `System Settings` > `Third Party` and go to jquery, select the enablement and click on Update: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/10.png" >}} + +Do the same for Font Awesome: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/11.png" >}} + +Note that you need to reload the browser or load a new browser window to take changes to effect. + +### Setup SW360 for Liferay: Import *.lar Files + +For the setup of SW360 in Liferay, the portal description files, `*.lar` files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay. + +In order to go ahead, switch to the `SW360` area where you can apply site settings: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/12.png" >}} + +The go into > `Publishing` > `Import` which shows like this: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/13.png" >}} + +Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the [frontend/configuration](https://github.com/eclipse/sw360/tree/master/frontend/configuration) folder of the sw360 repository. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/14.png" >}} + +As for import settings, follow the selection as shown on the screenshot. It is very important that for the `Public_Pages_7_4_3_18_GA18.lar` file the selection `Public_Pages_7_4_3_18_GA18.lar` is made. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/15.png" >}} + +Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected. + +After successful importing, the same steps shall be repeated for the `Private_Pages_7_4_3_18_GA18.lar` file. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/16.png" >}} + +Make sure that `Private_Pages_7_4_3_18_GA18.lar ` is selected. Follow the other selections made as shown on the screenshot ... importing permissions ... mirror with overwriting, use the current author ... + +{{< figure src="/sw360/img/sw360screenshots/deploy74/17.png" >}} + + +If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/18.png" >}} + +You can close the left menu area by clicking on the upper left icon: + +{{< figure src="/sw360/img/sw360screenshots/deploy74/19.png" >}} + +Click `Start` to open the private pages. You are still logged in, so the setup account is used to view the pages. + +__Important__ The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/20.png" >}} + +### Import User Accounts for Testing + +Click the SW360 `Admin` menu which is_the right and selection the `User` item. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/21.png" >}} + +At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a [user account import file](https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv) to import in the `sw360vagrant` project in the folder `shared`. After the user have been imported successfully, they should appear in the table view. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/22.png" >}} + +After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below): + +{{< figure src="/sw360/img/sw360screenshots/deploy74/23.png" >}} + +### Real Login + +One example user is `user@sw360.org` with the password `12345`. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/24.png" >}} + +After the successful login, SW360 will look as follows. + +{{< figure src="/sw360/img/sw360screenshots/deploy74/25.png" >}} + +## General Topics + +* [Deployment Authorization Concept](deploy-authorization-concept) +* [Properties explained](deploy-configuration-files) +* [Deployment Requirements](deploy-requirements) +* [Secure Deployment Notes](deploy-secure-deployment) + +## Special Topics + +After install and setup sw360, this are possible topice to be considered: + +* [Special Coverage of Country Codes](deploy-configuration-country-codes), when countries are displayed, then it uses country codes in the DB +* [How to export data and import it to a new instance](deploy-export-and-import) diff --git a/content/ja/docs/Development/Dev-Adding-New-Fields-to-Existing-Classes.md b/content/ja/docs/Development/Dev-Adding-New-Fields-to-Existing-Classes.md new file mode 100644 index 0000000..b15c995 --- /dev/null +++ b/content/ja/docs/Development/Dev-Adding-New-Fields-to-Existing-Classes.md @@ -0,0 +1,54 @@ +--- +title: "How to add fields to an existing class" +linkTitle: "Class new fields" +weight: 10 +--- + +The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. +We will add the license text to licenses in the thrift file: +```thrift +13: optional string text; +``` + +To update the text we write a liferay Action in the LicensesPortlet: +```java + @UsedAsLiferayAction + public void changeText(ActionRequest request, ActionResponse response) throws PortletException, IOException { + String licenseId = request.getParameter(LICENSE_ID); + String text = request.getParameter(License._Fields.TEXT.name()); + + if(!Strings.isNullOrEmpty(licenseId)) { + + try { + User user = UserCacheHolder.getUserFromRequest(request); + LicenseService.Iface client = thriftClients.makeLicenseClient(); + final License license = client.getFromID(licenseId); + + license.setText(CommonUtils.nullToEmptyString(text)); + final RequestStatus requestStatus = client.updateLicense(license, user); + + renderRequestStatus(request,response,requestStatus); + } catch (TException e) { + log.error("Error updating license", e); + } + } + + response.setRenderParameter(LICENSE_ID, licenseId); + response.setRenderParameter(PAGENAME, PAGENAME_DETAIL); + response.setRenderParameter(SELECTED_TAB, "LicenseText"); + } +``` + +To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define: +```html + + + +``` +A good practice to name fields in jsps is to use the thrift field names: + +```html + +``` diff --git a/content/ja/docs/Development/Dev-Adding-a-new-portlet-Backend.md b/content/ja/docs/Development/Dev-Adding-a-new-portlet-Backend.md new file mode 100644 index 0000000..e6c4066 --- /dev/null +++ b/content/ja/docs/Development/Dev-Adding-a-new-portlet-Backend.md @@ -0,0 +1,107 @@ +--- +title: "How to add a backend portlet to sw360" +linkTitle: "Add backend portlet" +weight: 10 +--- + +This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations. + +This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary: + +1. Add methods to the thrift idl definition +1. Add methods to the data handler interface +1. Add implementation +1. Add tests + +#### Thrift + +First we add some methods to the thrift files, components.thrift +```java +//new Methods to ensure uniqueness of Identifiers +map > getDuplicateComponents(); +map > getDuplicateReleases(); +``` + +#### Datahandler + +then we install lib-datahandler. That way we see which methods we have to implement. +We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler. + +```java +@Override +public Map> getDuplicateComponents() throws TException { + return handler.getDuplicateComponents(); +} + +@Override +public Map> getDuplicateReleases() throws TException { + return handler.getDuplicateReleases(); +} +``` + +#### Implementation + +The methods there are only a reference to the ComponentDatabaseHandler.java. +In the ComponentHandler we only assert that the input is correct. +Since we implement methods without parameters, there is nothing else for us to do. +In the ComponentDatabaseHandler.java we actually do some work and implement the methods + +```java +public Map> getDuplicateComponents() { + ListMultimap componentIdentifierToComponentId = ArrayListMultimap.create(); + + for (Component component : componentRepository.getSummaryForExport()) { + componentIdentifierToComponentId.put(SW360Utils.printName(component), component.getId()); + } + return CommonUtils.getIdentifierToListOfDuplicates(componentIdentifierToComponentId); +} + +public Map> getDuplicateReleases() { + ListMultimap releaseIdentifierToReleaseId = ArrayListMultimap.create(); + + for (Release release : releaseRepository.getReleaseSummary()) { + releaseIdentifierToReleaseId.put(SW360Utils.printName(release), release.getId()); + } + + return CommonUtils.getIdentifierToListOfDuplicates(releaseIdentifierToReleaseId); +} +``` + +#### Tests + +We then write some tests in ComponentDatabaseHandlerTest.java + +```java +@Test +public void testDuplicateComponentIsFound() throws Exception { + String originalComponentId = "C3"; + final Component tmp = handler.getComponent(originalComponentId, user1); + tmp.unsetId(); + tmp.unsetRevision(); + String newComponentId = handler.addComponent(tmp, email1); + + final Map> duplicateComponents = handler.getDuplicateComponents(); + + assertThat(duplicateComponents.size(), is(1)); + assertThat(duplicateComponents.get(printName(tmp)), containsInAnyOrder(newComponentId,originalComponentId)); + +} + + +@Test +public void testDuplicateReleaseIsFound() throws Exception { + + String originalReleaseId = "R1A"; + final Release tmp = handler.getRelease(originalReleaseId, user1); + tmp.unsetId(); + tmp.unsetRevision(); + String newReleaseId = handler.addRelease(tmp, email1); + + final Map> duplicateReleases = handler.getDuplicateReleases(); + + assertThat(duplicateReleases.size(), is(1)); + assertThat(duplicateReleases.get(printName(tmp)), containsInAnyOrder(newReleaseId,originalReleaseId)); +} +``` + +Then we install the backend to make our methods available. diff --git a/content/ja/docs/Development/Dev-Adding-a-new-portlet-Frontend.md b/content/ja/docs/Development/Dev-Adding-a-new-portlet-Frontend.md new file mode 100644 index 0000000..21557b8 --- /dev/null +++ b/content/ja/docs/Development/Dev-Adding-a-new-portlet-Frontend.md @@ -0,0 +1,179 @@ +--- +title: "How to add a frontend portlet to sw360" +linkTitle: "Add frontend portlet" +weight: 10 +--- + +We create a class in +``` +sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/ +``` + +called +``` +DatabaseSanitation.java +``` + +Here are some code snippets that are important: + +```java +public class DatabaseSanitation extends Sw360Portlet +``` + +the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages. + +```java +@Override +public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException { + // Proceed with page rendering + super.doView(request, response); +} +``` + +This method is used to render different pages, a common pattern would be to have if/else tree like +```java +//! VIEW and helpers +@Override +public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException { + String pageName = request.getParameter(PAGENAME); + if (PAGENAME_EDIT.equals(pageName)) { + prepareVendorEdit(request); + include("/html/vendors/edit.jsp", request, response); + } else { + prepareStandardView(request); + super.doView(request, response); + } +} +``` + +but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in + +```java +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml +``` +but more on that later. + +The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls: +``` +@Override +public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { + String action = request.getParameter(PortalConstants.ACTION); + if (PortalConstants.DUPLICATES.equals(action)) { + serveDuplicates(request, response); + } +} +``` + +similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple. + + +Let's have a look at + +```java +private void serveDuplicates(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { + + Map> duplicateComponents=null; + Map> duplicateReleases=null; + try { + final ComponentService.Iface componentClient = thriftClients.makeComponentClient(); + duplicateComponents = componentClient.getDuplicateComponents(); + duplicateReleases = componentClient.getDuplicateReleases(); + } catch (TException e) { + log.error("Error in component client", e); + } + + if(duplicateComponents== null || duplicateReleases==null) { + renderRequestStatus(request,response, RequestStatus.FAILURE); + } else if(duplicateComponents.isEmpty() && duplicateReleases.isEmpty()) { + renderRequestStatus(request,response, RequestStatus.SUCCESS); + } else { + request.setAttribute(PortalConstants.DUPLICATE_RELEASES, duplicateReleases); + request.setAttribute(PortalConstants.DUPLICATE_COMPONENTS, duplicateComponents); + include("/html/admin/databaseSanitation/duplicatesAjax.jsp", request, response, PortletRequest.RESOURCE_PHASE); + } +} +``` + +The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend. +We call the methods that we wrote in the first part of the tutorial. +The error handling is reported with renderRequestStatus, also from Sw360Portlet. +When we have findings then we report them by rendering a jsp in the RESOURCE_PHASE. +This is then some html that our AJAX function gets as data. + +Then we have to register the portlets in some xml files: + +``` +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml +``` + +```xml +... + +``` + +``` +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml +``` + +```xml +... + + databaseSanitation + /icon.png + false + /css/main.css + /js/main.js + /js/external/jquery-1.11.1.min.js + +``` +Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts. + +``` +sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml +``` + +```xml +... + + databaseSanitation + databaseSanitation + + com.siemens.sw360.portal.portlets.admin.DatabaseSanitation + + + view-template + /html/admin/databaseSanitation/view.jsp + + 0 + + text/html + view + + + databaseSanitation + databaseSanitation + + + + administrator + + +``` + +After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file. +We sign in as admin, +go to +``` +Admin -> Site administration +-> Private Pages + +``` +To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page. +Then we select the Private Pages under My Sites. +We can then go to the page we have just created. +On the left side there is a plus sign, which opens a side menu with the available portlets that we can add to our page. +Under SW360 we find the portlet DatabaseSanitation and we click add. +Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -> No and we save that. +Then we change the theme of Private Pages back to SW360-Theme. + +Now we can change the theme back and export a new lar file as described else where. diff --git a/content/ja/docs/Development/Dev-Branches.md b/content/ja/docs/Development/Dev-Branches.md new file mode 100644 index 0000000..96839e1 --- /dev/null +++ b/content/ja/docs/Development/Dev-Branches.md @@ -0,0 +1,14 @@ +--- +title: "SW360 Development Branches" +linkTitle: "Branches" +weight: 10 +description: "Helps to see who is responsible and to which issue the Pull Request corresponds" +--- + +## Branches structure +`//` + + +### Examples: +- maierthomas/#1/fix-dowload-bundle +- maierthomas/#3/sw360portal-specific-links diff --git a/content/ja/docs/Development/Dev-Database-Migration-using-Costco.md b/content/ja/docs/Development/Dev-Database-Migration-using-Costco.md new file mode 100644 index 0000000..23553d4 --- /dev/null +++ b/content/ja/docs/Development/Dev-Database-Migration-using-Costco.md @@ -0,0 +1,121 @@ +--- +title: "Database migration using Costco" +linkTitle: "Database Migration" +weight: 10 +--- + +### Praeamble + +Please note that database migrations are done now in python scripts at + +> https://github.com/eclipse/sw360/tree/master/scripts/migrations + +keeping the following page because Costco might be useful for development / testing / quick adaptations. + +### Problem + +The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible. + +### Solution + +Use costco, an open source project that + +* is a couchapp (right, this implies that you install the couchapp environment) +* offers a Web interface as sub path of the couchdb database +* allows to iterate through the documents of a database and then apply modifications on a particular document +* allows to perform modifications on documents using Java script + +More information + +* Project website: https://github.com/harthur/costco +* Useful examples: http://harthur.github.io/costco/ + +Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document 'schema' (not in the classic sense as there is no schema in couchdb). + +### Troubleshooting + +If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a 'not-so-obvious' python error during install of couchapp. The following line could be th dependencies that you might need: +```Bash +sudo apt-get install python-dev libxml2-dev libxslt-dev +``` + +### Cheat Sheet: Installing costco inside an sw360vagrant deployment + +OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant: + +```Bash +$ sudo apt-get install python-dev libxml2-dev libxslt-dev +$ sudo pip install couchapp +$ git clone http://github.com/harthur/costco.git +$ cd costco +$ couchapp push . http://localhost:5984/sw360db +``` + +### Examples in sw360 + +The following examples show some costco code from the use with sw360. + +#### Renaming a key + +In order to rename a field's key, the following code might be helpful. In the following example, the field's key ```developement``` into ```development``` (correcting a typo in the datamodel). + +```JavaScript +function(doc) { + if(doc.type == 'todo') { + doc.development = doc.developement; + delete doc.developement; + } + return doc; +} +``` + +#### Renaming a key in a subdocument + +Similar thing as above, rename a key from ```comment``` to ```createdcomment```, but this time inside a nested list of documents. + +```JavaScript +function(doc) { + if (doc.type == 'release') { + for (var f = 0, len = doc.attachments.length; f < len; f +=1 ) { + doc.attachments[f].createdComment = doc.attachments[f].comment; + delete doc.attachments[f].comment; + } + } + return doc; +} +``` + +### More JavaScript Examples with CouchDB + +In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets. + +The following example searched for attachments of type `SOURCE` at releases, which do not have the `createdBy` set: + +```JavaScript +function(doc) { + if ((doc.type == 'release') + && (doc.attachments)) { + for (var attachment in doc.attachments) { + if (!doc.attachments[attachment].createdBy) { + if (doc.attachments[attachment].attachmentType== 'SOURCE') { + emit(doc._id, doc.attachments[attachment].filename); + } + } + } + } +} +``` + +The following example looks into date fields, in this case `createdOn`, and checks if it uses dots (for changing them into dashes). + +```JavaScript +function(doc) { + if( + (doc.type == 'release') + && (doc.createdOn.indexOf('.') !== -1) + ) + { + emit(doc.name, doc) + } +} +``` diff --git a/content/ja/docs/Development/Dev-DoD-and-Style.md b/content/ja/docs/Development/Dev-DoD-and-Style.md new file mode 100644 index 0000000..319981f --- /dev/null +++ b/content/ja/docs/Development/Dev-DoD-and-Style.md @@ -0,0 +1,93 @@ +--- +title: "Definition of Done" +linkTitle: "Definition of Done" +weight: 10 +description: "The definition of done helps to set a common understanding for solving a ticket." +--- + +### Policy + +* Review points should involve one person from another angle (not just the person you were sitting together with anyways) +* No self merging of pull requests +* Limit items in review to 5, try to coordinate +* Using Github assignments to issues or pull requests +* Open review items require conversation +* Every change must be proposed in the form of a pull request (no commits to main without review) + +# Definition of Done + +* File headers in file OK + * EPL-2.0 license header + * Or, if the file is too small, configuration file: license note (see code style) + * Copyright and author + +* Create Branches for sw360 + * Please use conventional branch names for sw360 [Dev-Branches]({{< relref path="Dev-Branches.md">}}) + +* Avoid (serious) compiler warnings + * Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please + * Rebase onto current master so that a fast forward merge is possible + * That means that merge to main is prepared + +* No breaking test + * Unit testing as it is already present + * You have more - use them! + +* New test + * For new / added functionality + +* Documentation + * In the GitHub Wiki-Section, if you have done something new + * At least a technical note for newly added functionality + +* Commit style + * try to squash commits. In the ideal case, a feature is contained in one commit. + * try to use conventional changelog for commit messages. [Dev-Semantic-Commits]({{< relref path="Dev-Semantic-Commits.md" >}}) + +# Review + +Review basically checks for the D-o-D items, in particular + +* Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful. +* Design / architecture issues +* Community contribution suitability +* Issue coverage (does it actually solve the problem?) + +# Licensing and File Header + +All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all +contributions must have the same license as the original source. + +If a file has relevant functionality, note that we should move to Eclipse 2.0 + +```Java +/* + * Copyright COPYRIGHT HOLDER, 2017. + * Copyright NEXT COPYRIGHT HOLDER, 2017. + * Part of the SW360 Portal Project. + * + * SPDX-License-Identifier: EPL-2.0 + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v20.html + */ +``` +(please adapt comment characters usage) + +For small files such as property files, configuration files or standard XML files: + +```Bash +# Copyright , . Part of the SW360 Portal Project. +# +# All rights reserved. This configuration file is provided to you under the +# terms and conditions of the Eclipse Distribution License v1.0 which +# accompanies this distribution, and is available at +# http://www.eclipse.org/org/documents/edl-v10.php +``` + +# Code style + +Just use the standard Java formatting rules of your IDE and **do not reformat** code from others, because you like to +correct formatting of other's code. diff --git a/content/ja/docs/Development/Dev-External-Documents-with-CouchDB.md b/content/ja/docs/Development/Dev-External-Documents-with-CouchDB.md new file mode 100644 index 0000000..2133837 --- /dev/null +++ b/content/ja/docs/Development/Dev-External-Documents-with-CouchDB.md @@ -0,0 +1,295 @@ +--- +title: "CouchDB External Documents" +linkTitle: "CouchDB External Documents" +weight: 10 +--- + +## Motivation +In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. +Projects, components and releases contain attachments. The metadata of these attachments are stored as inline documents inside its parent document (which is the project, component or release). +However these attachments may be used by other documents as well, e.g. license info files which are attached to releases are used by projects to generate the overall license information for that project. +In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update. + +## Advantages of external documents +* single documents with a clear separation to other documents +* easy identification +* might be loaded and updated standalone + +## Advantages of internal documents +* Very fast loading along with the owner +* Easy handling since only the owner must be loaded or updated + +In any case it is highly dependent on the use case whether external documents are to be favored over internal documents. + +## Possible implementations for linked documents +### Special ResponseHandler with Special Views from CouchDB + +| **Ease of Use** | **Performance** | **Integration Effort** | +|------------------------|------------------------|------------------------| +| ⭐⭐ Middle, special views have to be created, fields of data objects has to be annotated. | ⭐⭐⭐ Very good, fetching of multiple documents with a single request. | ⭐ High, since existing code has to be changed. | + +#### Couch-DB theory +At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents: +```javascript +project = { + _id: "p1", + type: "project", + name: "Testproject", + attachments: [ + { _id: "a1" }, + { _id: "a2" } + ] +} +attachment1 = { + _id: "a1", + type: "attachment", + name: "SourceFile", + sha1: "abc1234" +} +attachment2 = { + _id: "a2", + type: "attachment", + name: "LicenseFile", + sha1: "fed9876" +} +``` +Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request: +```javascript +function(doc) { + if(doc.type === "attachment") { + emit(doc._id, null); + for(var i in doc.attachments) { + emit(doc._id, { _id: doc.attachments[i]._id }); + } + } +} +``` +You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project: +```javascript +{ + "total_rows":5, + "offset":0, + "rows":[{ + "id":"p1", + "key": "p1", + "doc":{ + "_id":"p1", + "attachments":[ + "a1", "a2" + ], + "name":"Testproject", + ... + }, + ... + }, { + "id":"p1", + "doc":{ + "_id":"a1", + name: "SourceFile", + ... + }, + ... + }, { + "id":"p1", + "key": "p1", + "value":null, + "doc":{ + "_id":"a2", + name: "LicenseFile", + ... + }, + ... + } + ] +} +``` +**Note** is will only work if you query the view with `include_docs` set to `true`. +**Note** include_docs will only work at the top level of a value. In other words it will only recognize the following to situations: +* null: if the value is null, the document which is identified by the key is included +* { _id: "..." }: the document identified by the given id is included. +To be clear: transitive inclusions will not work! +**Note** See also https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents. + +### Implementation with Ektorp +https://github.com/eclipse/sw360/pull/596 show an implementation to transparently read such results from Couch-DB. It consists of: +* new methods in the database connector which are aware of loading linked documents +* a response handler used for parsing the results when requesting linked documents +* two annotation classes to mark fields which contain ids for linked documents +After the branch was merged, the new feature can be used in only three steps. You need: +1. A view that loads the "main" documents along with their linked documents +1. A special method in your database handler / database repository which calls the new method from the connector +1. A mixin for your data object which annotates the fields which contain ids to linked documents + +#### Notes for 1. +Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. +You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic. +#### Notes for 2. +You should write methods in your repository as well as in your database handler that uses the new methods from the database connector. +#### Notes for 3. +Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code. + +## Usage with Ektorp + +| Easy to use? | Performance? | Effort to use in existing code | +| ------------ | ------------ | ----------------------------- | +| :no_entry: does not work | :no_entry: | :no_entry: | + +Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. +However Ektorp has a linking feature as well: You may annotate fields with the `@DocumentReference`-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type `Set` at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the `@DocumentReference`-annotation to work was not possible with a reasonable effort. + +Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work. + +### Own serializer/deserializer + +| Easy to use? | Performance? | Effort to use in existing code | +|--------------------|--------------------|--------------------------------| +| ⭐⭐⭐ Quite easy, just some Jackson configuration necessary | ⭐⭐ Good, but every type of linked objects needs an additional request | ⭐⭐⭐ Low, existing code does not have to be changed | + +This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. +The following classes are needed: +1. Repository for the new external documents +1. DatabaseHandler for the new external documents +1. Mixin-Class to add annotations to the field with external documents +1. A new mapper factory to properly configure the custom serializer +1. Custom serializers/deserializer + +#### Example for externalizing attachments +##### Mixin-Class +This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every +```java +public abstract class SplitAttachmentsMixin extends DatabaseMixIn { + @JsonSerialize(using = AttachmentSetSerializer.class) + @JsonDeserialize(using = AttachmentSetDeserializer.class) + public abstract void setAttachments(Set attachments); +} +``` + +##### Mapper factory +```java +public class SplitAttachmentsMapperFactory extends MapperFactory { + + private final AttachmentHandlerInstantiator handlerInitiator; + + public SplitAttachmentsMapperFactory(Supplier httpClient, String dbName) throws MalformedURLException { + handlerInitiator = new AttachmentHandlerInstantiator(httpClient, dbName); + } + + @Override + public ObjectMapper createObjectMapper() { + ObjectMapper objectMapper = super.createObjectMapper(); + + objectMapper.addMixInAnnotations(Project.class, SplitAttachmentsMixin.class); + objectMapper.setHandlerInstantiator(handlerInitiator); + + return objectMapper; + } + + private static class AttachmentHandlerInstantiator extends HandlerInstantiator { + private final AttachmentSetSerializer attachmentSetSerializer; + private final AttachmentSetDeserializer attachmentSetDeserializer; + + public AttachmentHandlerInstantiator(Supplier httpClient, String dbName) throws MalformedURLException { + attachmentSetSerializer = new AttachmentSetSerializer(httpClient, dbName); + attachmentSetDeserializer = new AttachmentSetDeserializer(httpClient, dbName); + } + + @Override + public JsonDeserializer deserializerInstance(DeserializationConfig config, Annotated annotated, Class deserClass) { + if (deserClass.isInstance(attachmentSetDeserializer)) { + return attachmentSetDeserializer; + } + return null; + } + ... + } + +} +``` + +##### Serializer +```java +public class AttachmentSetSerializer extends JsonSerializer> { + + private final AttachmentDatabaseHandler handler; + + public AttachmentSetSerializer(Supplier httpClient, String dbName) throws MalformedURLException { + this.handler = new AttachmentDatabaseHandler(httpClient, dbName); + } + + @Override + public void serialize(Set attachments, JsonGenerator jsonGenerator, SerializerProvider provider) + throws IOException, JsonProcessingException { + + try { + List results = handler.bulkCreateOrUpdateAttachments(attachments); + if (!results.isEmpty()) { + throw new IOException("Cannot create or update attachments. Some failed: " + results); + } + + } catch (SW360Exception exception) { + throw new IOException("Cannot create or update attachments.", exception); + } + + jsonGenerator.writeStartArray(); + for (Attachment attachment : attachments) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeStringField("_id", attachment.getId()); + jsonGenerator.writeEndObject(); + } + jsonGenerator.writeEndArray(); + } +} +``` + +#### Deserializer +```java +public class AttachmentSetDeserializer extends JsonDeserializer> { + + private final AttachmentDatabaseHandler handler; + + public AttachmentSetDeserializer(Supplier httpClient, String dbName) throws MalformedURLException { + this.handler = new AttachmentDatabaseHandler(httpClient, dbName); + } + + @Override + public Set deserialize(JsonParser jsonParser, DeserializationContext context) throws IOException, JsonProcessingException { + Set attachments = Sets.newHashSet(); + + if (!jsonParser.isExpectedStartArrayToken()) { + throw new IllegalStateException("Expected array token but found: " + jsonParser.getCurrentToken().asString()); + } + + Set attachmentIds = Sets.newHashSet(); + JsonToken token = jsonParser.nextToken(); + while (!JsonToken.END_ARRAY.equals(token)) { + switch (token) { + case START_OBJECT: + Attachment attachment = jsonParser.readValueAs(Attachment.class); + if (attachment.isSetId() && !attachment.isSetRevision()) { + attachmentIds.add(attachment.getId()); + } else { + attachments.add(attachment); + } + break; + + default: + throw new IllegalStateException( + "Unexpected token. Expected object or string but found: " + jsonParser.getCurrentToken().asString()); + } + + token = jsonParser.nextToken(); + } + + if (!attachmentIds.isEmpty()) { + try { + attachments.addAll(handler.retrieveAttachments(attachmentIds)); + } catch (SW360Exception exception) { + throw new IOException("Cannot load attachments (" + attachmentIds + ")", exception); + } + } + + return attachments; + } + +} +``` diff --git a/content/ja/docs/Development/Dev-Filtering-in-Portlets.md b/content/ja/docs/Development/Dev-Filtering-in-Portlets.md new file mode 100644 index 0000000..e0b96d5 --- /dev/null +++ b/content/ja/docs/Development/Dev-Filtering-in-Portlets.md @@ -0,0 +1,13 @@ +--- +title: "Filtering in Portlets" +linkTitle: "Filtering in Portlets" +weight: 10 +--- + +For the filters that are shown for components and listings, there are some options: + +1. The **Keyword search** works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp. + +2. The **filters** actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, `ProjectPortlet` calls the thrift service `refineSearch()`, which is handled in `ProjectHandler`. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in `ProjectSearchHandler.java`. This is called with the `LuceneAwareDatabaseConnector.java`. After filtering, the visibility constraints for the requesting user are applied. + +3. Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser). diff --git a/content/ja/docs/Development/Dev-Fossology-Integration.md b/content/ja/docs/Development/Dev-Fossology-Integration.md new file mode 100644 index 0000000..a7136fe --- /dev/null +++ b/content/ja/docs/Development/Dev-Fossology-Integration.md @@ -0,0 +1,55 @@ +--- +title: "Fossology Integration" +linkTitle: "Fossology Integration" +weight: 10 +description: "Basis of communication between SW360 and FOSSology" +--- + +Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server. + +The commands that are executed are the bash scripts found inside `src-fossology/src/main/resources/scripts/`, they are copied into the home directory of the ssh user (either manually or through the admin portlet). +See [Setup of connection with Fossology](Fossology-Setup) for configuration details. + +``` +\- src-fossology/src/main/resources/ + \- scripts/ + |- duplicateUpload + |- folderManager + |- getStatusOfUpload + |- uploadFromSW360 + \- utilsSW360 +``` + +These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as `cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...`). + +* `utilsSW360` contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes +* `folderManager` (uses FO:`fo_folder`): get information about the folder structure of FOSSology to allow sharing of uploads between groups +* `getStatusOfUpload` (uses FO:`fossupload_status`): to get the clearing status given an uploadId and a group +* `uploadFromSW360` (uses FO:`cp2foss fossjobs`): to create a new upload from the standard input and schedule scanners +* `duplicateUpload` (uses FO:`fo_chmod` SW:`folderManager`): to make a previously uploaded file available for another group + +### Java libraries and settings + +The java code utilizes the package `com.jcraft.jsch` to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB. + +### Conventions + +the sw360 user in FOSSology (the actual name is configured in `utilsSW360`) **must be a member of every group** to which it should be able to send Releases to be cleared. +File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss). + +### Datamodel and thrift service + +* each Release object in SW360 can have only one attachment of type SOURCE. +* when a Release is sent *for the first time* to FOSSology through the Thrift method `sendToFossology(1: string releaseId, 2: string clearingTeam )` its SOURCE attachement is sent as stdin to the script `uploadFromSW360`. + + The field `map clearingTeamToFossologyStatus` is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing). +* when the same Release is *sent again for another team* a new *link* in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:`fo_chmod`). + + At the moment this gives access only to the files, not to the relative clearing decision. + In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ] +* when the current status is requested using the Thrift method `Release getStatusInFossology(1: string releaseId, 2: string clearingTeam )` the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam + +### Notes + +* Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface. +* Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects. diff --git a/content/ja/docs/Development/Dev-Liferay-Friendly-URL.md b/content/ja/docs/Development/Dev-Liferay-Friendly-URL.md new file mode 100644 index 0000000..f00abd7 --- /dev/null +++ b/content/ja/docs/Development/Dev-Liferay-Friendly-URL.md @@ -0,0 +1,93 @@ +--- +title: "Liferay Friendly" +linkTitle: "Liferay Friendly" +weight: 10 +description: "Basis of communication between SW360 and FOSSology" +--- + +The normal generated portlet URLs containing a set of internal Liferay request parameters.
+These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else. + +General Liferay portlet URL:
+``` +http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_example_WAR_ExamplePortlet_javax.portlet.action=new +``` + +Explanation of the Liferay request parameters:
+**p_p_id:** The portlet ID (example_WAR_ExamplePortlet)
+**p_p_state:** Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize)
+**p_p_mode**: Mode of the portlet look like - (view) (edit) (help)
+**p_p_lifecycle:** This is life cycle of portlet - 0 (render) 1 (action) 2 (server)
+**p_p_col_id:** The reference ID of the column in Liferay template
+**p_p_col_pos:** Specifiy the column position if the the layout having more than one columns
+**p_p_col_count:** Shows the no of columns in the current layout + +### Friendly URL Mapper configuration + +Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature.

+How to configure the friendly URL Mapper in Liferay?

+**Configuration of URL routes in XML files**
+ +_CREATE example-friendly-url-routes.xml_
+```Xml + + + + + /action/{actionName} + {actionName} + + + 1 + normal + view + + +``` + +Explanation of the Liferay Friendly Mapper route parameters:
+**routes:** Routes element which contains all route entries
+**route:** Single route element entry
+**pattern:** Pattern of the mapped friendly URL (visible in address bar)
+**generated-parameter:** These parameters will be generated from parameters in the request URL
+**ignored-parameter:** These parameters will be igored and not included in generated URLs
+**implicit-parameter:** Used for static attributes which can be ignored by recognition
+**overridden-parameter:** Parameter that should be set to a certain value when a URL is recognized
+
+It is necessary to order the parameters as described above.
+These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay.
+
+**Configuration of friendly URL Java class**
+
+_MODIFY liferay-portlet.xml_ +
+```Xml +com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper +example +com/.../example-friendly-url-routes.xml +``` +
+In the next step we need one java implementation class to generate the Liferay friendly URLs.
+ +Liferay provides the _DefaultFriendlyURLMapper_ class to create the URLs based on our rules.
+ +The Liferay Friendly URL Mapper configuration is placed after `` and before `` +tag. + +### Friendly URL Mapper outcome + +**Liferay will generate the following friendly URL**
+```Bash +http://localhost:8080/web/guest/examples/-/example/action/new +``` +
+ +1. The liferay framework will add "-" (dash) +1. Friendly URL mapper name which is configured in `` (liferay-portlet.xml) element +1. Pattern name with generated parameters which is same as in `` (example-friendly-url-routes.xml) defined. + +### Additional + +Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript.
+It is helpful to generate `` placeholder and replace them by using dummy values. diff --git a/content/ja/docs/Development/Dev-Moderation-Requests.md b/content/ja/docs/Development/Dev-Moderation-Requests.md new file mode 100644 index 0000000..be925d0 --- /dev/null +++ b/content/ja/docs/Development/Dev-Moderation-Requests.md @@ -0,0 +1,72 @@ +--- +title: "Moderation Requests" +linkTitle: "Moderation Requests" +weight: 10 +--- + +The concept of moderation is good for two things: + +* to cope with a large number of potential edits on documents. +* to allow every user to propose edits. + +Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved. + +## Application Flow + +A user changes a moderated document, which are component, release, project and todo's of licenses (and the white list): + +* The user switches in edit mode and applies a change. +* The user submits the change by clicking "Update ..." +* The application checks, if the permissions are sufficient +* For sufficient permissions, see here: https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model +* If the permissions do not allow the edit right away, a moderation request is created. + +* Moderators can see the moderation request in the moderation portlet +* Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators + +## Technical Description +### Checking Document Permissions + +If a moderation requests needs to be created, because the user does not have sufficient permissions: + +* The request goes through the stack, for example: project portlet, project handler, project database handler. +* Then the project database handler checks for permissions using `makePermission()` (`DocumentPermission` is the base class, then `ProjectPermissions` is the referring here for projects) and `isActionAllowed()`. +* For moderation requests, we assume that this action is not allowed. Then, the `ProjectModerator` is called (see package `...sw360.datahandler.entitlement`). +* This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client. + +Every moderation request is created using the thrift-based API. + +### Writing a Moderation Request to the Database + +The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way: + +* The requests arrives in the `ModerationDatabaseHandler`. +* This handler writes the request to the database. + +### Creation Details in the Service + +The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created. + +Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the `ModerationDatabaseHandler` class. At the same location the check for deletion is performed. + +### What is in the Database? + +The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary. + +The following screen shot shows an example for a moderation request for a project. + +![Example Moderation Request in Database](https://raw.githubusercontent.com/wiki/siemens/sw360portal/images/036-oss-sw360-20160310-screenshot-moderation-reqeust-document-example.png) + + +### Evaluating the Moderation Request + +On the moderation portlet all moderations will be shown, for which the user is a moderator. +Only open moderation requests can be selected. Approved and declined moderation requests will only be shown. +On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the `merge.jsp` and all differences will be shown to the moderator. This is done via tags such as the `sw360:CompareProject`-tag. Opening the detailed view of the moderation request changes the state to `in progress` to show other moderators that the moderation request is in work. + +The following actions are possible: +* `Accept request`: the document within the moderation request will be accepted and written to the DB via e.g. the `ProjectService`. The state is set to `ACCEPTED`. +* `Remove Me from Moderators`: the state of the moderation requests is set to `PENDING` again and the logged in moderator will be removed from the moderation list. +* `Decline request`: the moderation requests will be set to `REJECTED` and still shown in the list +* `Postpone request`: the state will be `IN PROGRESS`. +* `Cancel`: the moderation state is set to `PENDING` and the moderation request will still be shown in the moderation request list diff --git a/content/ja/docs/Development/Dev-Releasing-SW360.md b/content/ja/docs/Development/Dev-Releasing-SW360.md new file mode 100644 index 0000000..307ed53 --- /dev/null +++ b/content/ja/docs/Development/Dev-Releasing-SW360.md @@ -0,0 +1,109 @@ +--- +title: "Release and Versioning" +linkTitle: "Release and Versioning" +weight: 10 +description: "Our Versioning and Release Principles" +--- + +We have the following main principles for versioning and releases. We consider [semantic versioning](http://semver.org/): + +> Given a version number MAJOR.MINOR.PATCH, increment the: +> +> - MAJOR version when you make incompatible API changes, +> - MINOR version when you add functionality in a backwards-compatible manner, and +> - PATCH version when you make backwards-compatible bug fixes or security fixes. +> +> Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format. + +with the following implementation in our project: + +### Major Version + +* API breaking changes are considered for the upcoming REST API. +* Breaking change is *also* if a migration script is required for the database. +* Thrift API is not considered a public API anymore. +* Therefore, milestones cannot correspond to our versions like `1.4`, `1.5`, etc. anymore: we do not know which feature + or issue will cause a version jump according to semantic versioning guidelines. +* While preparing for a new major release, the repository should go into freeze mode: + * No new features can be merged. + * No dependency updates. + * Add decided bug fixes/issues closed. + * The main branch is stable and tested. + * **Only exception** for the freeze are security vulnerability fixes. + +### Minor Version + +* Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests. +* New functionality should come with appropriate test cases either in code (unit or functional) or in the + [TestCases document]({{< relref path="TestCases">}}). +* Minor versions requires also tagging in the repo. + +### Patch Level + +* Minor improvements which are backwards compatible and does not require a migration (qualifies as a breaking change). +* A group of pull requests updating outdated dependencies (at least a minor version update of dependency). +* Pull request merge which closes a GitHub issue. + +### Release code freeze cycle + +* **Major release:** A strict code freeze cycle to be followed with an expected release date. + * During the freeze cycle, no other pull request to be merged unless it fixes/closes decided issue. + * New test cases can always be merged. + * Dependencies are frozen at the announcement of expected release date. + * Exceptions to update a dependency: + * **Major vulnerability:** Must be updated even if the release date needs to be shifted. + * **Medium vulnerability:** Test the update, if validated, merge. If it can't be validated in reasonable period, the + decision on what to do goes to core team. + * **Minor vulnerability:** Can be merged only if it does not break compatibility, otherwise not be updated. +* **Minor release:** The code freeze can be relaxed and a release date is not expected. + * No new **major** feature to be added or changed. + * Minor bug fixes/patches can be merged. + * Dependencies can be updated. + * If a dependency update breaks a minor release, a patch release to be created with the fix. +* **Patch release:** No code freeze for patch release. + +## Naming and Meaning of Milestones + +* We are no longer following milestones in favour of simple semantic versioning. + +## Technical Implementation + +* Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo. +* Currently, the versioning is "manual maven based", we look for a cleaner more automated approach. + +# Technical: Maven Universe How to make/tag a release⁽¹⁾: + +The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system +which is not leading to a temporary change in the repo, commit, and then reverting changes. + +Let us assume, that we want to tag the version **1.2.0** and that the current version in the pom.xml is **1.1.13**. + +### 0. Work in a clean environment +Especially all poms should be without uncommitted changes. The safe way is to start with: +```shell +$ cd /tmp/ +$ git clone https://github.com/eclipse-sw360/sw360.git +$ cd sw360 +``` + +### 1. Write the version of the release into the poms +
+$ mvn versions:set -DnewVersion=1.2.0
+$ git add pom.xml **/pom.xml
+$ git commit -sS -m "chore(release): set version to 1.2.0"
+
+This will actually edit all pom.xml files and change the versions to **1.2.0**. + +### 2. Test the project +```shell +$ mvn install +``` + +### 3. Create and push the tag +```shell +$ mvn scm:tag +``` +This creates the tag and **pushes it to GitHub**. + +-- +⁽¹⁾ based on: https://axelfontaine.com/blog/final-nail.html diff --git a/content/ja/docs/Development/Dev-Role-Authorisation-Model.md b/content/ja/docs/Development/Dev-Role-Authorisation-Model.md new file mode 100644 index 0000000..6efc08e --- /dev/null +++ b/content/ja/docs/Development/Dev-Role-Authorisation-Model.md @@ -0,0 +1,126 @@ +--- +title: "Roles and Authorization" +linkTitle: "Roles and Authorization" +weight: 10 +description: "SW360 Roles and Authorization" +--- + +Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application. + +For setting roles of a user, the Liferay control panel is being used (Admin menu -> Control Panel -> Users and Organisations -> Users -> select one user and Edit -> Roles). Setting access at individual records happens in the edit view of that record. + +## Roles Overview + +SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI. + +#### Setup Admin (Liferay Role) + +The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page. + +#### SW360 Admin (Liferay Role) + +The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role `CLEARING_ADMIN`. This role can change data from other groups, limited by visibility setting of a project. + +#### Clearing Admin (Liferay Role) + +The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator. + +#### Security Admin (Liferay Role) + +In addition to the user rights, the security admin can set security vulnerabilities to irrelevant + +#### ECC Admin (Liferay Role) + +In addition to the user rights, the ECC admin can manipulate ECC data. + +#### User + +A user can create, modify and delete all own (=self created) records. A user cannot change records of others + +### Moderation Requests + +If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record. + +In addition there are ACL-style roles, meaning that per data item access settings can be made: + +1. **creator** - a creator can modify in addition to the user's read abilities, a user can be creator of a data item +2. **moderator** - a creator can define moderators for a data item. Moderators can change a data item as a creator can. +3. **contributor** (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). +In contrast, the contributor cannot delete data items. +5. **project responsible** (Project) - is a contributor, just named differently to identify the responsible person. +6. **lead architect** (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions. +7. **contact** (Release) - deprecated, should be renamed to contributor see #100. + +`group (department)`, `contributor`, `moderator` and `owner` roles are entity specific, `user`, `clearing admin` and `admin` are roles assigned to a user. + +### Additional Project Visibility + +In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels: + +1. Private - no one but the creator can read. +2. Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors) +3. Department / business unit (should be renamed) - refer to the group the users are in. +4. Public - all registered users of the liferay / sw360 application (login required). + +The access rules are implemented in`lib-datahandler`. In the package, `com.siemens.sw360.datahandler.permissions` this is implemented in `ProjectPermissions`. See methods `isVisible` and `userIsEquivalentToModeratorinProject()` for the actual rules. + +### Overall Access Matrix + +The following table presents the SW360 Role-Authorisation-Model. + +The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon. + +| | creator | moderator | contributor | user | clearing admin | (sw360)admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| create | - | - | - | PCRV | PCRVL | PCRVL | +| read | P | P | P | (P²)CRVL | (P²)CRVL | PCRVL | +| edit | PCR | PCR | PCR | (all created ones) | PCRVL | PCRVL | +| delete | PCR | PCR | - | (all created ones) | L | PCRVL | + +P² : only if the user is member of the group of the project (or has created the project) + +Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users. + +#### Legend + +| acronym | description | +| ------- | ----------- | +| P | project | +| C | component| +| R | release | +| V | vendor | +| L | license | + +## Technical Info + +The role access rules are put into `lib-datahandler`. In the package, `com.siemens.sw360.datahandler.permissions` there are implementing classes of a template class `DocumentPermissions`. As an example, `ProjectPermissions` extends abstract class `DocumentPermissions`. + +At run time, a permissions object consisting of a document and a user is created: In `PermissionUtils` (same package) there is a static method `makePermissions()` that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed. + +Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of `PermissionUtils` for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the `lib-datahandler` library. + +## Further plans + +1. Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: [Issue #106](https://github.com/siemens/sw360portal/issues/106) + +2. [Issue #101](https://github.com/siemens/sw360portal/issues/101) for + +| | contributor | moderator | creator | user | clearing admin | admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| download OSS sources | - | - | - | R | R | R | +| download internal sources | R | R | R | - | - | R | + +3. [Issue #102](https://github.com/siemens/sw360portal/issues/102) for + +| | contributor | moderator | creator | user | clearing admin | admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| send to clearing | - | P | P | - | - | PCRL | + +4. [Issue #103](https://github.com/siemens/sw360portal/issues/103) for + +| | contributor | moderator | creator | user | clearing admin | admin | +| --- | ----------- | --------- | ----- | ---- | -------- | ----- | +| edit clearing report | - | R | R | - | R? | PCRL | + + + diff --git a/content/ja/docs/Development/Dev-Semantic-Commits.md b/content/ja/docs/Development/Dev-Semantic-Commits.md new file mode 100644 index 0000000..f8cc406 --- /dev/null +++ b/content/ja/docs/Development/Dev-Semantic-Commits.md @@ -0,0 +1,64 @@ +--- +title: "Semantic Commits" +linkTitle: "Semantic Commits" +weight: 10 +--- + +## The reason and benefit of semantic commit messages +- automatic generating of the changelog +- simple navigation through git history (e.g. ignoring style changes) + +## Semantic commit message structure +``` +(): + +Signed-off-by: Name +``` + +## The following are supported +- feat (new feature for the user, not a new feature for build script) +- fix (bug fix for the user, not a fix to a build script) +- docs (changes to the documentation) +- style (formatting, missing semi colons, etc; no production code change) +- refactor (refactoring production code, eg. renaming a variable) +- test (adding missing tests, refactoring tests; no production code change) +- chore (updating grunt tasks etc; no production code change) + +Example values: +- ui (user interface) +- rest (REST API) +- thrift (apache thrift services) +- project (project portlet) +- component (component portlet) +- user (user portlet) +- etc. + +## Example of semantic commit message +``` +fix(rest): change maven plugin order to generate the documentation correctly + +Signed-off-by: John Doe +``` + +## Referencing issues +Please reference in the pull request to the open issue + +`closes eclipse/sw360#` + +`closes eclipse/sw360#758` + +## Breaking changes +If a commit is introducing a breaking change in a functionality or an endpoint, +it must be documented in the commit message by adding an exclamation `!` after +the commit type. Additional documentation for the break can be added to the +commit footer with a `BREAKING CHANGE:` message. + +### Example of commit with breaking change +``` +fix(rest)!: migrate health endpoint + +BREAKING CHANGE: Move the health endpoint from `/resource/health` to +`/resource/api/health`. + +Signed-off-by: John Doe +``` diff --git a/content/ja/docs/Development/Dev-Testing-Frameworks.md b/content/ja/docs/Development/Dev-Testing-Frameworks.md new file mode 100644 index 0000000..7ddf27d --- /dev/null +++ b/content/ja/docs/Development/Dev-Testing-Frameworks.md @@ -0,0 +1,14 @@ +--- +title: "Testing Frameworks" +linkTitle: "Testing Frameworks" +weight: 10 +description: "Behaviour testing" +--- + +The implementation of complicated rules is not always easy to read. +A good way to document and explain the behaviour of rule engines are natural language tests. +A frame work we use for that is [jgiven](http://jgiven.org/). +We write the tests using the [dataprovider] (https://github.com/TNG/junit-dataprovider) runner. +This is basically a runner that allows to use parametrized tests. + +The basic testing frame work is still [JUnit4](http://junit.org/), assertions are made using [hamcrest](https://code.google.com/p/hamcrest/wiki/Tutorial) and we mock complicated input classes with [mockito](http://mockito.org/). diff --git a/content/ja/docs/Development/Dev-Troubleshooting.md b/content/ja/docs/Development/Dev-Troubleshooting.md new file mode 100644 index 0000000..04ba42a --- /dev/null +++ b/content/ja/docs/Development/Dev-Troubleshooting.md @@ -0,0 +1,145 @@ +--- +title: "Troubleshooting" +linkTitle: "Troubleshooting" +weight: 10 +description: "List of small issues / tips when developing for SW360" +--- + +### Development: problems building sw360portal with maven? + +Before building the sw360portal with maven, ensure that the following components are installed in the development environment: +* A git client +* Apache Maven 3.0.X +* Apache Thrift 0.9.3 +* Java 1.8.X +* CouchDB, at least 1.5 (only if the tests will be executed locally) + +### Development: problems using Eclipse? + +Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. +Recommended is IntelliJ IDEA or NetBeans. + +### Liferay: problems with displaying changes to page? + +When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters: + +``` +js_fast_load=0&css_fast_load=0&strip=0 +``` + +### Liferay: where are the initial admin user settings? + +It is the file ```portal-ext.properties``` in sw360/opt. + +### Maven: build generally fails + +You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either "mvn install" on top level or inside build configuration. + +#### Backend: problems with company proxy? + +maybe try instead: + +``` +/opt/apache-tomcat-/bin/startup.sh +``` +just this: +``` +CATALINA_OPTS="-Dhttps.proxy..." /opt/apache-tomcat-/bin/startup.sh +``` +for lucene it might be necessary to add: +``` +[httpd_global_handlers] +_fti = {couch_httpd_proxy, handle_proxy_req, <<"http://127.0.0.1:8085/couchdblucene">>} +``` +in lucene.ini of local.d of your CouchDB installation + +#### Backend: are thrift services up? + +1. Check tomcat manager (if the services are there) +2. Check if the service is accessible: + ``` + http://your.url.to.server.com:8085/components + ``` + Should return "Welcome to ...". +3. Check if the service thrift page is there: + ``` + http://your.url.to.server.com:8085/components/thrift + ``` + Should return HTTP status code 500, because in the browser, no valid thrift message was formed. + +#### Backend: org.ektorp.DbAccessException + +What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "_id" + +You add the class you have been trying to serialize to +THRIFT_CLASSES in +sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java + +#### Backend: maven failed tomcat7 deploy + +If the deployment via maven of the backend does fail with an error like this + +```Bash +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2302/17930 KB +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2102/17930 KB +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2064/17930 KB +Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses +2064/17930 KB +[INFO] ------------------------------------------------------------------------ +[INFO] Reactor Summary: +[INFO] +[INFO] backend ........................................... SUCCESS [2.579s] +[INFO] backend-src ....................................... SUCCESS [0.058s] +[INFO] src-licenses ...................................... SUCCESS [10.544s] +[INFO] src-users ......................................... SUCCESS [1.485s] +[INFO] src-vendors ....................................... SUCCESS [6.929s] +[INFO] src-search ........................................ SUCCESS [5.837s] +[INFO] src-components .................................... SUCCESS [19.439s] +[INFO] src-projects ...................................... SUCCESS [14.280s] +[INFO] src-attachments ................................... SUCCESS [6.188s] +[INFO] src-moderation .................................... SUCCESS [1.169s] +[INFO] src-fossology ..................................... SUCCESS [6.259s] +[INFO] backend-svc ....................................... SUCCESS [0.038s] +[INFO] svc-licenses ...................................... FAILURE [3.630s] +[INFO] svc-users ......................................... SKIPPED +[INFO] svc-vendors ....................................... SKIPPED +[INFO] svc-search ........................................ SKIPPED +[INFO] svc-components .................................... SKIPPED +[INFO] svc-projects ...................................... SKIPPED +[INFO] svc-attachments ................................... SKIPPED +[INFO] svc-moderation .................................... SKIPPED +[INFO] svc-fossology ..................................... SKIPPED +[INFO] backend-utils ..................................... SKIPPED +[INFO] ------------------------------------------------------------------------ +[INFO] BUILD FAILURE +[INFO] ------------------------------------------------------------------------ +[INFO] Total time: 1:19.836s +[INFO] Finished at: Mon May 04 15:57:46 CEST 2015 +[INFO] Final Memory: 24M/311M +[INFO] ------------------------------------------------------------------------ +[ERROR] Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy (default-cli) on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -> [Help 1] +[ERROR] +[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. +[ERROR] Re-run Maven using the -X switch to enable full debug logging. +[ERROR] +[ERROR] For more information about the errors and possible solutions, please read the following articles: +[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException +[ERROR] +[ERROR] After correcting the problems, you can resume the build with the command +[ERROR] mvn -rf :svc-licenses +voyager:backend sam$ +``` + +One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a ```mvn tomcat7:redeploy``` command. + +#### Deployment: liferay not accessible + +If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are: + +```Bash +/opt/apache-tomcat-.../bin/.startup.sh +/opt/liferay-.../tomcat-.../bin/.startup.sh +``` diff --git a/content/ja/docs/Development/Dev-Using-RequireJS-for-javascript-modules.md b/content/ja/docs/Development/Dev-Using-RequireJS-for-javascript-modules.md new file mode 100644 index 0000000..a26535f --- /dev/null +++ b/content/ja/docs/Development/Dev-Using-RequireJS-for-javascript-modules.md @@ -0,0 +1,111 @@ +--- +title: "Using RequireJS fro Javascript Modules" +linkTitle: "Using RequireJS" +weight: 10 +--- + +Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets. + +# Goal +We want to use RequireJS (http://requirejs.org/) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages: +- libraries like jquery or datatables can be imported by name but without a specified version +- if necessary, specific versions can be imported for parts of the page +- it is very easy to only load needed dependencies +- good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS. + +# How to use - example +There is a new jspf-file to be included in jsps to enable RequireJS support: + + <%@ include file="/html/utils/includes/requirejs.jspf" %> + +When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped: + + require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) { + // code goes here, libraries can be used through the variables $, quickfilter and confirm + // Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object + }); + +**NOTE/WARNING**: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern: + + <%@ include file="/html/utils/includes/requirejs.jspf" %> + + +**Explanation**: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once. + +# Migration +## Migrate a JSP +To migrate a JSP to use RequireJS the following steps have to be done: + +1. Enable RequireJS support by including `requirejs.jspf`. Do it JUST before the script tag with the main code (see NOTE above). +1. Enclose the existing code in a `require`-function (**Attention:** Also read "Co-existence with AUI().use()" below) +1. Remove existing `script`-tags that loads the javascript files "manually" +1. Rewrite code that access functions inside the new `require`-function from outside (e.g. click handlers, see below) + +## Co-existence with AUI().use() +If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call `require` inside. Otherwise the code may not be executed correclty if the 'Drag&Drop' error occurs to early during page loading: + + AUI().use('liferay-portlet-url', function () { + require(['jquery', 'module/quickfilter') { + // AUI and require modules loaded and available + }); + }); + +## Migrate click-handlers +Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead: + + $('#exportSpreadsheetButton').on('click.components', exportSpreadsheet) + +This click handler is added inside the RequireJS-scope where the function `exportSpreadsheet` is defined. +You may also attach handler for distinct elements in each row of a table: + + $('#componentsTable').on('click.components', 'img.delete', function(event) { + // do stuff + }); + +## Make a module out of a jspf-include +There are many jspf-includes which contain html as well as javascript code. They should be converted as followed: + +1. Move the javascript code to an own file. Place it below the 'html/js'-folder, following the same structure as the jspf-file. If the jspf-file is `html/components/includes/vendors/addVendor.jspf` place the javascript code in the file `js/components/includes/vendors/addVendor.js`. + +1. Enclose the code in a define statement to define a new module: + + define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() { + // define module code + }); + +In order to use the new module include the jspf-file and load the js-code via RequireJS: + + <%@ include "html/components/includes/vendors/addVendor.jspf" %> + + require(['components/includes/vendors/addVendor'], function(addVendor) { + // use addVendor + }); + +## Make a module out of a javascript file or function +There are several javascript files and functions below `/html/js'. They can be make compatible to RequireJS as follows: + +1. Create a new file inside `/html/js/component` with a proper name that describes the functionality for the new component +1. Define the module and point to the legacy function, e.g. + + define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) { + return { + confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */ + }; + }); + +1. Afterwards the module can be loaded using the name `component/confirm`, e.g. + + require(['module/confirm'], function(confirm) { + confirm.confirmDeletion(/*...*/); + }); + +**Note** The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. +**Note** You can also require legacy javascript files if you need them as dependency as pointed out in the examples above. + + + + \ No newline at end of file diff --git a/content/ja/docs/Development/RestAPI/Dev-REST-API.md b/content/ja/docs/Development/RestAPI/Dev-REST-API.md new file mode 100644 index 0000000..5c9514c --- /dev/null +++ b/content/ja/docs/Development/RestAPI/Dev-REST-API.md @@ -0,0 +1,377 @@ +--- +title: "SW360 Rest API" +linkTitle: "SW360 Rest API" +weight: 30 +--- + +The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module `rest` in the sw360 distribution. + +# Module Structure + +The `rest` module provides a REST API infrastructure for sw360 including: +* Module `authorization-server` - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow. +* Module `resource-server` - REST API Gateway, providing access to the data for authenticated and authorized users / clients. +* Module `rest-common` - only library code that is shared between the other rest modules. + +The REST API implementation uses: +* Module `authorization-server` uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data. +* Module `resource-server` uses thrift backend services for accessing sw360 data to deliver it to the external clients. + +# API Principles + +## Security Principles + +The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user's name. +With this OAuth2 access token the client can query the resource server which will restrict access to the given authorities. +Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user. + +There are currently three different possibilities for an OAuth2 authorization server implemented: +* Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users. +* Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top. +* Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration. + +## Data Principles + +The REST API provides Hypermedia using [HAL](http://stateless.co/hal_specification.html) (Hypertext Application Language). +The following example shows some ideas of the REST API. It can be obtained by + +``` +https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +``` +Note that the response below is maybe not the exact same response of your current version: +```json +{ + "_links": { + "sw360:attachments": { + "href": "https://dev.sw360.siemens.com/resource/api/attachments{?sha1}", + "templated": true + }, + "sw360:components": { + "href": "https://dev.sw360.siemens.com/resource/api/components" + }, + "sw360:licenses": { + "href": "https://dev.sw360.siemens.com/resource/api/licenses" + }, + "sw360:licenseinfo": { + "href": "https://dev.sw360.siemens.com/resource/api/licenseinfo" + }, + "sw360:projects": { + "href": "https://dev.sw360.siemens.com/resource/api/projects" + }, + "sw360:releases": { + "href": "https://dev.sw360.siemens.com/resource/api/releases" + }, + "sw360:users": { + "href": "https://dev.sw360.siemens.com/resource/api/users" + }, + "sw360:vendors": { + "href": "https://dev.sw360.siemens.com/resource/api/vendors" + }, + "sw360:vulnerabilities": { + "href": "https://dev.sw360.siemens.com/resource/api/vulnerabilities" + }, + "profile": { + "href": "https://dev.sw360.siemens.com/resource/api/profile" + }, + "curies": [ + { + "href": "https://dev.sw360.siemens.com/resource/docs/{rel}.html", + "name": "sw360", + "templated": true + } + ] + } +} +``` + +# API Installation + +Both, the `authorization-server` and the `resource-server` can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat. + +# API Configuration + +Since the `authorization-server` and the `resource-server` are Spring Boot servers, they are configured as usual via `/src/main/resources/application.yml`. In addition some configuration comes historically from `sw360.properties`. Please note that all configurations could be provided centrally in the `/etc/sw360/` directory. As such, the `sw360.properties` sits directly in `/etc/sw360/`. For rest-specific configurations the application considers the location `/etc/sw360/rest`. + +## Authorization Server Configuration + +### Special Liferay Credentials Configuration + +In addition to the general properties in [here](#general-config) the following needs to be configured in the `application.yml` when the authentication via Liferay username/password credentials should be possible: + +| Key | Values | Default | +| --- | --- | --- | +| sw360:sw360-portal-server-url | the url of the Liferay instance | n/a (but could be given if environment variable is used like `${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}`) | +| sw360:sw360-liferay-company-id | the id of the company in Liferay that sw360 is run for |(but could be given if environment variable is used like `${SW360_LIFERAY_COMPANY_ID:20155}`) | + +### Special SSO Configuration + +In addition to the general properties in [here](#general-config) the following needs to be configured in the `application.yml` when the authentication via SSO should be possible: + +| Key | Values | Default | +| --- | --- | --- | +| security:customheader:enabled | Flag if the components needed for SSO should be active | false | +| security:customheader:headername:intermediateauthstore | the name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal only | custom-header-auth-marker | +| security:customheader:headername:email | the name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients) | authenticated-email | +| security:customheader:headername:extid | the name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients) | authenticated-extid | + +:heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed! + +#### Removing Headers in Apache + +In Apache you may use the [`mod_headers`](https://httpd.apache.org/docs/current/mod/mod_headers.html) module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the `authorization-server`: + +``` +RequestHeader unset custom-header-auth-marker +RequestHeader unset authenticated-email +RequestHeader unset authenticated-extid +``` + +### General Configuration + +Possible properties in `sw360.properties` file are: + +| Key | Values | Default | +| --- | --- | --- | +| backend.url | the url where the thrift services can be found | http://127.0.0.1:8080 | +| rest.write.access.usergroup | the user group level (`USER|CLEARING_ADMIN|...`) that is at least required for getting `WRITE` authority (if client has this scope as well) | `ADMIN` | +| rest.admin.access.usergroup | the user group level (`USER|CLEARING_ADMIN|...`) that is at least required for getting `WRITE` authority (is required for managing OAuth2 clients | `ADMIN` | + +The values in `sw360.properties` should be migrated to the `application.yml` in the future. + +Further important properties in `application.yml` file are: + +| Key | Values | Default | +| --- | --- | --- | +| couchdb:url | the url of the CouchDB to use as client store | n/a | +| couchdb:database | the database name of the CouchDB database to use as client store | n/a | +| couchdb:username | if the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty value | null | +| couchdb:password | if the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty value | null | +| sw360:cors:allowed-origin | value for cross origin resource sharing | n/a | +| security:oauth2:resource:id | should just be the same then in the resource server | n/a | + +After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the `ADMIN` authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now. + +# Client Management + +In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-`ADMIN` privileges are needed for client management, an authentication is needed to work with this API. + +For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow): +1. Open a browser with developer tools capabilities +2. Open + ``` + https://[hostname]:[port]/authorization/client-management + ``` + This page always shows the currently configured clients and can be refreshed after every manipulation of a client. + +3. To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs + ``` + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('POST', '/authorization/client-management', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(JSON.stringify( + { + "description" : "my first test client", + "authorities" : [ "BASIC" ], + "scope" : [ "READ" ], + "access_token_validity" : 3600, + "refresh_token_validity" : 3600 + } + )); + console.log(xmlHttpRequest.responseText); + ``` +4. to manipulate an existing client, do the same but add the clientid to the data object + ``` + "client_id" : "9e358ca832ce4ce99a770c7bd0f8e066" + ``` +5. to remove an existing client, enter the following javascript in the dev tools console + ``` + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(); + console.log(xmlHttpRequest.responseText); + ``` + +This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth. + +### Client Management via Curl + +The above described call to create a rest client can also be done directly via one curl call: + +```bash +SW360_USER=[admin sw360 user] +SW360_PW=[corresponding sw360 admin user password] +curl -s -S \ + --user "${SW360_USER}:${SW360_PW}" \ + --header "Content-Type: application/json" \ + --header "Accept: application/json" \ + -X POST https://[hostname]:[port]/authorization/client-management \ + -d @- < +``` +The client must pass its credentials via basic authentication. Though a user authentication is not necessary. +If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the 'grant_type=refresh_token' query parameter may be used. + +## Example Apache configuration +The following example shows the relevant part for an Apache proxy to configure +authentication of the `authorization-server` properly: +```apache + + Order allow,deny + Allow from all + + + # No authentication needed + + + # Configure your authentication here + + + ProxyPass https://localhost:8443/authorization/oauth/token + ProxyPassReverse https://localhost:8443/authorization/oauth/token + +``` + +# Resource Server Configuration + +Now that access tokens can be generated, the resource server has to be configured. The same general ideas of [general config](#general-config) apply. The properties of the `application.yml` are + +| Key | Values | Default | +| --- | --- | --- | +| sw360:thrift-server-url | the url where the thrift services can be found, e.g. http://localhost:8080 | | +| sw360:test-user-id | only for developing, simple test user short cut, must be pulled off for productive | | +| sw360:test-user-passwors | see above | | +| sw360:couchdb-url | the url of the CouhDB server for attachment handling, e.g. https://localhost:5984 | | +| sw360:cors:allowed-origin | value for cross origin resource sharing | n/a | + +The REST API is now completely usable via an own client or testwise with integrated tools. + +# Tools + +To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is: + +``` +https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +``` +An example for a screenshot is as follows: + +![rest-hal-explorer](https://user-images.githubusercontent.com/29916928/39576770-90b2b576-4edf-11e8-9d1b-742c10d88b8e.png) + +When using other tools the access token has to be set as header parameter in the REST request. Please add a new header: +- Key: Authorization +- As value you need to enter: `Bearer [ACCESS_TOKEN]` where `[ACCESS_TOKEN]` actually contains the token + +## Example – Get a list of projects + +Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request: +``` +https://sw360.org/resource/api/projects (or /resource/api/projects) +``` +will return the following response: + +![rest-explorer2](https://user-images.githubusercontent.com/29916928/39579586-6b1d1736-4ee7-11e8-8faf-da71c8776680.png) + +# API Documentation + +sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance + +| URL | Description | +| --- | --- | +| https://[hostname]:[port]/resource/docs/index.html | Small overview page | +| https://[hostname]:[port]/resource/docs/api-guide.html | The API description for the currently running server | +| https://[hostname]:[port]/resource/api/browser/index.html#/resource/api | Integrated HAL browser to directly use the API | + +# Known Problems + +If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses: + +```json +"_links": { + "self": { + "href": "https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d" + } +} +``` + +The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the `http` protocol and port - which is a problem if the server should be contacted over `https`only. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to `https`. + +Solution is to set for example in Nginx HTTP 'X-Forward-*' headers on a reverse proxy, for example: + +```nginx + location / { + ... + proxy_set_header X-Forwarded-Port 443; + proxy_set_header X-Forwarded-Proto https; + } +``` + +For other Web severs, there might a similar solution. diff --git a/content/ja/docs/Development/RestAPI/_index.md b/content/ja/docs/Development/RestAPI/_index.md new file mode 100644 index 0000000..6810fab --- /dev/null +++ b/content/ja/docs/Development/RestAPI/_index.md @@ -0,0 +1,25 @@ +--- +title: "SW360 RESTful API" +linkTitle: "RESTful API" +weight: 2 +--- + +Using the Web interface makes sense for some use cases, for some other cases the tool integration is more useful. The SW360 software offers a RESTful API. It has been initially developed by a colleague of the BT division - an excellent example of how Inner Source works for projects. Now it has been integrated to the official main project as component that can be deployed along with a SW360 solution. + +## Methods of Authentication + +1. OAuth workflow involving consumer / client secret and user token using user name and password from LDAP / Exchange accounts (very early) +2. Access key obtained in the SW360 UI +3. OAuth workflow involving consumer token / client secret and signed Java Web Tokens involving user authentication from OpenID Connect service for the first token and then using the OAuth refresh tokens. + +API Documentation is available on the instances deployed: + +- `https:///resource/docs/api-guide.html` + +## Brief Specs +| | | +| --- | --- | +| Implementation Technology | Java-based Spring-framework based | +| REST Flavor | Hypermedia-driven | +| Authentication | Now: Token by user token store. Previously: Spring Security using JWT and SW360 user management. Note that technically, both ways are possible | +| More Technical Information | [Rest API]({{< ref "Dev-REST-API.md" >}} "Rest API") | diff --git a/content/ja/docs/Development/RestAPI/access.md b/content/ja/docs/Development/RestAPI/access.md new file mode 100644 index 0000000..ba24fa2 --- /dev/null +++ b/content/ja/docs/Development/RestAPI/access.md @@ -0,0 +1,142 @@ +--- +title: "API Access" +linkTitle: "API Access" +weight: 10 +--- + +## How to get Access + +There are the following steps + +1. Open a browser with developer tools + +2. Go to + `https:///authorization/client-management` + +3. To add a new client, enter the following javascript in the dev tools +console + + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('POST', '/authorization/client-management', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(JSON.stringify( + { + "description" : "my first test client", + "authorities" : [ "BASIC" ], + "scope" : [ "READ" ], + "access_token_validity" : 3600, + "refresh_token_validity" : 3600 + } + )); + console.log(xmlHttpRequest.responseText); + +4. To manipulate an existing client, do the same but add the clientid to +the data object + + `"client_id" : "9e358ca832ce4ce99a770c7bd0f8e066"`
+to remove an existing client, enter the following javascript in the +dev tools console + + xmlHttpRequest = new XMLHttpRequest(); + xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); + xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); + xmlHttpRequest.setRequestHeader('Accept', 'application/json'); + xmlHttpRequest.send(); + console.log(xmlHttpRequest.responseText); + +5. You receive the token from such request, which looks like + + { + "access_token" : "eyJhbGciOiJSUzI...", + "token_type" : "bearer", + "refresh_token" : "eyJhbGciOiJSUzI1...", + "expires_in" : 599, + "scope" : "READ WRITE", + "jti" : "42539b0d-..." + } + +6. You can try a request which uses for example the tool curl: +`curl -X GET -H "Authorization: Bearer [token]" -H "Content-Type: application/json"` + +7. You can get a new token (you must get a new token) after expiration using client id and secret: +`https:///authorization/oauth/token?grant_type=refresh_token&refresh_token=[refresh_token]` + +## Deprecated Method: Access Tokens from the SW360 UI +Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time. + +Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you: + +- No interaction with authorization service is necessary. +- The token needs to be provided as with the JWT. + +Please find attached, where to obtain the token: + +{{< figure src="/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke.png">}} + +And then find the interface for issuing the tokens: + +{{< figure src="/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png">}} + +### Token into which Header? +If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above): + +`Authorization: Token ` + +Previously, when you got the authentication info via the authorization service, it was: + +`Authorization: Bearer ` + +### Example: PowerShell Script +This is an example Thomas Graf has sent around one - might be good to see how this works in general: + +```powershell +$baseUri = "https:///resource/" +$uri = $baseUri + "api/projects" $data = @" +{ "name" : "My 5th Dummy Project", + "description" : "Read/write test", + "version": "1.0", + "tag": "my tag", + "ownerGroup": "GROUP", + "projectType": "PRODUCT", + "linkedProjects": {}, + "linkedReleases": {} +} "@ +$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" +$headers.Add('Content-Type', 'application/hal+json') +$headers.Add('Authorization', 'Token ' + $env:SW360StageToken) +$headers.Add('Accept', 'application/hal+json') +Invoke-WebRequest $uri -Method POST -Body $data -Headers $headers +``` + +## Deprecated Method: Authentication with Username and Password + +### If I am not using token, but SW360 elsewhere: how do I obtain tokens? +There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be: + +```bash +curl -X POST --user 'trusted-sw360-client:sw360-secret' \ +-d grant_type=password&username=user@sw360.org&password=12345 \ +https:///authorization/oauth/token -k +``` + + Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different. + + Second you need to parameterize your request with this token. Pls. see the link at the very top 'Technical Information': [Rest API]({{< ref "Dev-REST-API.md" >}} "Rest API") for more information. + +### FAQ +- When I use the JWT approach I used curl to retrieve the token and get + + {"error":"unauthorized","error_description":"No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken"} + +- Your password seems to be wrong. + + Note, that with curl - you have to escape special characters in your password. E.g. password +123$abc +results in the following request + +```bash +curl -X POST --user 'trusted-sw360-client:sw360-secret' \ +-d grant_type=password&username=user@sw360.org&password=123\$abc \ +https:///authorization/oauth/token -k +``` diff --git a/content/ja/docs/Development/TestCases/Test-Cases-Components.md b/content/ja/docs/Development/TestCases/Test-Cases-Components.md new file mode 100644 index 0000000..d88ce2e --- /dev/null +++ b/content/ja/docs/Development/TestCases/Test-Cases-Components.md @@ -0,0 +1,202 @@ +--- +title: "Component / Release" +linkTitle: "Component / Release" +weight: 10 +--- + +## TC01: Add a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Components_ tab | _Components_ page is displayed +3 | Click _Add Component_ button | - _New Component_ page is displayed with mandatory fields marked with red star: Name, Categories, Component Type.
- A message _Success:New Component_ is displayed +4 | Fill in a component _Name_, _Categories_ and _Component Type_ fields.
_Eg:_
- Name: Component 1@1
- Categories: Categories_1@1
- Component Type: OSS | Values are entered in the fields +5 | Click _Create Component_ button | - Create component successfully.
- Redirect to the edit component page.
-Show message: _Success:You are editing the original document._ +6 | Click _Releases_ tab
Click _Add Release_ button | Redirect to Add Release page +7 | Fill in a release _Version_ and _CPE ID_
_Eg:_
- Version: version1.0.0.x
- CPE ID: UUID_1002 | Values are entered in the fields:
- Version: version1.0.0.x
- CPE ID: UUID_1002 +8 | Click _Create Release_ button | - Create a release successfully.
- Redirect to the edit new release page.
- The message _Success:You are editing the original document._ is displayed +9 | Click _Vendor_ field | _Search Vendor_ dialog is displayed +10 | Click _Add Vendor_ button | _Create new Vendor_ dialog display +11 | Input data in fields
- Full Name: add vendor 01
-Short Name: add vendor01
-URL: https://github.com/eclipse-sw360/sw360 | Values are entered in the fields. +12 | Click _Add Vendor_ button | The vendor is added in Vendor field of the release with full name is _add vendor 01_ +13 | Click _Attachments_ tab | _Attachments_ page is displayed +14 | Click _Add Attachment_ button | _Upload Attachment_ dialog is displayed +15 | Click _Browse_ and select the attachment.
Eg: attachment1.xlsx | File name is displayed in the dialog +16 | Click _Upload_ button | The file is uploaded and dialog is closed. Also the attached file is listed in the _Attachment_ page +17 | Change the attachment _Type_ to real type.
Eg: Component license information (Combined) | Type changed successfully +18 | Click _Update Release_ button | Message: _Success:Release {name} ({version}) updated successfully!_ is displayed + +## TC02: Verify data after add a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Search for the component is created in TC01:
- Click _Components_ portlet
- At Advanced Search area, input _Component 1@1_ in the _Component Name_ textbox.
- Click _Search_ button | The new component display in the table with:
- Vendor: add vendor01
- Component Name: _Component 1@1_ is displayed with hyper link.
- Main licenses: blank
- Component Type: OSS +2 | Click hyper link of name _Component 1@1_ | Redirect to view component _Component 1@1_ page +3 | Click _Release Overview_ tab | The release display with:
- Name: Component 1@1
- Version displays with hyper link: version1.0.0.x
- Clearing State: New
- Clearing Report: no report
- Release Mainline State: Open +4 | Click hyper link _version1.0.0.x_ | Redirect to view screen of release _Component 1@1 version1.0.0.x_
Data of the release:
- Summary tab:
+ display text with: COMPONENT 1@1 VERSION1.0.0.X
+ CPE ID: UUID_1002
+ Created on: date of created.
+ Created by: user created.
+ Modified On: date of modified.
+ Modified By: user modified.
+ Clearing State: New
+ Release Mainline State: Open
+ Release Vendor with:
  Full Name: add vendor 01
  Short Name: add vendor01
  URL: https://github.com/eclipse-sw360/sw360 +5 | Click _Attachments_ tab | Display file name _attachment1.xlsx_ in the table. + +## TC03: Modify a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component (e.g. created in TC01: _Component 1@1_) and click _Edit_ icon | _Success:You are editing the original document_ message is displayed +2 | Click _Releases_ tab | Release list is displayed +3 | Click _Add Release_ button | Redirect to Add Release page +4 | Fill in a release _Version_ and _CPE ID_
_Eg:_
- Version: v1.0.0.1
- CPE ID: cpe:id:123456 | Values are entered in the fields:
- Version: v1.0.0.1
- CPE ID: cpe:id:123456 +5 | Click _Create Release_ button | - Redirect to the edit new release page.
- The message _Success:You are editing the original document._ is displayed +6 | Click _Vendor_ field | _Search Vendor_ dialog is displayed +7 | Click _Search_ button.
Select a vendor (eg: select vendor with full name _VendorUp_)
Click _Select Vendor_ button. | Dialog is closed and selected Vendor is added under _Vendor_ field: VendorUp +8 | Click _Attachments_ tab
Click _Add Attachment_ button
Click _Browse_ and select the attachment. Eg: attachment2.img
Click _Upload_ button | The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page +9 | Click _Update Release_ button | Message _Success:Release Component 1@1 (v1.0.0.1) updated successfully!_ is displayed + +## TC04: Verify data after modify a component and release with vendor present + +Step | Action | Result +---:|:-----|:---- +1 | Continue TC03 | +2 | Click _Summary_ tab | Data in the tab:
- Modified On: date of modified.
- Modified By: user modified.
Data of other fields in the tab is same data before updated. +3 | Click _Release Overview_ tab | New release with version _v1.0.0.1_ is added in the release table. +4 | Click _v1.0.0.1_ hyper link | Text display with: _COMPONENT 1@1 V1.0.0.1_ at the right corner.
- At Summary tab:
+ CPE ID: cpe:id:123456
+ Release Vendor: display with Full Name, Short Name and URL correctly with vendor _VendorUp_
- At Attachments tab: attachment _attachment2.img_ display in the attachment table with correct information. +5 | Click _Component 1@1_ hyper link | Redirect to view screen of _Component 1@1_ component. +6 | Click _Attachments_ tab | Data in the tab is same data before updated. +7 | Click _Vulnerabilities_ tab | Data in the tab is same data before updated. + +## TC05: Add and modify a component and release with all fields filled in + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab
Click _Add Component_ button
Fill in all editable fields
Click _Create Component_ button | - Redirect to edit component screen with the message _Success:You are editing the original document._ is displayed in the left corner.
- Create component successfully. Data match with input data. +2 | Click _Releases_ tab.
Click _Add Releases_ button.
At _Summary_ tab, fill in all editable fields under _Release Summary_ and _Release Repository_.
Click _Create Release_ button.
| Redirect to edit release screen.
Created release successfully. Data match with input data. +3 | Click _Linked Releases_ tab
Click _Click to add Releases_ button | The dialog _Link Releases_ is displayed. +4 | Input search name into textbox
Click _Search_ button
Select 3 releases.
Click _Link Releases_ button | Dialog is closed and selected release is displayed under _Linked Releases_ section. +5 | Click _Linked Packages_ tab
Click _Add Packages_ button | The dialog _Link Packages_ is displayed. +6 | Input an exist orphan package name into textbox.
Click _Search_ button.
Select a package.
Click _Link Packages_ button. | Dialog is closed and selected package is displayed under _Linked Packages_ table +7 | Click _Clearing Details_ tab
Fill in all editable fields | Values are entered in the fields +8 | Click _ECC Details_ tab
Fill in all editable fields | Values are entered in the fields +9 | Click _Attachments_ tab
Click _Add Attachment_ button
Click _Browse_ and select the attachment. _Eg_: attachment3.xlsx
Click _Upload_ button | The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page +10 | Click _Update Release_ button | - _Success:Release {componentName} ({version}) updated successfully!_ message is displayed.
- Redirect to the view release screen. +11 | Check all fields of the release by click tabs: _Summary, Linked Releases, Linked Packages, Clearing Details and Attachments_. | Values are filled in correctly, match with input data. +12 | Click _Edit Release_ button, modify some fields.
Eg:
- _Version_ field ( in _Summary_ tab): rename version name_updated
- _ECC Status_ field (in _ECC Details_ tab): Approved.
Click _Update Release_ button. | Values are updated successfully + +## TC06: Delete a component that is first linked to a project and then not, and a project + +Step | Action | Result +---:|:-----|:---- +1 | Create a new component
_Eg:_ component with name _Component @1234_ | Component is created successfully +2 | Add a new release to this component
_Eg:_ release _Rel1_ | Release is added successfully +3 | Create a new project _P1_ | Project is created successfully +4 | Add the linked release _Rel1_ to project _P1_. | Release linked successfully +5 | Click _Components_ portlet.
Search component _Component @1234_ by name at advanced search. | Component _Component @1234_ display on the result table. +6 | Click delete icon of component _Component @1234_ | A warning _The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first._ +7 | Click _OK_ button in the warning dialog. | The dialog is closed, component is not deleted +8 | Click _Components_ portlet.
Search for the component _Component @1234_ and click hyper link of component _Component @1234_. | View screen of _Component @1234_ component is display +9 | Click _Release_ Overview.
Click Delete icon button of release _Rel1_.
Click _Delete Release_ button in the dialog. | - Dialog _Delete Releases_ is displayed.
- Delete the release is failure.
- The message: _I could not delete the release, since it is used by another component (release) or project_ display. +10 | Go to project _P1_, delete project _P1_. | The project is deleted successfully +11 | Go to component _Component @1234_, at _Release Overview_ tab, click Delete icon button of release _Rel1_. | Show message: _Do you really want to delete the release {componentName} ({version}) ?_ +12 | Click _Delete Release_ button | Release is deleted successfully +13 | Click _Edit Component_ button.
Click _Delete Component_ button. | The dialog is displayed with message: _Do you really want to delete the component {componentName} ?_ +14 | Click _Delete Component_ button | Component is deleted successfully + +## TC07: Add new attachments to an existing release and delete attachments + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component (e.g. created in TC01) and click _Release Overview_ tab | The list of releases are displayed +2 | Click edit icon in the Action column of release version that needs a new attachment. _Eg:_ release _Rel1_. | Edit release _Rel1_ page is displayed. +3 | Click _Attachments_ tab
Click _Add Attachment_ button
Click _Browse_ and select several attachments.
_Eg:_ 5 attachment files (att1, att2, att3, att4, att5) | File names are displayed in the dialog +4 | Click _Delete_ button near some files not to be added.
_Eg:_ delete 2 attachment files (att1, att3) | File names are removed from the list +5 | Click _Upload_ button for the remaining files. | The attached file are listed in the _Attachment_ page: att2, att4, att5 +6 | Change some _Attachment type_ to real type, e.g. _source file, clearing report, CLI,..._ | Type changed successfully +7 | Click _Update Release_ button | Release _Ree1_ is updated correctly. +8 | Click _Edit Release_ button | _Success:You are editing the original document._ message is displayed +9 | Click _Attachments_ tab | _Attachments_ page is displayed +10 | Click delete icon to delete an attachment | Show message: _Do you really want to delete attachment {attachmentName}({attachmentId})?_ +11 | Click _Delete Attachment button_ | Attachment is deleted successfully, data of attachment is removed from attachment table. +12 | Click _Update Release_ button | Release Ree1 is updated correctly with message _Success: Release {componentName}({version}) updated successfully!_ + +## TC08: Duplicate an existing release + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with release with all fields filled in (Eg: created in TC05) and click _Release Overview_ | The list of releases are displayed +2 | Click _Duplicate_ button under Action column | The page changes to create duplicate release screen +3 | Check all fields from copied release | - _Summary_ tab:
+ _CPE ID_ field: blank
+ Remain fields are unchanged (exclude disable fields).
- _Linked Releases_ tab: there is no linked release. +4 | Change the _Version_ field and fill in a _CPE ID_.
_Eg:_  Version: ver_duplicate
CPE ID: CPE ID_duplicate
Click _Create Release_ button | - Redirect to edit release screen.
- Create duplicate release is success with message: _Success:You are editing the original document._
- Data of duplicate release is correct. +5 | Modify some other fields.
_Eg:_ Release Date: 2023-06-12.
Click _Clearing Details_ tab | _Clearing Details_ page is displayed and does not contain any field from copied release +6 | Click _Update Release_ button | The release is updated successfully with data correctly +7 | Click component name link on top of the page | Summary page for the component is displayed +8 | Click _Release Overview_ tab | The new copied release is listed among previous releases + +## TC09: Search for and create a new vendor for a new release + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ portlet
At advanced Search, search for an existing component.
_Eg:_ input _Comp1_ in the Component Name text box.
Click _Search_ button. | Component _Comp1_ display in the result table. +2 | Click edit icon in Actions column of component _Comp1_. | Edit screen of component _Comp1_ is displayed with message: _Success:You are editing the original document_ +3 | Click _Releases_ tab
Click _Add Releases_ button | The page changes to _New Release Edit_ page +4 | Fill in a release _Version_ and _CPE ID_
_Eg:_
+ Version: @1.0.2
+ CPE ID: moshiano_002 | Values are entered in the fields +5 | Click _Vendor_ field | _Search Vendor_ dialog is displayed +6 | Click _Add Vendor_ | _Create New Vendor_ dialog is displayed +7 | Fill in _Full name_, _Short name_ and _URL_
_Eg:_
Full Name: Fullvendor_0909
Short Name: Short_ven090
URL: https://github.com/ | Values are entered in the fields +8 | Click _Add Vendor_ | Dialog closes and the new vendor is displayed in release _Vendor_ field with full name _Fullvendor_0909_ +9 | Click _Create Release_ | Redirect to edit release page with the message _Success:You are editing the original document._ is displayed +10 | Click component name link on top of the page | Summary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under _Vendors_ field for the component + +## TC10: Link a release to the project in view component page and check used by projects + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with release and click _Release Overview_ tab | The list of releases are displayed +2 | Click _Link Project_ button under Action column | The dialog _Link Release to Project_ is displayed with _Link to Project_ button is disabled +3 | Click _Search_ button then choose a project to link | _Link to Project_ button on the dialog is enabled +4 | Click _Link to Project_ button | _The release {component name} ({version}) has been successfully linked to project {project name}_
_Click here_ _to edit the release relation as well as the project mainline state in the project._ message is displayed +5 | Click _here_ hyperlink in the dialog | Redirect to the _edit project_ page with the release was linked (displayed on _License Clearing_ page) +6 | Re-open the release at view page and click _Summary_ tab | Used by project information is updated correspondingly + +## TC11: Link a release to a project in the view release page + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with release and click _Release Overview_ tab | The list of releases are displayed +2 | Click _a release name_ hyperlink. Eg: release R1 | Redirect to the _view release_ page +3 | Click _Link to Project_ button | The dialog _Link Release to Project_ is displayed with _Link to Project_ button is disabled +4 | Click _Search_ button then choose a project to link | _Link to Project_ button on the dialog is enabled +5 | Click _Link to Project_ button | _The release {component name} ({version}) has been successfully linked to project {project name}_
_Click here_ _to edit the release relation as well as the project mainline state in the project._ message is displayed +6 | Click _here_ hyperlink in the dialog | Redirect to the _edit project_ page with the release was linked (displayed on _License Clearing_ page) + +## TC12: Import a new component by .spdx/.xml/ .rdf file + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab | _Components_ page is displayed +2 | Click _Import SBOM_ button | A dialog _Upload SBOM_ is displayed +3 | Choose a **_.spdx_** or **_.xml_** or **_.rdf_** file by clicking on the _Browse_ button or drop/draft a file into the dialog | The message is displayed in the dialog:
_The new Component and new Release will be created, do you want to import?
New Component: {new component names}
New Release: {new release names}_ +4 | Click _Import_ button | The dialog is closed. New releases and new components are imported successfully + +## TC13: Export components without releases + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab | _Components_ page is displayed +2 | Click _Export Spreadsheet_ button and choose _Components only_ option | - A new file with name's format _components-{yyyy}-{mm}-{dd}.xlsx_ is downloaded
- The content of the downloaded file includes information of all components in the system + +## TC14: Export components with releases + +Step | Action | Result +---:|:-----|:---- +1 | Click _Components_ tab | _Components_ page is displayed +2 | Click _Export Spreadsheet_ button and choose _Components with releases_ option | - New file with name _components-{yyyy}-{mm}-{dd}.xlsx_ is downloaded.
- The content of the downloaded file includes information of all components and releases in the system + +## TC15: Create a clearing request for a release + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing component with releases and click _Release Overview_ tab | The list of releases are displayed +2 | Click _Edit_ button under _Action_ column. Eg: edit release R1 | Redirect to _view release_ page and the message _Success:You are editing the original document._ is displayed +3 | Click _Attachments_ tab, then add a source file (Eg: .rdf file) with _Type_ is _Source file_ | The data is updated correspondingly +4 | Click _Update Release_ button | The message _Success:Release {release name} updated successfully!_ is displayed +5 | Click _Clearing details_ tab, then click _Fossology Process_ icon beside _Clearing State_ field and wait for the process to finish | The message _The FOSSology process already finished. You should find the resulting report as attachment at this release._ is displayed in the _Fossology Process_ dialog +6 | Click _Close_ button in the dialog | The dialog is closed +7 | Reload this page, then click _Attachments_ tab | A new file is listed in _Attachments_ page with name's format _{component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf_ \ No newline at end of file diff --git a/content/ja/docs/Development/TestCases/Test-Cases-Licenses.md b/content/ja/docs/Development/TestCases/Test-Cases-Licenses.md new file mode 100644 index 0000000..2a72e6a --- /dev/null +++ b/content/ja/docs/Development/TestCases/Test-Cases-Licenses.md @@ -0,0 +1,75 @@ +--- +title: "Licenses" +linkTitle: "Licenses" +weight: 10 +--- + +## TC01: Create a license with mandatory fields then edit External link + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Licenses_ tab | _Licenses_ page is displayed +3 | Click _Add License_ button | _New License_ page is displayed +4 | Fill in _Fullname_ and _Shortname_ fields
_Eg:_
- Fullname: Open Logistics Foundation License v1.3
- Shortname: OLFL-1.3 | Values are entered in the fields +5 | Click _Create License_ button | - Navigate to the license list page and the message "Success:License added successfully!" is displayed
- The new license should be added to the licenses list +6 | At _Details_ tab, update _External link for more information_ field
_Eg:_ https://eclipse.dev/sw360/docs/development/testcases/test-cases-licenses/
Click _Save_ button| - The page remains the same and the message _"Success:SUCCESS"_ is displayed
- Data of the _"External link for more information"_ field is updated correctly + +## TC02: Create a license with all fields + +Step | Action | Result +---:|:-----|:---- +1 | Sign in with a known _clearing admin_ user
Click _Licenses_ tab
Click _Add License_ button | _New License_ page is displayed +2 | Fill in all editable fields
_Eg:_
- Fullname: JAM License
- Shortname: Jam
- License Type: select a license type
- OSI Approved?: Yes
- Note: take a note!
- License Text: Copyright (C) YEAR by AUTHOR EMAIL Permission to use, copy and modify. | Values are entered in the fields +3 | Click _Linked Obligation_ tab | _Linked Obligation_ page is displayed +4 | Click _Add Obligation_ button | Screen display a dialog: _"Select License Obligations to be added."_ +5 | Select some obligations and click _Add_ button | The selected obligations have been added to the obligation table +6 | Click _Create License_ button | - Navigate to the license portlet and the message _"Success:License added successfully!"_ is displayed
- The new license should be added to the licenses list +7 | Click the newly created license name hyperlink | The details page of license is displayed +8 | Check data of License in _Details_ tab
Click _Text_ tab and check data of License in _Text_ tab
Click _Obligations_ tab and check data of License in _Obligations_ tab | The displayed data matches the input data + +## TC03: Create a license with linked obligations then edit whitelist + +Step | Action | Result +---:|:-----|:---- +1 | Sign in with a known _clearing admin_ user
Click _Licenses_ tab
Click _Add License_ button | _New License_ page is displayed +2 | Fill in _Fullname_ and _Shortname_
_Eg:_
- Fullname: Apache License 2.0
- Shortname: Apache-2.0 | Values are entered in the fields +3 | Click _Linked Obligation_ tab | _Linked Obligation_ page is displayed +4 | Click _Add Obligation_ button | Screen display a dialog: _"Select License Obligations to be added"_ +5 | Select some obligations and click _Add_ button | The selected obligations have been added to the obligation table +6 | Click _Create License_ button | - Navigate to the license list screen
- The new license should be added to the licenses list +7 | Search for new created license, then click _hyper link of new created license_ | The details page of license is displayed +8 | Click _Obligations_ tab | _Obligation_ page is displayed +9 | Click _Edit Whitelist_ button | _Update whitelist_ page is displayed +10 | Unselect the first obligation then click _Update Whitelist_ button | - Redirect to view license page with the message _"Success:License updated successfully!"_ is displayed
- The unselected obligation is not displayed anymore on obligations table + +## TC04: Edit License and remove/ add Obligations + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Licenses_ tab
At _Quick Filter_ area, input existed license with obligations. E.g: _JAM License_ in the textbox
Click _JAM License_ license name
Click _Edit License_ button | The update license page is displayed +3 | Edit some editable fields
_Eg:_
- Fullname: JAM License 2.0
- OSI Approved?: (n/a)
- FSF Free/Libre?: Yes
- License Text: | Values are entered in the fields +4 | Click _Linked Obligation_ tab
Click _Delete_ icon of the first obligation in _Action_ column | The _"Delete Obligation?"_ dialog is displayed with message: _"Do you really want to delete the obligation {deleted obligation name}?"_ +5 | Click _"Delete Obligation"_ button in the dialog | The chosen obligation is removed from the obligations table +6 | Click _Add Obligation_ button | Screen display a dialog: _"Select License Obligations to be added."_ +7 | Select some obligations and click _Add_ button | The selected obligations have been added to the obligation table +8 | Click _Update License_ button | - Navigate to the license details page
- Data of the obligation is updated successfully +9 | Click the edited license name (_JAM License 2.0_) | The details page of license is displayed +10 | Check data of License in _Details_ tab, _Text_ tab and _Obligation_ tab | The displayed data matches the input data + +## TC05: Delete an existing license + +Step | Action | Result +---:|:-----|:---- +1 | Sign in with a known _clearing admin_ user
Click _Licenses_ tab
At _Quick Filter_ area, input existing license in the textbox
  _Eg:_ "License_delete"
Click _"License_delete"_ license name in the result table
Click _Edit License_ button | The update license page is displayed +2 | Click _Delete License_ button | Screen display dialog with message: _"Do you really want to delete the license {licenseFullName ({licenseShortName})}?"_ +3 | Click _Delete License_ button in the dialog | - Navigate to the license portlet and the message _"Success:License removed successfully!"_ is displayed
- The removed license has been removed to the license table + +## TC06: Check Export Licenses +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Licenses_ tab | _Licenses_ page is displayed +3 | Click _Export Spreadsheet_ button | A dialog for opening _Licenses.xlsx_ is displayed +4 | Open the newly downloaded _Licenses.xlsx_ file in the local
Compare the number of rows with total number of entries from _Licenses_ tab | All licenses names are exported successfully \ No newline at end of file diff --git a/content/ja/docs/Development/TestCases/Test-Cases-Moderations.md b/content/ja/docs/Development/TestCases/Test-Cases-Moderations.md new file mode 100644 index 0000000..e465493 --- /dev/null +++ b/content/ja/docs/Development/TestCases/Test-Cases-Moderations.md @@ -0,0 +1,58 @@ +--- +title: "Moderation" +linkTitle: "Moderation" +weight: 10 +--- + +## TC01: Accept moderation request, for visible projects by other users + +Step | Action | Result +---:|:-----|:---- +1 | Open a first browser instance (Eg: "firefox.exe -p "profile1" -no-remote") and sign in with a known _First_ user | User successfully signed in and _Home_ page is displayed +2 | Open a second browser instance (Eg: "firefox.exe -p "profile2" -no-remote") and sign in with a known _Second_ user | User successfully signed in and _Home_ page is displayed +3 | Activate _First_ browser instance | Instance is active +4 | Create a new project visible for _Second_ user
Eg:
- Name: Project is created by First user
- Project visibility: Everyone | Project is created successfully +5 | Activate _Second_ browser instance | Instance is active +6 | Search for the above created project and click _Edit_ button | _"Success: You will create a moderation request if you update"_ message is displayed +7 | Edit _Description_ field or other fields
Eg:
Description: "Update description to create a moderation request!!"
Click _Update Project_ button| Create moderation request dialog is displayed +8 | Fill in _Please comment your changes_ field
Eg: I want to update this project. Please accept for me. Thanks @@.
Click _Send moderation request_ button | Show message: _"Success: Moderation request was sent to update the Project {nameProject} {(version)}!"_ +9 | Activate _First_ browser instance | Instance is active +10 | Check status of project in the _MY TASK ASSIGNMENTS_ table on _Home_ page | The above project that needs moderation is displayed with status _Pending_ +11 | Click _Requests_ page | The moderation request of _Second_ user is displayed with state _Pending_ +12 | Click the project name in the _Document Name_ column | - _"Success: You have assigned yourself to this moderation request."_ message is displayed
- _Moderation Request Information_ page is displayed, with proposed changes from step 7 listed +13 | Input a comment in the _Comment on Moderation Decision_ box. Eg: _The request is approved_
Click _Accept Request_ button | Request page display and show message: _"Success: You have accepted the moderation request"_ +14 | Click _Closed Moderation Requests_ tab
Check state of _Project is created by First user_ project | State changed to _Approved_ +15 | Check status of project in the _MY TASK ASSIGNMENTS_ table on _Home_ page | The request is removed from the table +16 | Activate _Second_ browser instance | Instance is active +17 | Check status of project in the _MY TASK SUBMISSIONS_ table on _Home_ page | Status is _Approved_ +18 | Open the _Projects_ page and click on previously modified project on step 7 | Project _Summary_ page displayed successfully +19 | Check the moderation requested changes | Changes are visible in the corresponding fields: _Description_ field was changed to _"Update description to create a moderation request!!"_ + +## TC02: Decline moderation request, for visible projects by other users + +Step | Action | Result +---:|:-----|:---- +1-11 | Same as in TC01 +12 | Input a comment in the _Comment on Moderation Decision_ box. Eg: _The request is declined_
Click _Decline Request_ button| Requests page display and show message: _"Success: You have rejected the moderation request"_ +13 | Click _Closed Moderation Requests_ tab
Check state of the above rejected project | State changed to _Rejected_ +14 | Check status of project in the _MY TASK ASSIGNMENTS_ table on _Home_ page | The request is removed from the table +15 | Activate _Second_ browser instance | Instance is active +16 | Check status of project in the _MY TASK SUBMISSIONS_ table on _Home_ page | Status is _Rejected_ +17 | Open the _Projects_ page and click on previously modified project on step 7 | Project _Summary_ page displayed successfully +18 | Check the moderation requested changes | Changes are not visible in the corresponding fields: data of the project is not changed. + +## TC03: Remove Me from Moderators for moderation request, for visible projects by other users + +Step | Action | Result +---:|:-----|:---- +1-11 | Same as in TC01 +12 | Click _Remove Me from Moderators_ button | - _"Warning: You are the last moderator for this request, you are not allowed to unsubscribe !"_ message is displayed (assuming only _First_ user was listed under _Moderators_ column in step 10)
- Can't remove from Moderators. Nothing to change +13 | Input a comment in the _Comment on Moderation Decision_ box. Eg: _Decline the request._
Click _Decline Request_ button| Requests page display and show message: _"Success: You have rejected the moderation request"_ +14 | Edit the project and add a new moderator (Eg: _Third_ user) under _Moderators_ field | Project updated successfully +15 | Activate _Second_ browser instance | Instance is active +16 | Edit the project and create a new moderation request | Moderation request was sent +17 | Activate _First_ browser instance | Instance is active +18 | Click _Moderation_ page | The moderation request of _Second_ user is displayed with state _Pending_ +19 | Click the project name which the moderation was created in step 16 | - _"Success: You have assigned yourself to this moderation request."_ is displayed
- _Moderation Request Information_ page is displayed, with proposed changes from step 16 listed +20 | Click _Remove Me from Moderators_ button| _"Success: You have unassigned yourself from the moderation request"_ message is displayed. Also the document is deleted from moderation list. +21 | Login with the _Third_ user and check the _Moderation request_ in _Request_ page | The moderation request of _Second_ user is displayed with state _Pending_ \ No newline at end of file diff --git a/content/ja/docs/Development/TestCases/Test-Cases-Packages.md b/content/ja/docs/Development/TestCases/Test-Cases-Packages.md new file mode 100644 index 0000000..b64b6ef --- /dev/null +++ b/content/ja/docs/Development/TestCases/Test-Cases-Packages.md @@ -0,0 +1,69 @@ +--- +title: "Packages" +linkTitle: "Packages" +weight: 10 +--- + +## TC01: Create a package with required fields + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Packages_ tab
Click _Add Package_ button| The _Create Package_ page is displayed +3 | Input valid data into required fields
_Eg:_
- Name: package1
- Version: 1.0.0
- Package Type: Framework
- PURL (Package URL): pkg:npm/angular-sanitize@1.8.2 | Values are entered in the fields +4 | Click _Create Package_ button | - The message: _"Success: Package created successfully"_ is displayed at the left corner
- Redirect to the _Package list_ page
- The new package is added to the package list +5 | Search for the new project then click the hyperlink of the newly created package name | Redirect to view page of the created package +6 | Check data of all fields | Data in all fields match with input values + +## TC02: Create a package with all fields + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Packages_ tab
Click _Add Package_ button | The _Create Package_ page is displayed +2 | Input valid data into all editable fields | Values are entered in the fields +3 | Click _Create Package_ button | - The message: _"Success: Package created successfully"_ is displayed at the left corner
- Redirect to the _Package list_ page
- The new package is added to the package list +4 | Search for the new package then click the hyperlink of the newly created package name | Redirect to view page of the created package +5 | Check data of all fields | Data in all fields match with input values + +## TC03: Update some fields for package + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Component_ tab
Create a component with name is _ComponentA_
Create a release with name is _ComponentA (1.0.1)_ | Release _ComponentA (1.0.1)_ is created successfully +2 | Click _Packages_ tab
Create a new package with name and version are _Package1 (1.0.1)_ | Package _Package1 (1.0.1)_ is created successfully +3 | At advanced Search, search for newly created package
_Eg:_ Package1 (1.0.1)
Click _Edit Package_ icon at _Actions_ column | _Update Package_ page is displayed +4 | Update data of some fields
_Eg:_
- Version: 1.0.2
- Homepage URL: pkg:npm/@microsoft/applicationinsights-web@2.5.11
- Release: ComponentA (1.0.1) | Data is filled in fields match with input values +5 | Click _Update Package_ button | - The message: _"Success: Package updated successfully"_ is displayed at the left corner
- Redirect to the package list page +6 | Search for the updated project then click the hyperlink of the package name | Redirect to view page of the updated package +7 | Check data of all fields | Data in all fields match with data at update page + +## TC04: Link package to project with release of the package has not linked to the project yet + +Step | Action | Result +---:|:-----|:---- +1 | Create Component with name is _ComponentA_
Create a release with name is _ComponentA (1.0.1)_| Release is created successfully +2 | Click _Packages_ tab
Click _Add Package_ button
Create a new package with:
- Name: _PackageA_
- Version: _(1.0.1)_
- Release: _ComponentA (1.0.1)_| Package is created successfully +3 | Click _Project_ tab
Create project with name is _ProjectA_ | Project is created successfully +4 | In _Edit ProjectA project_ page then click _Linked Packages_ tab
Click _Add Packages_ button | Dialog _Link Packages_ is displayed +5 | Input _PackageA_ in textbox then click _Search_ button
Choose _PackageA_ package then click _Link Packages_ button | Information of the _PackageA_ package is displayed correctly in the table +6 | Click _Update Project_ button | - Redirect to the _ProjectA_ project view screen
- Information of _Linked Package_ tab is correct with input data +7 | Click _License Clearing_ tab, check information of the table | Display data of _ComponentA (1.0.1)_ release with correctly information + +## TC05: Unlink package from the project + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Packages_ tab
Create a new package with name and version are _PackageA (1.0.1)_| Package is created successfully +2 | Click _Project_ tab
Create a project with name is _ProjectA_ and then add _PackageA_ newly created as linked package of _ProjectA_ project | Project is created successfully +3 | In edit project page, click _Linked Packages_ tab
Click _Delete_ icon of PackageA (1.0.1) package
Click _Delete Link_ button | Data of _PackageA (1.0.1)_ package is removed from package table +4 | Click _Update Project_ button | - Redirect to view _ProjectA_ page
- Project _ProjectA_ is updated successfully
- Data in the _Linked Packages_ tab: _PackageA (1.0.1)_ package information is removed + +## TC06: Delete a package that is first linked to a project and then not + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Packages_ tab
Create a new package with name and version are _PackageA (1.0.1)_| Package is created successfully +2 | Click _Projects_ tab
Create a project with name is _ProjectA_ and then add _PackageA_ newly created as linked package of _ProjectA_ project | Project is created successfully +3 | Click _Packages_ tab
At advanced Search, search for newly created package
_Eg:_ PackageA(1.0.1)
Click _Delete Package_ icon in _Actions_ column of this package | Dialog _"Delete Package?"_ display with message: _"Do you really want to delete the package {packageName} ({package version})?"_ +4 | Click _Delete Package_ button | Error message is displayed: _"Package cannot be deleted!"_ +5 | Unlink _PackageA_ package from _ProjectA_ project
Re-delete _PackageA(1.0.1)_ package follow steps from 3-4| - Delete _PackageA_ package successfully with message "Deleted successfully!" in the dialog
- Package _PackageA(1.0.1)_ is not display in the package list table \ No newline at end of file diff --git a/content/ja/docs/Development/TestCases/Test-Cases-Projects.md b/content/ja/docs/Development/TestCases/Test-Cases-Projects.md new file mode 100644 index 0000000..b344ff1 --- /dev/null +++ b/content/ja/docs/Development/TestCases/Test-Cases-Projects.md @@ -0,0 +1,115 @@ +--- +title: "Projects" +linkTitle: "Projects" +weight: 10 +--- + +## TC01: Add a simple project with no relations and no releases + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user | User successfully signed in and _Home_ page is displayed +2 | Click _Projects_ tab | _Projects_ page is displayed +3 | Click _Add Project_ button| _New Project_ page is displayed with mandatory fields marked with red star:
- Summary tab: Name, Visibility, Project Type, Group
- Administration tab: Project State +4 | Fill mandatory _Name_ with a project name, change other fields if needed
Eg:
- Name: PROJECT_REQUIRED_FIELDS| Values are entered in the fields +5 | Click _Create Project_ button| - Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed
- New project _Summary_ page is displayed +6 | Click _Projects_ tab | - The new project _"PROJECT_REQUIRED_FIELDS"_ should be added to the projects list
- Data of the project correctly, matches with input data + +## TC02: Add a full project with relations, releases and send to clearing process + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Projects_ tab
Click _Add Project_ button
Input Name as "A_FULL_PROJECTS"
Fill in all editable fields in _Summary_ and _Administration_ links | Values are entered in the fields +2 | Click _Linked Releases And Projects_ link | _Linked Releases And Projects_ page is displayed +3 | Click _Add Projects_ button | _Search Project_ dialog is displayed +4 | Click _Search_ button then select a project to be linked (Eg: created in TC01 "PROJECT_REQUIRED_FIELDS")
Click _Link Projects_ button| Dialog is closed and selected project is displayed under _Linked Projects_ section +5 | Click _Add Releases_ button | _Search Release_ dialog is displayed +6 | Click _Search_ button
Select releases to be linked
Click _Link Releases_ button| Dialog is closed and selected release is displayed under _Linked Releases_ section +7 | Click _Linked Packages_ link | _Linked Packages_ page is displayed +8 | Click _Add Packages_ button | _Search Package_ dialog is displayed +9 | Click _Search_ button in the dialog
Select an orphan package to be added then click _Link Packages_ button | Dialog is closed and selected release is displayed under _Linked Packages_ section +10 | Click _Create Project_ button | - Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed
- New project _Summary_ page is displayed +11 | Click _Projects_ tab
At _Advanced Search_ area, input _"A_FULL_PROJECTS"_ in the _"Project Name"_ textbox
Click _Search_ button| The new project should be added to the projects list with data correctly, matches with input data +12 | In new project, check _Clearing Status_ by hovering mouse over the numbers | The message should be _{number} Releases out of {total number} have approved clearing reports (including sub-projects)._ +13 | Click _Create Clearing Request_ icon under _Actions_ column | The dialog _Create Clearing Request_ is displayed +14 | Choose clearing team email id, _Clearing Type_ and _Preferred Clearing Date_ | The data in the fields is displayed as the selected data +15 | Click _Create Request_ button | The message:
_Clearing Request {clearing request id} created successfully!
Clearing team will confirm on the agreed clearing date._
is displayed in the dialog +16 | Click _Close_ button in the dialog | The dialog is closed +17 | Re-click the _Create Clearing Request_ icon under _Actions_ column | The _View Clearing Request_ dialog is displayed with:
- Requesting User: {requested user}
- Created on: {created request date}
- Preferred Clearing Date: {displayed as input data}
- Clearing Team: {email of chosen clearing team}
- Priority: LOW
- Request Status: NEW +18 | Click _Close_ button in the dialog | The dialog is closed + + +## TC03: Add a project with releases, no relations, remove a release + +Step | Action | Result +---:|:-----|:---- +1 | Sign In with a known user
Click _Projects_ tab
Click _Add Project_ button
Fill mandatory Name with a project name, change other fields if needed
Click _Linked Releases And Projects_ link
Click _Add Projects_ button | _Search Project_ dialog is displayed +2 | Click _Search_ and select the project to be linked (Eg: created in TC01 "PROJECT_REQUIRED_FIELDS")
Click _Link Projects_ button | Dialog is closed and selected project is displayed under _Linked Projects_ section +3 | Click _Delete_ icon to delete the linked project | Message is displayed: _"Do you really want to remove the link to project {linked project name}?"_ +4 | Click _Delete Link_ button | The project is removed from the list of _Linked Projects_ +5 | Click _Add Releases_ button | _Search Release_ dialog is displayed +6 | Click _Search_ by name and select a release to be added then click _Link Releases_ button| Dialog is closed and selected release is displayed under _Linked Releases_ section +7 | Click _Delete_ icon to delete the linked release | Message is displayed: _"Do you really want to remove the link to release {linked release name}?"_ +8 | Click _Delete Link_ button | The release is removed from the list of _Linked Releases_ +9 | Click _Linked Packages_ link
Click _Add Packages_ button | Search Release dialog is displayed +10 | Click _Search_ button in the dialog
Select an orphan package to be added then click _Link Packages_ button | Dialog is closed and selected release is displayed under _Linked Packages_ section +11 | Click _Delete_ icon to delete the linked package | Message is displayed: _"Do you really want to remove the link to package {linked package name}?"_ +12 | Click _Delete Link_ button | The release is removed from the list of _Linked Packages_ +13 | Click _Create Project_ button | Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed +14 | Click _Projects_ tab | The new project should be added to the projects list +15 | In newly created project, check _Clearing Status_ by hovering mouse over the numbers of the project | The message should be 0 Releases out of 0 have approved clearing reports (including sub-projects) + +## TC04: Delete a project that is first linked to another project and then not linked + +Step | Action | Result +---:|:-----|:---- +1 | Create a new project with name is _Child Project_ | _Child Project_ project is created successfully +2 | Create another project with name is _Parent Project_ and add previously created _Child Project_ as linked project of _Parent Project_ | _Parent Project_ project is created successfully with linked project is _Child Project_ project +3 | Click _Projects_ tab
At _Advanced Search_ area, input _Child Project_ in the _Project Name_ textbox
Click _Search_ button| _Child Project_ project display in the result table +4 | Click _Delete_ icon to delete _Child Project_ project | Screen display dialog with message: _"Do you really want to delete the project Child Project?"_ +5 | Click _Delete Project_ button | Display message in the dialog: _"The project cannot be deleted, since it is used by another project!"_ +6 | Click _Cancel_ button | Dialog is closed and _Child Project_ project wasn't deleted in the table +7 | Go to _Parent Project_ project in the project table and delete it
Click _Delete_ button | _Parent Project_ project is deleted successfully +8 | Go to _Child Project_ project in the project table and re-delete it | _Child Project_ project is deleted successfully + +## TC05: Modify an existing project with relations, releases and send to clearing process + +Step | Action | Result +---:|:-----|:---- +1 | Create a new project. Eg: _PROJECT_REQUIRED_FIELDS_ | The project is created successfully +2 | Click _Project_ tab
At _Advanced Search_ area, search for a simple project
Eg: project created in TC01: input "PROJECT_REQUIRED_FIELDS" in the "Project Name" textbox
Click _Search_ button
Click _Edit_ icon of "PROJECT_REQUIRED_FIELDS" project | _Summary_ page is displayed
Screen display message: _"Success: You are editing the original document."_ +3 | Update project name to _PROJECT_REQUIRED_FIELDS_updated_ | Values are entered in the field +4 | Click _Linked Releases And Projects_ link | _Linked Releases And Projects_ page is displayed +5 | Click _Add Projects_ button | _Search Project_ dialog is displayed +6 | Click _Search_ and select the project to be linked (Eg: created in TC02 "A_FULL_PROJECTS")
Click _Link Projects_ button | Dialog is closed and selected project is displayed under _Linked Projects_ section +7 | Click _Add Releases_ button | _Search Release_ dialog is displayed +8 | Click _Search_ button
Select an release to be added then click "Link Releases" button | Dialog is closed and selected release is displayed under _Linked Releases_ section +9 | Click _Linked Packages_ link | _Linked Packages_ page is displayed +10 | Click _Add Packages_ button | _Search Release_ dialog is displayed +11 | Click _Search_ button in the dialog
Select an orphan package to be added then Click _Link Packages_ button | Dialog is closed and selected release is displayed under _Linked Packages_ section +12 | Click _Update Project_ button | - Navigate to the project's viewing screen with the message _"Success: Project {project name} updated successfully!"_ is displayed
- The project is updated according to the input data +13 | Click _Projects_ tab
At _Advanced Search_ area, input "PROJECT_REQUIRED_FIELDS_updated" in the _Project Name_ textbox
Click _Search_ button | The project name _PROJECT_REQUIRED_FIELDS_updated_ is displayed in the project list table +14 | Click _Create Clearing Request_ icon under _Actions_ column | The dialog _Create Clearing Request_ is displayed +15 | Choose clearing team emaild id, _Clearing Type_ and _Preferred Clearing Date_ | The data in the fields is displayed as the selected data +16 | Click _Create Request_ button | The message:
_Clearing Request {clearing request id} created successfully!
Clearing team will confirm on the agreed clearing date._
is displayed in the dialog +17 | Click _Close_ button in the dialog | The dialog is closed +18 | Re-click the _Create Clearing Request_ icon under _Actions_ column | The _View Clearing Request_ dialog is displayed with:
- Requesting User: {requested user}
- Created on: {created request date}
- Preferred Clearing Date: {displayed as input data}
- Clearing Team: {email of chosen clearing team}
- Priority: LOW
- Request Status: NEW +19 | Click _Close_ button in the dialog | The dialog is closed + +## TC06: Add and modify a project with all project fields filled in + +Step | Action | Result +---:|:-----|:---- +1 | Click _Projects_ tab
Click _Add Project_ button
Input Name as _A_FULL_BASIC_PROJECT_
Fill in all editable fields in _Summary_ and _Administration_ links | _Projects_ page is displayed | Values are entered in the fields +2 | Click _Create Project_ button | Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed +3 | Click _Edit Project_ button | Summary page is displayed with message: _"Success: You are editing the original document."_ +5 | Modify some fields
Eg:
- Name: A_FULL_BASIC_PROJECT_changed
- Clearing state (in Administration tab): In Progress
Click _Update Project_ button | - Screen is display view page and the message _"Success: Project A_FULL_BASIC_PROJECT_changed updated successfully!."_ is displayed
- Values are updated successfully + +## TC07: Duplicate an existing project + +Step | Action | Result +---:|:-----|:---- +1 | Search for an existing project with all fields filled in (Eg: created in TC02 A_FULL_PROJECTS project) and click _Duplicate_ button under _Actions_ column | Project _Information_ page is displayed +2 | Check all fields from copied project | - In the Administration tab, the default for the _Clearing State_ field is _Open_
- Other fields are duplicated, including _Linked Projects_, _Linked Releases_ and _Linked Packages_ +3 | Change version. Eg: 1.0.5-duplicate
Click _Create Project_ button| Navigate to the new project's viewing screen with the message _"Success: Your project is created"_ is displayed +4 | Check all fields | All fields were copied successfully, except the new name and _Project Clearing State_ of the project diff --git a/content/ja/docs/Development/TestCases/_index.md b/content/ja/docs/Development/TestCases/_index.md new file mode 100644 index 0000000..2c0ed13 --- /dev/null +++ b/content/ja/docs/Development/TestCases/_index.md @@ -0,0 +1,7 @@ +--- +title: "Test Cases" +linkTitle: "Test Cases" +weight: 3 +oem_ignore: true +description: SW360 Assorted Test Cases +--- diff --git a/content/ja/docs/Development/_index.md b/content/ja/docs/Development/_index.md new file mode 100644 index 0000000..b6b7b42 --- /dev/null +++ b/content/ja/docs/Development/_index.md @@ -0,0 +1,84 @@ +--- +title: "Development" +linkTitle: "Development" +weight: 30 +icon: fab fa-github +description: SW360 Development Information +--- + +# Developing sw360 + +The sw360 is Java-based application consisting of two main parts: + +1. A Liferay/based front end application that allows users to work with sw360 +1. A Java-based servlet infrastructure Thrift interfaces that allows the Liferay part and other applications to manage and store data +1. In the backend, couchdb is used for storing project, component, release and license information as well as attachments. + +### Submitting Issues + +Please report issues to the issue tracker, but please keep also in mind that someone else has to read them! Issues should include: + +* What you intended to do? +* What did you observe? +* Why do you think it is wrong? +* Screenshots of what you have observed presumably gone wrong or link to pages where another person can follow +* Version where you have observed this. +* Common written English and use of line breaks!!! Use the preview function! + +Please refer to the following pages for writing issues: + +* https://issues.apache.org/bugwritinghelp.html +* https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines +* https://www.joelonsoftware.com/2000/11/08/painless-bug-tracking/ + +### Contribution Workflow + +As basic introduction, the dev ops works as following: + +1. We are issue-based, please do not hesitate to create issues - also for _questions_ (and set the issue tag) +1. The issues are organised by milestones which [do not represent releases anymore](Dev-Releasing-SW360). Milestone are meant to be useful packages of work done +1. Contributions are made through pull requests +1. We do conversations directly on issues and pull requests + +More topics regarding "how" to develop: + +1. [Definition of done and code style](Dev-DoD-and-Style) +1. [Creating a sw360 release](Dev-Releasing-SW360) +1. [Brief notes on the jgiven testing](Dev-Testing-Frameworks) +1. [For help with problems, you might want to check that](Dev-Troubleshooting) + +### Architecture + +sw360 is a server application using Java servlets. It did some faint steps towards micro services (ie. one maintaining licenses, another for vulnerabilities), the front end is a portlet applications using good old JSPs. + +1. [Introduction and Scope](Dev-Arch-General) +2. [High Level View](Dev-Arch-View) +3. [Architecture Topics](Dev-Arch-Topics) + +### General + +1. [How to write a new portlet]({{< relref path="Dev-Adding-a-new-portlet-Frontend.md" >}}) +1. [Adding a new backend service]({{< relref path="Dev-Adding-a-new-portlet-Backend.md" >}}) +1. [Changing the data model](Dev-Adding-New-Fields-to-Existing-Classes) +1. [REST API overview](./RestAPI/_index.md) +1. [Migrating to Javascript modules](Dev-Using-RequireJS-for-javascript-modules) + +### Special + +1. [Filtering in portlets](Dev-Filtering-in-Portlets) +1. [The FOSSology integration](Dev-Fossology-Integration) +1. [How moderation requests work](Dev-Moderation-Requests) +1. [Roles and access rights](Dev-Role-Authorisation-Model) +1. [Attachment Types Description](Dev-Attachment-File-Types) +1. [Our ideas of Google-Summer-of-Code 2019](https://wiki.eclipse.org/Google_Summer_of_Code_2019_Ideas#Eclipse_SW360) +1. [How Friendly URLs work with the Liferay Portlets](Dev-Liferay-Friendly-URL) + +# Testing sw360 + +Generally, all modules have unit tests and these are executed (including deployment of couchdb) at CI times. In addtion, to test the front end, there are defined integration test cases for a manual check, if the sw360 is working properly in general: + +1. [Test Cases: Components Functionality](./TestCases/Test-Cases-Components.md) +1. [Test Cases: Licenses Functionality](./TestCases/Test-Cases-Licenses.md) +1. [Test Cases: Moderations Functionality](./TestCases/Test-Cases-Moderations.md) +1. [Test Cases: Projects Functionality](./TestCases/Test-Cases-Projects.md) +1. [Test Cases: Packages Functionality](./TestCases/Test-Cases-Packages.md) diff --git a/content/ja/docs/Userguide/BestPractices/User-Attachment-File-Types.md b/content/ja/docs/Userguide/BestPractices/User-Attachment-File-Types.md new file mode 100644 index 0000000..c23ddf5 --- /dev/null +++ b/content/ja/docs/Userguide/BestPractices/User-Attachment-File-Types.md @@ -0,0 +1,31 @@ +--- +linkTitle: "Attachment File Types" +title: "Attachment File Types" +Weight: 22 +--- + +SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments. + +Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now. + +In summary, the following the types currently are as follows: + +| Type name | Functionality | Description | +|:-------------|:------------------------|:--------------| +| SOURCE | for sending to tools | Source packages of a release as found on the Internet | +| COMPONENT_LICENSE_INFO_XML | for project documentation generation | An XML-based description of the licenses and coprights involved | +| DESIGN | n.a. | Just nomenclature to name this not document | +| REQUIREMENT | n.a. | Just a general placeholder for an attachment | +| DOCUMENT | n.a. | Just a general placeholder for an attachment | +| CLEARING_REPORT | Setting clearing status | Reporting information for component license state | +| COMPONENT_LICENSE_INFO_COMBINED | (should be) for project documentation generation | Multiple components with component license information | +| SCAN_RESULT_REPORT | n.a. | Just description what scanners found without conclusions | +| SCAN_RESULT_REPORT_XML | n.a. | Just description what scanners found without conclusions in XML | +| SOURCE_SELF | (should be) for sending to tools | Source packages build self, because not available in the Internet | +| BINARY | future: for sending to tool doing binary analysis | Binary from the publisher | +| BINARY_SELF | future: for sending to tool doing binary analysis | Self built binary | +| DECISION_REPORT | n.a. | Decision information ref. the component | +| LEGAL_EVALUATION | n.a. | Internally created legal evaluation | +| LICENSE_AGREEMENT | n.a. | Document describing the license agreement | +| SCREENSHOT | n.a. | If licensing information is captured with screenshot | +| OTHER | n.a. | If not document | diff --git a/content/ja/docs/Userguide/BestPractices/_index.md b/content/ja/docs/Userguide/BestPractices/_index.md new file mode 100644 index 0000000..3d9984d --- /dev/null +++ b/content/ja/docs/Userguide/BestPractices/_index.md @@ -0,0 +1,83 @@ +--- +title: "SW360 Best Practices" +linkTitle: "Best Practices" +--- + +## SW360 Usage and Handling of Components +The above mentioned data model has consequences for the usage of SW360: + +- If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell +- Uploading source packages / actual software as attachment makes sense at the release, not at the component +- If you have created a component and release entry, you can go ahead and assign a vendor to a release. + +This very clear approach enables a number of issues, please keep the following goals in mind: + +- Duplicate entries need to be removed +- Separating vendor from components names and release tags brings clarity to component naming +- Interaction with other systems is a must today. As such we need to support the CPE standard which also implement this 3-parts separation +- Having the clear modeling of data enables better search and filtering abilities of the component catalogue. + +## How to Create (Component) Entries? +In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules: + +- What is the name of the vendor, the name of the component and what is the release designator? +- For the Vendor + - Does a CPE entry exist? + - Look here: [ https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm) or [ http://scap.nist.gov/specifications/cpe/dictionary.html](http://scap.nist.gov/specifications/cpe/dictionary.html) + - Use the same writing as found in the CPE dictionary + - A CPE does not exist? + - Who is the copyright holder: an organization? + - Use this organization name without "inc", "Gmbh", etc. + - A person + - Look at the CPE dictionaries for example + - They use first name last name with "_", for example "Wedge_Antilles +- For a component + - Again, does a CPE entry exist? + - Separate Component name from release designation +- For a release + - Do not repeat the component name + - Use the release designation as provided by the software package + - Avoid prefixes, such as "version", "v" etc +- For special cases: + - If you upload a part of a release software package, create a **separate** release for this + - For example "2.0-MODIFIED" + - Consider that leaving items out from a software release is actually a modification + +## How to Create Vendors +In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real "manufacturer" independently from where you download it. + +There are different cases: + +1. COTS: + + - Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple) + + - You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name. + + - Consider the following link: [ https://nvd.nist.gov/products/cpe/search](https://nvd.nist.gov/products/cpe/search) + + - Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360. + + - **General rule**: Vendor is meant to be manufacturing party not distributing / delivering party. + +2. Freeware + + - Problem is that freeware has an author, but also different "vendors" in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions. + +3. OSS: + + - Community name, e.g. zlib project for zlib. + + - Or the org name of the github orgname or sourceforge group name + + - Do not use "Github" or "Sourceforge" as vendor + + - However, foundations, publishing the software would be a vendor, e.g. "Apache", "Eclipse" + + - But eclipse has a github organization anyway, for example + + - With single author projects should you take the author name. A "john_doe" from John Doe as short name. + +Note that very release has its own vendor. as a consequence: + +- There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution. diff --git a/content/ja/docs/Userguide/BestPractices/component-naming.md b/content/ja/docs/Userguide/BestPractices/component-naming.md new file mode 100644 index 0000000..5a7e7e0 --- /dev/null +++ b/content/ja/docs/Userguide/BestPractices/component-naming.md @@ -0,0 +1,115 @@ +--- +title: "Naming a Component" +linkTitle: "Naming a Component" +weight: 21 +--- + +**The name is the most important criterion to identify software components. Unfortunately, there is no common naming scheme available.** + +## Usage and Handling of Components + +- If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell. +- Uploading source packages / actual software as an attachment makes sense at the release, not at the component. +- If you have created a component and release entry, you can go ahead and assign a vendor to a release. + +This very clear approach enables a number of issues; please keep the following goals in mind: + +- Duplicate entries need to be removed. +- Separating vendor from component names and release tags brings clarity to component naming. +- Interaction with other systems is a must today. As such, we need to support external IDs such as the CPE standard, which also implements this 3-part separation. +- Having the clear modeling of data enables better search and filtering abilities of the component catalog. + +## Checklist + +- Does the component already exist on SW360 (think about possible different names)? +- What is the name of the component homepage? +- What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, CodeGuru are not vendors in our understanding! +- How is the component called on repositories like Maven, NuGet, etc.? +- Take care: use the name and not the ID! +- Search SW360 for the component repository ID. +- Search SW360 for all possible name variations. +- Ask your local software clearing expert for help. + +## Naming a Component - Special Cases + +### .Net Component from GitHub + +![draft_30](SW360_NamingaComponentimage/draft_30.png) In some cases, it is difficult to determine the real name of a component, like for example *Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore)*. In these cases, it might be the best way to use that package name as specified on Nuget, in this case **Microsoft.EntityFrameworkCore**. + +### Java Components + +The name of a Java component should be how it is called by the Java community. Typically, this is the name as it can be found on the project homepage or on the source code repository page. + +Examples: + +- 'Spring Framework' (from project homepage [ https://spring.io/projects](https://spring.io/projects) or also from source code repository [ https://github.com/spring-projects/spring-framework](https://github.com/spring-projects/spring-framework)) +- 'Spring Data Redis' (from project homepage [ https://spring.io/projects/spring-data](https://spring.io/projects/spring-data) or also from source code repository [ https://github.com/spring-projects/spring-data-redis](https://github.com/spring-projects/spring-data-redis)) +- 'Thymeleaf' (from project homepage [ https://www.thymeleaf.org/](https://www.thymeleaf.org/); source code repository [ https://github.com/thymeleaf/thymeleaf](https://github.com/thymeleaf/thymeleaf)) +- 'Thymeleaf Spring 5 Integration' (from project homepage [ https://www.thymeleaf.org/download.html](https://www.thymeleaf.org/download.html) or source code repository page [ https://github.com/thymeleaf/thymeleaf-spring](https://github.com/thymeleaf/thymeleaf-spring) → [ thymeleaf-spring5](https://github.com/thymeleaf/thymeleaf-spring/tree/3.0-master/thymeleaf-spring5)) +- 'Commons Codec' (from project homepage [ https://commons.apache.org/proper/commons-codec/](https://commons.apache.org/proper/commons-codec/) or source code repository page [ https://github.com/apache/commons-codec](https://github.com/apache/commons-codec)) [or better 'Apache Commons Codec'? But 'Apache' is already the vendor'] + +Do not use jar names or Gradle/Maven artifactIds, like 'spring-framework'. The main reason is that from such a name, one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-.jar (which is only a subset of the Spring Framework)! + +Hierarchical Java components: + +Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repository. E.g. for 'Spring Framework', there is one repository [ https://github.com/spring-projects/spring-framework](https://github.com/spring-projects/spring-framework) with several subfolders for individual jars. In general, for such cases, there should be only one (main) component in SW360 covering all the subcomponents. + +In some exceptional cases, one wants to do the clearing only for one subcomponent or a subset of hierarchical components. In such a case, one can either add the name of the subcomponent to the component name to mark the subset (like 'Thymeleaf Spring 5 Integration' above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top-level component (like 'Thymeleaf Spring Integration') and have separate releases for the subset ('3.0.9.RELEASE Spring 5'). + +Identifying a (new or existing) SW360 component for a Java archive: + +Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There, one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name). + +*Unfortunately, SW360 does not provide any support here (besides searching for the artifactId and thus hopefully finding the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registered SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.* + +## Component Scope + +We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)components that all point to a common source. + +### Example + +There is a Java component called Logback ([ https://logback.qos.ch/](https://logback.qos.ch/)). There is only one single source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar, and logback-classic.jar. In **SW360 there should be only one component Logback!** It is confusing to have also "Logback core", "logback-core", "logback core", "logback classic" and "logback-classic". + +## Naming a Component – Bad Examples + +### Json.Net + +There is a component that is available on NuGet by the name 'Json.NET' and the ID 'Newtonsoft.Json'. On the component homepage [ http://www.newtonsoft.com/json](http://www.newtonsoft.com/json), it is called 'Json.NET'. + +Just some examples of naming and how it could be improved: + +- 14 x Vendor = 'Open Source Software', Name = 'Json.NET' => **wrong**! +- 1 x Vendor = 'Newtonsoft', Name = 'Json.NET (COTS)' => **wrong**! +- 2 x Vendor = 'NuGet Gallery', Name = Json.NET' => **wrong**! +- 1 x Vendor = 'CodePlex', Name = Json.NET' => **wrong**! +- 4 x Vendor = 'Open Source Software', Name = 'Newtonsoft Json.NET' => **wrong**! + +The proper identification (Vendor = 'Newtonsoft', Name = 'Json.NET') has to be used! + +### Oracle JavaBeans Activation Framework + +Just some examples of naming and how it could be improved: + +- 3 x Vendor = 'Open Source Software', Name = 'Activation' => **wrong**! +- 3 x Vendor = 'Open Source Software', Name = 'Oracle JavaBeans Activation Framework' + +### Oracle Java Mail + +Just some examples of naming and how it could be improved: + +- 3 x Vendor = 'Open Source Software', Name = 'Mail' => **wrong**! +- 5 x Vendor = 'Open Source Software', Name = 'Oracle JavaMail API' => **wrong**! +- 4 x Vendor = 'Oracle', Name = 'Oracle JavaMail API' + +### Moment.js + +Just some examples of naming and how it could be improved: + +- 7 x Vendor = 'GitHub', Name = 'moment' => **wrong**! +- 2 x Vendor = 'Open Source Software', Name = 'moment' => **wrong**! +- 2 x Vendor = 'Open Source Software', Name = 'Moment JS' => **wrong**! +- 3 x Vendor = 'Open Source Software', Name = 'MomentJS' => **wrong**! +- 3 x Vendor = 'Open Source Software', Name = 'Moment.js' + +Just look on the community homepage: there is the name in bold letters: +Moment.js – consider this name. diff --git a/content/ja/docs/Userguide/BestPractices/good-record-creation-structure.md b/content/ja/docs/Userguide/BestPractices/good-record-creation-structure.md new file mode 100644 index 0000000..0a87a29 --- /dev/null +++ b/content/ja/docs/Userguide/BestPractices/good-record-creation-structure.md @@ -0,0 +1,168 @@ +--- +title: "Record Creation" +linkTitle: "Record Creation" +weight: 23 +--- + +## How to Create (Component) Entries? +In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules: + +- What is the name of the vendor, the name of the component and what is the release designator? +- For the Vendor + - Does a CPE entry exist? + - Look here: [ https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm) or [ http://scap.nist.gov/specifications/cpe/dictionary.html](http://scap.nist.gov/specifications/cpe/dictionary.html) + - Use the same writing as found in the CPE dictionary + - A CPE does not exist? + - Who is the copyright holder: an organization? + - Use this organization name without "inc", "Gmbh", etc. + - A person + - Look at the CPE dictionaries for example + - They use first name last name with "_", for example "Wedge_Antilles +- For a component + - Again, does a CPE entry exist? + - Separate Component name from release designation +- For a release + - Do not repeat the component name + - Use the release designation as provided by the software package + - Avoid prefixes, such as "version", "v" etc +- For special cases: + - If you upload a part of a release software package, create a **separate** release for this + - For example "2.0-MODIFIED" + - Consider that leaving items out from a software release is actually a modification + +## How to Create Vendors +In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real "manufacturer" independently from where you download it. + +There are different cases: + +1. COTS: + + - Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple) + + - You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name. + + - Consider the following link: [ https://nvd.nist.gov/products/cpe/search](https://nvd.nist.gov/products/cpe/search) + + - Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360. + + - **General rule**: Vendor is meant to be manufacturing party not distributing / delivering party. + +2. Freeware + + - Problem is that freeware has an author, but also different "vendors" in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions. + +3. OSS: + + - Community name, e.g. zlib project for zlib. + + - Or the org name of the github orgname or sourceforge group name + + - Do not use "Github" or "Sourceforge" as vendor + + - However, foundations, publishing the software would be a vendor, e.g. "Apache", "Eclipse" + + - But eclipse has a github organization anyway, for example + + - With single author projects should you take the author name. A "john_doe" from John Doe as short name. + +Note that very release has its own vendor. as a consequence: + +- There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution. + +## Naming a Vendor + +Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components. + +Required information: + +- **Full name** - The full name of the company, organization or person. +- **Short name** - A good short name, compatible to CPE (see section 8.3) +- **URL** - The URL of the organization or a URL where we can get more information about a person. + +### How to find a (good) vendor name? + +Some guidelines + +- If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that's most probably the right vendor name. +- If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that's is the right vendor name. +- If there is only a single person developing the component, then this is the vendor. +- If there is a GitHub organization name or person name available, use this one. +- **No vendor names are**: 'Open Source Software', 'NuGet Gallery', 'CodePlex', 'Codeguru', 'Stack Overflow', 'CodeProject', etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects. + +### Examples + +#### Microsoft + +Full name = Microsoft Corporation + +Short name = Microsoft + +URL = [ www.microsoft.com](https://www.microsoft.com/en-in/) + +#### Apache + +Full name = Apache Software Foundation + +Short name = Apache + +URL = [ http://www.apache.org/](http://www.apache.org/) + +#### Constantin Titarenko + +Full name = Constantin Titarenko + +Short name = constantin_titarenko (Note the underscore!) + +URL = [ https://github.com/titarenko](https://github.com/titarenko) + +## How to determine the CPE? + +The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information. + +### Syntax of a CPE Entry + +The syntax of a CPE entry is defined as: + +`cpe::::::::` + +**CPE-Version** refers to the CPE naming format version. We will always use version 2.3 + +**part** refers to the type of the component (a = application, o = operating system, h =hardware device) + +**vendor** refers to the vendor or author of the component. Only small letters are allowed. + +**product** refers to the name of the product. Only small letters are allowed. + +**version** refers to the version of the product. + +**update** refers to the updates of this specific version + +**edition** and **language** can be used to specify more details + + +Non-existing or unknown party can get replaced by the placeholder '*'. + + +**Note**: only small letters are allowed. Spaces have to be replaced by underlines '_'. + +### Examples + +**Microsoft .Net Framework, version 1.0 SP2** + +`cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*` + + +**Apache ActiveMQ, version 4.0** + +`cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*` + + +**Apache log4net, version 1.2.9 beta** + +`cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*` + + +**Oracle Java Runtime, version 1.7.0, update 51** + +`cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*` + diff --git a/content/ja/docs/Userguide/BestPractices/license-naming.md b/content/ja/docs/Userguide/BestPractices/license-naming.md new file mode 100644 index 0000000..a880737 --- /dev/null +++ b/content/ja/docs/Userguide/BestPractices/license-naming.md @@ -0,0 +1,113 @@ +--- +title: "License Naming" +linkTitle: "License Naming" +--- + +## Guidelines +Generally the license naming should conform with the SPDX Spec and the SPDX License List + +Please see the "License List Fields" from [ https://spdx.org/spdx-license-list/license-list-overview#fields](https://spdx.org/spdx-license-list/license-list-overview#fields) + +where there is especially for identifier: + +#### License or Exception Identifier (aka "SPDX Short Identifier") + +Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere + +- Short identifiers have no spaces in them +- Short identifiers consist of an abbreviation based on a common short name or acronym for the license or exception +- Where applicable, the abbreviation will be followed by a dash and then the version number, in X.Y format +- Where applicable, and if possible, the short identifier should be harmonised with other well-known open source naming sources (i.e., OSI, Fedora, etc.) +- Short identifiers should be as short in length as possible while staying consistent with all other naming criteria + +This lead to expressions like "Apache-2.0" or "GPL-2.0". + +## License Exceptions +As a provisoric handling advise, the exception text shall be combined with the license text as a license entry. This ensures that license and exception appear together in the clearing report. + +Class Path Exception + +Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may + +## Dual Licenses +There is the need to have a dual license text. FOSSology offers the dual license tag for this. The idea is to use this tag also for more than two licenses. + +Consider the following example: + +{{< figure src="/sw360/img/ImagesBasic/dual_license.png" >}} + +The fact that it is "LGPL-3.0+" is confusing for these texts. It should be changed to the following: + +- The License results shall be changed "Dual-License". This is among other things required, to have the obligation to understand that for this component a license must be chosen +- In the acknowledgement, there shall be documented which license decision comes is documented +- For the referring files, also the different other licenses must be added as conclusions, so the texts are printed out. + +## Quick Checklist +- Shortname: No spaces, No slashses, No unserscore or similar spcial charaters, just use dashes +- Consider existing SPDX short names +- Do not use "Or later" but "+" or "-or-later" +- For triple licensing, use prefix "Triple" +- ERASE COMMENT CHARACTERS! also erase prefix spaces at every line +- Preserve paragraphs and line breaks +- Avid markup in the license text except it is part of the licensing + +## Multi (DUAL-) Licensing +- VERY Important, as conclusion, use the FOSSology "Dual-license", please do not consider your own candidate just designating "Dual License" (because OR operators will not work in reporting) +- For Dual License texts use prefix "Dual-" +- For Triple, use "Triple-" (and for more "Quadruple-") +- For Dual Licensing, use alphabetical order to name the licenses +- SPDX provides the rule to have this merged with "OR" (in capital letters) like "Dual-MIT-OR-BSD" + +## Examples for Renaming +| Example Licence Short Name | Corrected Licence Short Name | Remarks | +| --- | --- | --- | +| BSD-3-Clause-Farin Urlaub | BSD-3-Clause-farin-urlaub | no empty spaces | +| GPL-2.0+_Variant Old address | GPL-2.0+-variant-old-address | no underscore | +| --Freeware | Freeware-variant-dumbumchong | no prefix dashes | +| BSD-3-Clause\IBM | ... | do not use slashes (back and forward) | +| Permission Notice Gordon Sumner | HPND-gordon-sumner | consider SPDX shot name "HPND" for permission notice | +| BSD-3-Clause_Ajax.org B.V. | BSD-3-Clause-ajax | | +| BSD-3-Clause_Yahoo! Inc | BSD-3-Clause-yahoo | | +| BSD-2-Clause CISCO | BSD-2-Clause-cisco | | +| --zlib-style | Zlib-variant-01 | This license could be deleted anyway. (no text) | +| woodstock | Woodstok-Reference-Disclaimer | 1. All short names shall begin with capital letter,
2. (not shown), the license text is not a license text actually, but just a reference in a header with disclaimer. | +| Visual Studio SDK license terms | Microsoft-Visual-Studio-SDK-2015 | looking at the text, it is from the 2015 version of the SDK | +| Trip MPL GPL Apache | Triple-Apache-2.0-LGPL-2.1-MPL-1.1 | (looking at the text it was LGPL in fact) | +| --FIPL-1.0 | FIPL-1.0 | Double dash is an old thing coming from mainline ops. Currently there is no similar convention known for FOSSologyNG. | +| Qt License Agreement_CEM | Qt-reference-commercial | In this case, it was reference text only and also only pointing to the commercial licensees only. | +| --Beer-ware-license-CEM01 | `Beerware` | The text says actually revision 42, revision 42 is a joke. It must be checked if the license is already there | +| FundsXpress License | FXL | Either FundsXpress or FXL because the point is to have a short name and thus, it would make sense to shorten it. | +| GFDL - 1.2+ | GFDL-1.2+ | just without spaces please | +| lgpl 2.1 J | LGPL-2.1-header | (was a header in this case, because lic text is already there) What does J mean? - no J needed | +| MIT ! | *do not use candidate licenses* | Actual text was: "This program is made available under the terms of the MIT License." - actually, not a license text! | +| Note | *do not use this with candidates* | Actual text was: "("See [ http://oxyplot.codeplex.com](http://oxyplot.codeplex.com) for more information.")" | +| Permission_Notice_Timothy O'Malley | HPND-omalley | do not use special chars, do use SPDX identfiers | + +## Notice File +The following text is not a license statement nor a reference to licensing but a notice file in the sense of the apache 2.0 license. As such, it is not suitable for being collected as a license. + +`== NOTICE file corresponding to the section 4 d of ==` + +`== the Apache License, Version 2.0, ==` + +`== in this case for the Apache Ant distribution. ==` + + ========================================================================= + +`This product includes software developed by` + + `The Apache Software Foundation` ([ http://www.apache.org](http://www.apache.org/)). + +`This product includes also software developed by :` + + - `the W3C consortium` ([ http://www.w3c.org](http://www.w3c.org)), + - `the SAX project` ([ http://www.saxproject.org](http://www.saxproject.org)) + +`Please read the different LICENSE files present in the root directory of this distribution.` + +## Open Questions +- How to deal with notice files + +(1) [ https://spdx.org/spdx-specification-21-web-version](https://spdx.org/spdx-specification-21-web-version) diff --git a/content/ja/docs/Userguide/BestPractices/workflows.md b/content/ja/docs/Userguide/BestPractices/workflows.md new file mode 100644 index 0000000..2a6380d --- /dev/null +++ b/content/ja/docs/Userguide/BestPractices/workflows.md @@ -0,0 +1,62 @@ +--- +title: "Workflows" +linkTitle: "Workflows" +weight: 20 +oem_ignore: true +description: "SW360 User Workflows" +--- + +This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts. + +### Create Component and Release + +So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases. + +Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component. + +The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process. + +{{< figure src="/sw360/img/workflow/worklfow-adding-component-and-release-to-a-project.png">}} + +### Create a Project + +A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term 'project' is used also for subsuming the term 'product'. + +As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already. + +In the diagram, the "clearing process" is mentioned, because the clearing process affects the software components of a project. The main approach is the following: + +* A project responsible sets up a project with used releases. +* For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology. +* Once analyses for all releases are complete, the "clearing process" is finished for this project. + +A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time: + +* Visibility level +* Project contacts +* Important Dates for the project + +{{< figure src="/sw360/img/workflow/workflow-add-project.png">}} + +### Moderation + +The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request): + +* The creator of a document (document is a project entry, a release entry etc) +* Admins +* Clearing admins +* Moderators of this document +* Other special roles, such as project responsible + +Please see the page [about the Role Authorization Model]({{< ref "../../Development/Dev-Role-Authorisation-Model.md" >}} "Dev Role" ) for more information. + +If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are: + +* The creator of a document (document is a project entry, a release entry etc) +* Admins +* Clearing admins +* Moderators of this document + +The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below. + +{{< figure src="/sw360/img/workflow/workflow-moderation.png">}} diff --git a/content/ja/docs/Userguide/Components.md b/content/ja/docs/Userguide/Components.md new file mode 100644 index 0000000..fc63024 --- /dev/null +++ b/content/ja/docs/Userguide/Components.md @@ -0,0 +1,392 @@ +--- +linkTitle: "Components" +title: "Components" +Weight: 4 +--- + +# 2.0 Components + +## 2.01 Introduction + +The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component. + +To open a component page, click **Components** tab from the main menu. +You can find a particular component with Advanced Search, you can also add and edit components in this page. + +{{< figure src="/sw360/img/ImagesBasic/Componentpage/ComponentPage.png" >}} + +|Sl.No.|Description| +|:----:|:----------| +|1| [Advanced Search](#203-component-search)| +|2|[Add Component](#204-add-component)| +|3| [Import SPDX BOM](#207-import-spdx-bom) | +|4| [Export Spreadsheet](#208-export-spreadsheet)| +|5| [Component List](#202-component-list) | + +## 2.02 Component List + +On the component page, you can view all the components that are relevant to you. The components are listed with the following information: +* **Vendor**: Vendor is organization which is selling the component or the community which is hosting the component. +* **Component Name**: All components are listed by their names. +* **Main Licenses**: The list of main licenses available for a component are displayed. +* **Component Type**: Lists all the components by their type. For more information on component types, refer to [A. General Info](#a-general-information). +* **Actions**: You can perform the following actions for a component: + + | Action |Description | + |:--:|:--| + |{{< figure src="/sw360/img/ImagesBasic/Edit_Pen.png" >}} | To edit a component | + |{{< figure src="/sw360/img/ImagesBasic/Delete_Trash.png" >}} | To delete the component from SW360. | + +**NOTE: CLICK ON {{< figure src="/sw360/img/ImagesBasic/SortIcon.png" >}} TO SORT LICENSE INFORMATION ALPHABETICALLY.** + +## 2.03 Component Search + +**Advanced Search** dialogue box is used to search for a particular component. + +1. Search the component with **Component Name** and **Categories**. +2. Search the component with **Component Type**. Select the component type from the drop-down list. For more information on the component types, refer to [A. General Information](#a-general-information). +3. Search components with their coding **Languages**, **Software Platforms**, **Operating Systems**, **Vendors** and **Main Licenses**. +4. Search components with **Created by (Email)**. +5. You can use **Created on** field to search for the components created on specific dates or specific time frames. + +## 2.04 Add Component + +To add a new component, click **Add Component** from the component page, this will redirect you to another page where you can add component summary information. + +### **1. Summary** +#### **A. General Information** + +```NOTE: FIELDS MARKED "*" ARE MANDATORY.``` +![](/sw360/img/ImagesBasic/Componentpage/Component_General_Info.png) + +1. Enter the **Name** of the component you want to create.
+ ```NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.```
+2. Select the **Component Type** from the drop-down list. + - OSS: Open-Source Software + - COTS: Commercial off-the-shelf + - Internal: Internally used + - Inner Source: OSS within a particular organization + - Services: Developed as a service + - Freeware: Software that is available free of cost + - Code snippet: A small code which shows how to accomplish a specific task +3. The field **Created by** is set automatically to the creator/owner of the component. +4. Click on **Default Vendor** field. + * This opens a dialogue box, use the type field to search for the vendors. + * Select the vendors + * Click on **Select Vendor**. +5. When you start typing in the **Categories** field, a list of categories that match are displayed to choose from. +6. Enter the **Homepage URL**, this is the web address for your component. +7. Enter a **Short Description** for your component. +8. Enter the **Blog URL**, this is the web address for the blog of your component. +9. **Modified on** date will be set automatically. +10. Enter the **Wiki URL**, this is web address for the wiki page of your component. +11. **Modified by** will be set automatically. +12. Enter the **Mailing List URL**, this is the web address of the mailing list of your component. + +#### **B. Roles** + +![](/sw360/img/ImagesBasic/Componentpage/Component_Roles.png) + +1. **Component owner** holds the component. Click on the field to select **Component Owner**. + * This opens a dialogue box, use the type field to search for the Component Owner. + * Select the users + * Click on **Select Users**. + + ![](/sw360/img/ImagesBasic/Addproject_5.png) + +2. Select a country from the list to assign as **Owner Country**. +3. Enter the **Owner Accounting Unit**. +4. **Moderator** is the user responsible for the component. Click on the field to select moderators. + * This opens a dialogue box, use the type field to search for the moderator. + * Select the users + * Click on **Select Users**. + +``` NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.``` +1. Enter the **Owner Billing Group**. + + +#### **C. Additional Roles** + +To assign more roles to your project, use **Click to Add Additional Roles**. + +![](/sw360/img/ImagesBasic/additionalroles1.png) + +1. Select the type of **role** from the drop-down list. + * Committer + * Contributor + * Expert +2. Enter **Email address** of the responsible personnel. To add multiple additional roles, repeat the same +procedure. + + ![](/sw360/img/ImagesBasic/Componentpage/Component_Additional_Role2.png) + + +3. To delete an additional role, click on ![](/sw360/img/ImagesBasic/Delete_Trash.png). + + +#### **D. External Ids** + +For more information on how to add an **External ID** for your component, refer to [E. External Ids](Project.md/#e-external-ids). + +#### **E. Additional Data** + +For more information on how to add an **Additional Data** for your component, refer to [F. Additional Data](Project.md/#f-additional-data). + +After all the summary information is filled click on **Create Component**, which redirects you to another page where you can add more component information. Following are the two new sections to be filled: + * **Releases** + * **Attachments** + +### **2. Releases** + +A release is a specific version of a component. To add Release information for your component: + +1. Click on **Releases**. + + ![](/sw360/img/ImagesBasic/Componentpage/Componentreleases.png) + +2. Then click on **Add Releases**. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information
+ * **Summary** + * **Linked Releases** + +#### **A. Summary** + +```NOTE: FIELDS MARKED "*" ARE MANDATORY.``` + +![](/sw360/img/ImagesBasic/Componentpage/Create_Release1.png) + +1. Click on the field to select the **Vendor** for your component. This opens a dialogue box, search and select the vendor and click on **Select Vendor**. +2. Enter the **Programming Languages** used for the release. +3. **Name** for the release will be auto generated from the name given to the component. +4. Enter the **Operating Systems** used for the release. +5. Enter the **Version** for the release. +6. Enter the **CPE (Common Platform Enumeration) ID** for the release. + +![](/sw360/img/ImagesBasic/Componentpage/Create_Release2.png) + +7. Enter the **Software Platforms** for the release. +8. Click on the field **Other License** to set other license information for the release. This opens a dialogue box, search and select the licenses and click on **Select Licenses**. +9. Set **Release Date**. +10. Enter the **Source Code Download URL**. This is the web address from where source code of the release can be downloaded. +11. Click on the field **Main License** to set other license information for the release. This opens a dialogue box, search and select the licenses and click on **Select Licenses**. +12. Enter **Binary Download URL**. This is the web address from where binary of the release can be downloaded. +13. **Clearing state** will be set to "new" by default. +14. Select the value for the **Release Mainline State** from the drop-down list. + * Open: No license clearing + * Mainline: Permissive license with no specific obligations + * Specific: Permissive license with additional obligations with standard obligations + * Phaseout: Not used anymore + * Denied: Not to be used because of a specific reason +15. **Created on** is set automatically. + + ![](/sw360/img/ImagesBasic/Componentpage/Create_Release3.png) + +16. **Created by** is set automatically. +17. **Modified on** is set automatically. +18. Click on the field to select **Contributors**. This opens a dialogue box, search and select the contributors and click on **Select Users**. +19. **Modified by** is set automatically. +20. **Moderator** is the user responsible for the release. Click on the field to select moderators. + * This opens a dialogue box, use the type field to search for the moderator. + * Select the users + * Click on **Select Users**. + +**Additional Roles**, refer to [3. Additional Roles](#3-additional-roles). + +**External Ids**, refer to [4. External Ids](#4-external-ids). + +**Additional Data**, refer to [5. Additional Data](#5-additional-data). + +**Release Repository** + +You can add a release repository URL for your release. To add a release repository: + +1. Select the **Repository Type** from the drop-down list. +2. Enter the **Repository URL**. + + ![](/sw360/img/ImagesBasic/Componentpage/Releaserepository.png)
+ +#### **B. Linked Releases** + +To add linked releases to your release, click on linked releases. For more information, refer to [B. Linking Releases](Project.md/#b-linking-releases). + +Click on **Create Release** to add more information for this release. + +#### **C. Clearing Details** + +Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. +To add clearing information to your release, click on **Clearing Details**. + +![](/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details.png) + + +* Check the boxes for all applicable clearing details. +* Enter the applicable data for **Scanned** and **Clearing Standard**. For e.g., date or specific version of your License Scanner. +* Enter **External URL** for the release. +* Add **Comments**. + +**Request Information** + +![](/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png) + +To request more information regarding the release, follow the procedure: + +* Enter **Request ID** and **Additional request Info**. +* Set **Evaluation Start** and **Evaluation End** date. + +**Supplemental Information** + +![](/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png) + +You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information. + +* Enter **External Supplier Id** and the count of **Vulnerabilities**. + +#### **D. ECC Details** + +```NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.``` + +![](/sw360/img/ImagesBasic/Componentpage/Release_ECC_Details.png) + + +To enter ECC details for a release click on **ECC Details**. + +* Select the **ECC Status** from the drop-down list. + * Open + * In progress + * Approved + * Rejected +* Add **ECC Comment**, if required. +* Enter **Ausfuhrliste**, this is a German ECC number. +* Enter **ECCN** and **Material Index Number**. +* **Assessor Contact Person**, **Assessor Department** and **Assessment date** will be set automatically. + +#### **E. Attachments** + +You can add or modify the attachments to your release. To add attachments, click on **Attachments** on the left. For more information on how to add attachments to the release, refer to [1.06 Edit project](Project.md/#106-edit-project). + +## + +After entering all the release information, click on **Update Release**. + +To delete the release, click on **Delete Release**. + +If you do not want to create a release, click on **Cancel**. + + +## 2.05 Edit Component + +1. Search for the components you want to edit or navigate from the component list. +2. Click on ![](/sw360/img/ImagesBasic/Edit_Pen.png) from the actions column. You can also edit a component by clicking on the component and then clicking on **Edit Component**. +3. You can view summary, releases, and attachment information of the component. +4. Click on **Summary** to edit component summary information. For more information on the fields to edit, refer to [1. Summary](#1-summary). +5. Click on **Releases** to view all the releases that are linked to the component. If you want to add more releases to the component click on **Add Releases** at the bottom of the list. For more information on how to add a release, refer to [2. Releases](#2-releases). +6. Click on **Attachments** to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of [1.06 Edit project](Project.md/#106-edit-project). +7. To update the new component information, click on **Update Component**. +8. To delete the component, click on **Delete Component**. +9. If you do not want to edit the component, click on **Cancel**. + + +## 2.06 View Component + +To open a view mode for a component: + +1. Search for the components you want to edit or navigate from the component list. +2. Click on the component name. +3. You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs. +4. You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode. + +### **A. Merge** + +This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. +To merge a component with another, click on **Merge**. This action will redirect you to another page where you can: + +1. Choose the from the list of components that should be merged into the current one. +2. Merge the data from the source into the target component. +3. Check the merged component and confirm the merge. + +### **B. Split** + +This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely. + +To Split a component, click on **Split**. This action will redirect you to another page where you can: + +1. Choose a target component into which the current component needs to split. +2. Split the data from current component to the target component. +3. Check the split version of the component and confirm the split. + +### **C. Subscribe** + +You can **Subscribe** to a component to get notified with emails when any changes are made to the component. + +To not get notified for a particular component, click **Unsubscribe**. + +### **D. View Component Information** + +You can view component information by navigating the navigation tree. + +1. To view component summary, click on **Summary**. To edit summary information for the component, refer to [2.05 Edit Component](#205-edit-component). +2. Click on **Release Overview** to view all the releases for the component. To edit details for any of the linked releases click on ![](/sw360/img/ImagesBasic/Edit_Pen.png) + from the actions column, this will redirect you to a release view page where you can view the following: + * Release Summary + * Linked Releases + * Clearing Details + * ECC details + * Attachments + * Vulnerabilities + * Change Log + +For more information on these sections, refer to [2. Releases](#2-releases). + +#### **Clearing Details** + +You can view the following clearing information for the release in view mode: +* SPDX Attachments +* Assessment Summary info + +**SPDX Attachments** + +SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release. + +![](/sw360/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png) + +* Click on **Show license info** to view main license Ids and Other license ids. + +![](/sw360/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png) + +* If you want to add this data to the current release, click on **Add data to this release**. + +**Assessment Summary Info** + +You can view if the clearing expert has added any summary in the clearing report. + +* To view the summary, click on **Show Assessment Summary info**. +* If there are multiple approved releases, this section will display text "**multiple approved CLI found in release**". + +#### **Vulnerabilities** + +All the vulnerabilities that are linked to the release/component are listed in the vulnerability section. + +![](/sw360/img/ImagesBasic/Componentpage/Component_Vulnerability.png) + +1. Click on **Vulnerability** on the left to view all the linked vulnerabilities for this release/component. +2. You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions. +3. To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability. + +#### **Change Log** + +You can see all the changes that are done for the release/component in change log section. + +![](/sw360/img/ImagesBasic/Componentpage/Component_ChangeLog.png) + +1. To view all the changes done for the release click on **Change Log**. +2. You can now view change date, change log id, change type and user. +3. Click on ![](/sw360/img/ImagesBasic/Componentpage/Changelog1.png) to view all the changes done for a change log id. +4. Click on ![](/sw360/img/ImagesBasic/Componentpage/Changelog2.png) to view the moderation request details for a change log id. + + +## 2.07 Import SPDX BOM + +For more information on importing SBOM, refer to [1.05 Import SBOM](Project.md/#105-import-sbom). + +## 2.08 Export Spreadsheet + +For more information on exporting spreadsheet, refer to [1.13 Export Spreadsheet](Project.md/#113-export-spreadsheet). \ No newline at end of file diff --git a/content/ja/docs/Userguide/Dependency_network.md b/content/ja/docs/Userguide/Dependency_network.md new file mode 100644 index 0000000..f2b1668 --- /dev/null +++ b/content/ja/docs/Userguide/Dependency_network.md @@ -0,0 +1,163 @@ +--- +linkTitle: "Dependency-Network-Feature" +title: "Dependency Network Feature" +weight: 100 +description: + Dependency-Network-Feature +--- + +# **How to enable this feature** + +To use this function, please: + +1. Build the source code and deploy. + +2. Add config **enable.flexible.project.release.relationship=true** (/etc/sw360/sw360.properties) to enable the feature. + +The following changes will work when **enable.flexible.project.release.relationship=true** only. + +3. Use the migration script (**056_migrate_project_dependency_network.py**) we provided to mograte the database. + + Before you run the script, please change two places in the script: + + (1) Line 30: ```DRY_RUN = True``` -> ```DRY_RUN = False``` + + (2) Line 32: ```COUCHSERVER = 'http://localhost:5984/'``` -> ```COUCHSERVER = 'http://admin:password@localhost:5984/'``` + + ```admin``` and ```password``` should be your username and password for CouchDB. + +# **1. Introduction** + +The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects. + +# **2. How to use?** +This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. +Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well. + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/new_edit_GUI.png" >}} + +## **2.1. The changes of edit project GUI** +In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below: + +#### **a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Add_root_release_button.png" >}} + + +#### **b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png" >}} + +#### **c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png" >}} + +#### **d. The combo box allows the user to modify the version of a dependency.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Select_version_box.png" >}} + + +#### **e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.** + +{{< figure src="/sw360/img/sw360screenshots/dependency_network/Check_diff_button.png" >}} + + +## **2.3 Rest API changes** + +### New Rest APIs + +**a. 3.3.35. Get a single project with dependencies network** + +The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)): +``` +{ + "name" : "Emerald Web", + "dependencyNetwork": [ + { + "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac", + "releaseLink": [ + { + "releaseId": "3bed97a1c7ac4c32846ef4be985b648c", + "releaseLink": [ + { + "releaseId": "6a8250852362462095c57535294039e4", + "releaseLink": [], + "releaseRelationship": "TO_BE_REPLACED", + "mainlineState": "PHASEOUT", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ], + "releaseRelationship": "INTERNAL_USE", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ], + "releaseRelationship": "STATICALLY_LINKED", + "mainlineState": "MAINLINE", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + }, + { + "releaseId": "f1d860e7576a44798ee3daff57a3a886", + "releaseLink": [], + "releaseRelationship": "OPTIONAL", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ] +} +``` + +**b. 3.3.36. Creating a project with dependencies network** + +If the **dependencyNetwork** field is included in the request body, a dependency network will be registered for the project. + +- Simple example request (modify releaseIds to the existing release ids in sw360): + +``` +{ + "name": "TestProject1", + "dependencyNetwork": [ + { + "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac", + "releaseLink": [ + { + "releaseId": "3bed97a1c7ac4c32846ef4be985b648c", + "releaseLink": [ + ], + "releaseRelationship": "INTERNAL_USE", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ], + "releaseRelationship": "STATICALLY_LINKED", + "mainlineState": "MAINLINE", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + }, + { + "releaseId": "f1d860e7576a44798ee3daff57a3a886", + "releaseLink": [], + "releaseRelationship": "OPTIONAL", + "mainlineState": "OPEN", + "comment": "Test Comment", + "createOn": "2023-05-15", + "createBy": "admin@sw360.org" + } + ] +} +``` + +**c. 3.3.37. Update a project with dependencies network** + +Same request body as "Creating a project with dependencies network". diff --git a/content/ja/docs/Userguide/FAQ/index.md b/content/ja/docs/Userguide/FAQ/index.md new file mode 100644 index 0000000..a635dc2 --- /dev/null +++ b/content/ja/docs/Userguide/FAQ/index.md @@ -0,0 +1,48 @@ +--- +title: "SW360 User Frequently Asked Questions" +linkTitle: "FAQ" +weight: 21 +--- + +##### **Q**: Who should be listed as Moderator? + +**A**: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role 'Software Clearing Site Representative'. + +##### **Q**: Who should be listed as Contributor? + +**A**: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors. + +##### **Q**: I have changed a project, component, release or attachment, but SW360 does not show the changes? + +**A**: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called 'Moderation Request' is generated. A Moderator needs to approve your changes. Go to the Home view an check the box 'My Task Submissions', the project, component, or release should be listed there. + +##### **Q**: What should I enter in the field 'Visibility'. + +**A**: Visibility controls which group of people is allowed to see a project. The default setting is 'Everyone', i.e. everyone within an organisation can see the project and all its releases. + +##### **Q**: How can I change the 'Clearing State' of a release? + +**A**: There is no direct way to do it. If there is no clearing report available, the clearing state will be 'New'. If a clearing report available it will be 'Clearing report available'. If at least one clearing report has been approved, the clearing state will be 'Approved'. + +##### **Q**: I can't find a specific release inside my project – what can I do? + +**A**: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release. + +##### **Q**: I can't delete my component called 'Tom's Test Component'. + +**A**: Do not use special characters like single or double quotes. To be able to delete such a component or release you'll first have to rename it… + +##### **Q**: What is Copyleft Effect? + +**A**: **Copyleft** effect is the reverse idea of **copyright**. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that **modified software** must also be free and becomes available to the community. + +##### **Q**: Different Classification of the Open Source Licenses. + +**A**: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them: + +| | License Class | License Name(s) | Risks | Obligations | +| --- | --- | --- | --- | --- | +| | **White Licenses** | MIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done) | **low risk** | Mostly standard obligations: display license text, display copyrights | +| | **Yellow Licenses** | CDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPL | **medium risk** - because of non-standard obligtions in some cases | Display license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses | +| | **Red Licenses** | GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL | **check before use** some special obligation which might be not in line with your lans | Display license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used | +| | **Red Licenses** | SleepyCat, Aladdin Free Public License; Berkeley DB licenses | **really check before use** because of nearly unlimited copy left effect | Before thinking about components licensed under these license, get in contact with your software licensing experts! | diff --git a/content/ja/docs/Userguide/Licenses.md b/content/ja/docs/Userguide/Licenses.md new file mode 100644 index 0000000..ddf11bc --- /dev/null +++ b/content/ja/docs/Userguide/Licenses.md @@ -0,0 +1,97 @@ +--- +linkTitle: "Licenses" +title: "Licenses" +Weight: 5 +--- + + +# 3.0 Licenses + +## 3.1 Introduction + +A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360. + +To open the License page, click on the **License tab** from the main menu bar. You can also add licenses in this page. + +![](/sw360/img/ImagesBasic/LicensePage/License_Page.png) + +|Sl.No.|Description| +|:----:|:----------| +|1| [Quick Filter](#32-quick-filter)| +|2| [Add License](#34-add-license)| +|3| [Export Spreadsheet, refer to Project Page](Project.md/#113-export-spreadsheet) | +|4| [License List](#33-license-list) | + +## 3.2 Quick Filter + +You can use the Quick Filter to search for a License. To search for a particular license, use the type field. + +## 3.3 License List + +On the License page you can view all the licenses available in SW360. The licenses are listed with the following information: + +* **License Shortname**: Short name given for the license. +* **License Fullname**: Full name given for the license. +* **Is checked**: This column indicates if the license is checked or unchecked. + + | Symbol | Status| +---------------------------------------------------------|:----:|:----:| + | {{< figure src="/sw360/img/ImagesBasic/Checked.png" >}} | Checked | + | {{< figure src="/sw360/img/ImagesBasic/Unchecked.png" >}} | Unchecked | + +* **License Type**: Type of the License. + +**NOTE: CLICK ON ![](/sw360/img/ImagesBasic/SortIcon.png) TO SORT LICENSE INFORMATION ALPHABETICALLY.** + +## 3.4 Add License + +To add a new License, click on **Add License** on the license page, which redirects you to another page +where you can add License details. + +![](/sw360/img/ImagesBasic/LicensePage/Create_License.png) + +1. Enter **Full Name** of the license you want to add. +2. You can select if the license has an OSI (Open Source Initiative) approval. Select the values for **OSI Approved?** from the drop-down list. + * n/a: Not applicable + * Yes +3. Enter the **License Text**. +4. Enter **Short Name** for the license. +5. You can select if the license is an FSF (Free Software Foundation) license. Select the values for **FSF Free/Libre** from the drop-down list. + * n/a: Not applicable + * Yes +6. Check the box if the license is checked. +7. Select the **License Type** from the drop-down list. +8. Click on **Create License** to create a new license +9. If you do not want to add a license at any point of time, click on **Cancel**. + +## 3.5 View License + +To open a view mode for a license: + +1. Search for the License you want to view or navigate from the License list. Click on the License Shortname. +2. You are now in view mode of the license, and you can view all the details of the license like: + * License Details + * License Text + * Obligation + + ![](/sw360/img/ImagesBasic/LicensePage/View_License.png) + +## 3.6 Edit License + +The **Edit License** option is used to modify license details for existing licenses. To edit a license, follow the below procedure: + +1. Search for the license you want to view or navigate from the License list. Click on the License Shortname. +2. You are now in view mode of the license, click on **Edit License**. + + ![](/sw360/img/ImagesBasic/LicensePage/Edit_License.png) + +3. Modify License Details as required. For more information on the fields, refer to [3.4 Add License](#34-add-license). +4. You can also add license obligations in this view. To add License obligations, click on Linked Obligations. +5. Click on **Add Obligation**, a dialogue box will appear with a list of all the obligations that are available in SW360. +6. Use the search field to select the required obligation and click **Add**. + + ![](/sw360/img/ImagesBasic/LicensePage/Linked_Obligations_2.png) + +7. To delete an obligation that is already linked, click ![](/sw360/img/ImagesBasic/Delete_Trash.png). +8. If you do not want to make changes to the license at any point of time, click on **Cancel**. +9. If you want to delete the license, click on **Delete License**. \ No newline at end of file diff --git a/content/ja/docs/Userguide/Preferrences.md b/content/ja/docs/Userguide/Preferrences.md new file mode 100644 index 0000000..44645f3 --- /dev/null +++ b/content/ja/docs/Userguide/Preferrences.md @@ -0,0 +1,54 @@ +--- +linkTitle: "Preferences" +title: "Preferences" +description: "SW360 Preferences" +Weight: 8 +--- + +# 8. Preferences + +The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. +To open the Preferences page, click on the **Preference** tab from the main menu. + +![](/sw360/img/ImagesBasic/Preferences%20Page/Preferences_Page.png) + +|Sl.No.|Description| +|:----:|:----------| +|1| [Email Notification Preferences](#82-email-notification-preferences)| +|2|[SW360 User Information](#81-sw360-user-information)| +|3| [REST API Token ](#83-rest-api-tokens) | + +## 8.1 SW360 User Information + +On the **SW360 User** section you can view the following information: + +* **Name** +* **E-mail** +* **Primary Department** +* **External ID**: This is your organization ID. +* **Primary Department Role**: This is the role you are assigned in SW360. +* **Secondary Departments and Roles**: Any other roles which are assigned. + +## 8.2 Email Notification preferences + +To modify your email notifications, follow the procedure: + +![](/sw360/img/ImagesBasic/Preferences%20Page/Edit_email_preferences.png) + +1. Check the **Enable E-mail notifications** box which activates Email notifications. +2. Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the **Project** section. This section will display an expanded view of the available roles. +3. Select the roles that you want to be notified. +4. You can repeat the above procedure for other sections, i.e., **Component**, **Release**, **Moderation** and, **Clearing**. +5. Click on **Update Settings** to update the changes done. + +## 8.3 REST API Tokens + +REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated. + +You can generate a REST API token for read access, by following the procedure: +1. Enter a token **Name**. +2. Check the **Authorities** box if you wish to give read access. +3. Set an **Expiration Date** for the token. +4. Click on **Generate Token**. + +![](/sw360/img/ImagesBasic/Preferences%20Page/REST_API_TOKENS.png) \ No newline at end of file diff --git a/content/ja/docs/Userguide/Project.md b/content/ja/docs/Userguide/Project.md new file mode 100644 index 0000000..80e33ec --- /dev/null +++ b/content/ja/docs/Userguide/Project.md @@ -0,0 +1,567 @@ +--- +linkTitle: "Project" +title: "Project" +Weight: 3 +--- + +# 1.0 Project Page + +## 1.01 Introduction + +Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Projectpage.png" >}} + +|Sl.No.|Description| +|:----:|:----------| +|1| [Advanced Search](#103-project-search)| +|2|[Add Project](#104-add-project)| +|3| [Import SPDX BOM](#105-import-sbom) | +|4| [Export Spreadsheet](#113-export-spreadsheet)| +|5| [Project List](#102-project-list) | + +## 1.02 Project List +The Project List lists all the relevant projects with the following information: +* **Project name**: All the projects are listed with their names. +* **Description**: The description for the project is displayed here. +* **Project responsible**: The email address of the person responsible for the project is displayed. +* **State**: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors. + + | Color | Project State (PS) | Project Clearing State (CS) | + |-----:|:------------------|:------------------| + | **Green** | Active |Closed | + | **Yellow** |Not Applicable | In-progress | + | **Red** | Open | Open | + | **Grey** | Phase out/ Unknown |Not Applicable | + +* **License Clearing** displays the clearing states for releases for the project including sub projects. +* **Actions**: you can perform the following actions for a project: + + | Action | Description | + |:--:|:-- | + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png" >}}| To edit a Project | + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png" >}} | To create clearing request the OSS clearing team | + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png" >}}| To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.| + |{{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}| To delete the project from SW360. | + +**NOTE: CLICK ON {{< figure src="/sw360/img/ImagesBasic/Project_Page/SortIcon.png" >}} TO SORT LICENSE INFORMATION ALPHABETICALLY.** + +## 1.03 Project Search + +**Advanced search** dialogue box allows you to search for a particular project. To search for a project follow the procedure: + +1. Enter the **Project name** and **Version** of the project that you want to search. +2. Select the **Project Type** from the drop-down list. For more information regarding the project type, refer to paragraph 4. of [General Information](#a-general-information). +3. Search the project by **Project Responsible** email. +4. Search projects by their **Group**, select the group from the drop-down list.
```NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.``` +5. Search projects by their project **State**, select the options available from the drop-down list. For more information regarding project state, refer to [1.02 Project List](#102-project-list). +6. You can search the projects by their **Clearing State**, select the options available from the drop-down list. For more information regarding project state, refer to [1.02 Project List](#102-project-list). +7. You can search projects by their **Tags**. If there are multiple tags that you want to search, use a comma to separate. +8. You can search projects by **Additional Data**. + +## 1.04 Add Project + +To add a new project, click on the **Add Project** on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information: +- **Summary** +- **Administration** +- **Linked Releases and Projects** + +### **1.** **Summary** + +#### **A.** **General Information** + +```NOTE: FIELDS MARKED "*" ARE MANDATORY``` + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectGeneralInfo%20(1).png" >}} + +1. Enter the **Name** of the project you want to create. +2. The field **Created by** is set automatically to the creator/owner of the project. +3. **Version** of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required. +4. Select the **Project Type** from the drop-down list. + - Customer: Delivered to the customer + - Internal: Internally used but can also be used in other projects as a sub-project + - Product: Developed as a product and delivered to the customer + - Services: Developed as a service and delivered to the customer + - Inner Source: OSS within a particular organization + +5. **Project Visibility** describes if the project is visible to all or only selected personnel. The default is set to "everyone", you can select the project visibility from the drop-down list. + - Private: Only visible to creator or admin + - Me and Moderators: Visible to creator, moderators and admins + - Group and Moderators: Visible to all users of the same group and the moderators + - Everyone: All logged in users + +6. **Tags** are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project. +7. Check or uncheck the following fields as required: + * **Enable Security Vulnerability Monitoring** (activated only if security responsible are added), refer to [C. Roles](#c-roles). + * **Do not create monitoring list**, but use from the external id, refer to [E. External IDs](#e-external-ids). + * **Enable Displaying Vulnerabilities** if you want the vulnerabilities to be visible. + +8. **Modified on** date will be set automatically on creating the project. +9. **Description**: You can enter details of your project. +10. **Modified by** will be set automatically. +11. Select the **Domain** for your project from the drop-down list. + * Application software + * Documentation + * Embedded Software + * Hardware + * Test and diagnostics +12. Click on the field to select the **Vendor** for your project. + * This opens a dialogue box, use the type field to search for the vendors. + * Select the vendors + * Click on **Add Vendor**. + +#### **B. External URLs** + +Click on **Click to add row to external URLs** to add URLs of your project.
+ {{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL1.png" >}} + +1. Select **External URL Key** from the drop-down list. + * Homepage: Link for homepage + * Wiki page: Link for wiki page + * Clearing: +2. Enter **External URL Value**. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.
+ {{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL2.png" >}} + +3. To delete an external URL, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **C. Roles** + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectRoles.png" >}} + +1. **Group** is the department you/project owner belongs to. Click on the group field to select a **Group** for your project. + * This opens a dialogue box, use the type field to search for the group. + * Select the group. + * Click on **Select** + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Addproject4.png" >}} + +2. Enter the **Owners Accounting Unit**. + +3. Project manager is the user who manages the project. Click on the field to select **Project Manager**. + * This opens a dialogue box, use the type field to search for the Project Manager. + * Select the Users. + * Click on **Select Users**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Addproject_5.png" >}} + +4. Enter the **Owners Billing Group**. +5. **Project Owner** holds the project. Click on the field to select **Project Owner**. + * This opens a dialogue box, use the type field to search for the Project Owner. + * Select the Users. + * Click on **Select Users**. +6. Select the **Owner Country** from the drop-down list. +7. **Security responsible** is the list of users responsible for the security of the project. Click on the field to select **Security responsible**. + * This opens a dialogue box, use the type field to search for the Security responsible. + * Select the Users + * Click on **Select Users**. +8. Click on the field to select **Lead Architect**. + * This opens a dialogue box, use the type field to search for the Lead Architect. + * Select the Users. + * Click on **Select Users**. +9. **Moderator** is the user responsible for the project. Click on the field to select moderators. + * This opens a dialogue box, use the type field to search for the Moderators. + * Select the Users. + * Click on **Select Users**. +10. Click on the field to select **Contributors**. + * This opens a dialogue box, use the type field to search for the Contributors. + * Select the Users. + * Click on **Select Users**. + + +#### **D. Additional Roles** + +To assign more roles to your project, use **Click to Add Additional Roles**. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/additionalroles1.png" >}} + +1. Select the type of **Role** from the drop-down list. + * Stakeholder + * Analyst + * Contributor + * Accountant + * End user + * Quality manager + * Test Manager + * Technical writer + * Key user +2. Enter **Email address** of the responsible personnel. To add multiple additional roles, repeat the same procedure. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/additionalroles2.png" >}} + +3. To delete an additional role, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **E. External Ids** + +Click on **Click to add row to External Ids** to add external Ids to your project. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Project_external_ID_1.png" >}} + +1. Click on field to enter **External Id Key** and select from the drop-down list. +2. Enter **External Id Value**. To add multiple external Ids, repeat the same procedure. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Project_external_ID_2.png" >}} + +1. To delete an External Id, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **F. Additional Data** + +You can add data keys and corresponding data values for your project. + +To add more additional data keys, click on **Click to add rows to additional data**. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Additional_data_1.png" >}} + +1. Enter **additional data key**. +2. Enter **additional data value**. To add multiple additional data, repeat the same procedure. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Additional_data_2.png" >}}. + +3. To delete an additional data, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +### **2.** **Administration**
+Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on "Administration", use navigation section.
+ +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectAdministration.png" >}} + +#### **A.** **Clearing information** + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/Clearing_Information.png" >}} + +To add clearing information for your project: + +1. Select the values for **Project Clearing State** from the drop-down list. + * Open Project + * In progress + * Closed +2. Clearing team is responsible for project clearing. To assign a clearing team, select the values for **Clearing team** from the drop-down list. +3. Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set **Deadline for pre-evaluation** date. +4. Following information should be entered manually: + - **Clearing summary**: Overview of the clearing for the project management. + - **Special risk open source software**: Risks which occur out from usage of specific OSS components. + - **General risk 3rd party software**: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements. + - **Special risk 3rd party software**: Specific risks which occur by using specific projects, including commercial projects. + - **Sales and delivery channels**: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses. + - **Remarks and additional requirements**: Any additional relevant requirement. + + ```NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.``` + +#### **B.** **Lifecycle information** + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectLifecycle.png" >}} + +To add lifecycle information for your project: + +1. Select the values for **Project state** from the drop-down list. + * Active + * Phase-out + * Unknown +2. Set **System test begin** and **System test end** dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases. +3. Set **Delivery start** and **Phase out** dates. After the phase out date, maintenance is not required for the project. + + ```NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.``` + +#### **C.** **License Info Header** + +The license info header can be set as a default header. However, you can edit this field as required. + +### **3.** **Linked Releases and Projects** + +You can link other projects and releases to the project that you are adding. Click on **Linked Releases and Projects**, use navigation section. + +{{< figure src="/sw360/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png" >}} + + +#### **A.** **Linking Projects** + +To add existing projects as a sub-project: + +1. Click on **Add Projects**, this action opens a dialogue box. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png" >}} + +2. Search and select the projects which you would like to link. +3. Click on **Link Projects**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png" >}} + +4. After the project is linked, you can select the **Project Relation** for your sub-project from the drop-down list. + * Sub-project + * Duplicate + * Unknown + * Related +5. Check or uncheck **Enable SVM** as required. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_3.png" >}} + +6. To link multiple projects, repeat the same procedure. +7. To delete a linked project, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +#### **B.** **Linking releases** + +To add releases to your project: + +1. Click on **Add Releases**, this action opens a dialogue box. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Link_release_1.png" >}} + +2. **Search** for the releases which you want to link or click on **Releases of linked projects** to view all the releases which are linked to the project. +3. Select all the releases which you want to link and click on **Link releases**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Link_release_2.png" >}} + +4. After the release is linked, you can select the value for the **Release relation** from the drop-down list. + * Unknown + * Contained + * Related + * Dynamically linked + * Statically linked + * Side by side + * Standalone + * Internal Use + * Optional + * To be replaced + * Code snippet +5. Select the value for the **Release Mainline State** from the drop-down list. + * Open + * Mainline + * Specific + * Phaseout + * Denied +6. Add **Comments**, if required. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Link_release_3.png" >}} + +7. To link multiple releases/components, repeat the same procedure. +8. To delete a linked release, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}. + +After all the information for the new project is filled out. Click on "**Create Project**" at the top. + +If you do not want to create a project on any point of time, click on "**Cancel**" at the top. + +## 1.05 Import SBOM + +SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM: + +1. Click on **Import SBOM** on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM). +2. Drag and drop the file from your local system to the dialogue box or click on **Browse File** and select the file you want to import. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/ImportSBOM.png" >}} + + ```NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.```
+3. After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created. + +## 1.06 Edit Project + +You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure: + +1. Search for the projects you want to edit or navigate from the project list. +2. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png" >}} from the actions column. You can also edit a project by clicking on the project and click on **Edit Project**. +3. Change the data for the project as required. For more information, refer to [1.04 Add Project](#104-add-project). +4. In this view, you can also add attachments for the project in this view, click on **Attachments**, use navigation section.
+ {{< figure src="/sw360/img/ImagesBasic/Project_Page/EditProject_Attachments.png" >}}
+ * Click on **Add Attachment**, this action opens a dialogue box.
+ * Browse and select the files which you want to upload or drag and drop them into the area.
+ * Click on **Upload**.
+ * Select the type of file from the drop-down list.
+ * Select the status from the drop-down list.
+ * If required, add **comments**
+ + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Attachment_2.png" >}} + + * To delete an attachment, click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}}.
+5. After you modify the required fields, click on "**Update Project**". +6. To delete the project, click on "**Delete Project**". +7. To cancel any changes that you made click on "**Cancel**". + +## 1.07 Duplicate a Project + +Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project: + +1. Search for the projects you want to duplicate or navigate from the project list. +2. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png" >}} from the actions column to duplicate the project. +3. Modify the data for the duplicate project as required. For more information, refer to [1.04 Add Project](#104-add-project). +4. Click on "**Create Project**" after all changes are made. +5. To cancel any changes that you made click on "**Cancel**". + +## 1.08 Deleting a Project + +You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure: + +```WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.``` + +1. Search for the projects you want to delete or navigate from the project list. +2. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png" >}} from the actions column to delete the project. +3. The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting. +4. Click on **Delete Project**. +5. To cancel any changes that you made click on **Cancel**.
+ + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Deleteproject1.png" >}} + + +## 1.09 Linking A Project + +There are multiple ways that you can link a project to another. + +### **A. Linking to a parent project** + +1. Search for the projects you want to link or navigate from the project list. Click on the required project. +2. This will display the view mode of the selected project. Click on "**Link Projects**" on the top. This will open a dialogue box to search for the projects. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png" >}} + +3. Search for the projects which you want to link. +4. Select the projects and click on **Link Projects**. +5. Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the **click here to edit the project relation** on the green prompt. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linking_project.png" >}} + +6. Again, the project opens up in edit mode. +7. Modify the project details as required for the linked project. Refer to [Link Projects](#a-linking-projects). +8. Click on **"Update Project"** to save your changes. + +### **B. Linking a child project** + +To add child projects to a parent project, refer to [3. Linked Releases and Projects](#3-linked-releases-and-projects). + +## 1.10 Linking Components or Releases + +You can directly link a component or release to a parent project, refer to [3. Linked Releases and Projects](#3-linked-releases-and-projects). + +### **A. Link Component** + +You can also link a component to a project while editing a project. + +1. Search for the projects you want to delete or navigate from the project list. Click on the required project. +2. This will display the view mode of the selected project, click on **license clearing**, use navigation section. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/LicenseClearing_1.png" >}} + +3. Select the component/release from the list displayed. After which, which redirects you to its component page. +4. Click on "**Link to Projects**" to link this release/component to a project. This will open a dialogue box to search for the projects. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png" >}} + +5. If you want to view the projects which are already linked to the components/release, check the box for **show already linked projects**. +6. Select the project which you want to link the component / release to and then click on **link to project**. + + + +## 1.11 Security Vulnerability tracking for Projects + +You can view all the security vulnerabilities for your project. To view vulnerability tracking status: + +1. Search for the projects or navigate from the project list. Click on the required project. +2. This will display the view mode of the selected project, click on **Vulnerability Tracking Status**. +3. Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the "security responsible" is assigned. Refer to paragraphs [C. Roles](#c-roles). +4. You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/SVM_Tracking.png" >}} + +5. To view all the listed vulnerabilities for sub-projects of the parent project click on **Vulnerabilities**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/SVM_Tracking_2.png" >}} + +6. If you want to view the complete data for a vulnerability, refer to [5. Vulnerability](../New%20Userguide/5.%20Vulnerabilities.pdf). + +## 1.12 Clearing Requests + +Each project needs license clearing and it is a project level activity. + +### **A. Create Clearing Requests** + +To create a clearing request: + +1. Search for the projects or navigate from the project list. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png" >}} or, +2. Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on **License Clearing**, use navigation section. +3. Click on **Create Clearing Request**, a dialogue box will appear. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Create_clearing_request.png" >}} + +4. Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on **Select Users**. +5. Select the **Preferred Clearing Date**. +6. If required, add **Comments**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/License_Clearing_request.png" >}} + +7. Click on "**Create Request**". +8. To cancel any changes that you made click on **Cancel**. + +### **B. View Clearing Requests** + +You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure: + +1. Search for the projects or navigate from the project list. Click on {{< figure src="/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png" >}} or, +2. Click on the required project. +3. Select **License Clearing**, use navigation section. +4. Click on **View Clearing Request**. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/View_Clearing_request.png" >}} + +5. A new dialogue box with the clearing request information will be displayed. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png" >}} + + +### **C. Edit Clearing Requests** + +For more information on how to edit the existing clearing requests, refer to [6. Requests](Requests.md/#6-requests). + +## 1.13 Export Spreadsheet + +You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group "SHS". + +1. Go to project home page. +2. If required, you can filter the projects using the advanced search options. Refer to [1.02 Project Search](#103-project-search). +3. After the search gives a result, click on **Export Spreadsheet** and select the option from the drop-down list. + * Projects only + * Projects with linked releases +4. A file will now be downloaded to your local system with the required information. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Export_spreadsheet.png" >}} + + +```NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.``` + +## 1.14 Generate License Info + +You can generate a read me OSS file of all the license information for a project. To generate license information: + +1. Search for the projects or navigate from the project list. Click on the required project. +2. Select **License Clearing**, use navigation section. +3. The page displays the list of all the releases listed and their respective release clearing state in the ***state*** column. Each of the releases has license information in the form of CLI files. You can view this information in the ***main licenses*** or ***other licenses*** column. +Generating a license info will create a read me OSS document combining all the licenses. +4. Click on **Generate license info** and select the options from the drop-down list. + * Project only + * Project with sub project + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Generate_license_info.png" >}} + +5. After your selection, you are redirected to another page where you can further modify the output of the license information. +6. Select **Show all** to view all the license information or **Only Approved** to view approved licenses. +7. Select which CLI you want to publish the information from the list displayed below. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Generate_license_info_2%20.png" >}} + +8. Click on **Download**. A new Dialogue box will appear asking for your preferences. +9. Check the required boxes and select an output format. +10. Click on **Download** to get a Readme.OSS file. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Generate_license_info_3.png" >}} + +## 1.15 Generate Source Code Bundle + +Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle: + +1. To select the project, use the search option or navigate from the project list and click on it. +2. Select **License Clearing**, use navigation section. +3. The window shows a list of all the releases listed. Click on **Generate Source Code Bundle** and select the option from the drop-down list. + * Project only + * Project with sub project + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Source_code_1.png" >}} + +4. After you select, you are redirected to another page which lists all the source code information. +5. Select the required source code and click **Download**. +6. A combined zip file comprising of all the select source code will be downloaded. + + {{< figure src="/sw360/img/ImagesBasic/Project_Page/Source_code_2.png" >}} \ No newline at end of file diff --git a/content/ja/docs/Userguide/Requests.md b/content/ja/docs/Userguide/Requests.md new file mode 100644 index 0000000..98d8cce --- /dev/null +++ b/content/ja/docs/Userguide/Requests.md @@ -0,0 +1,190 @@ +--- +linkTitle: "Requests" +title: "Requests" +Weight: 6 +--- + + +# 6. Requests + + +Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests: + +1. Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page.
+ * My Task Assignments: Moderation requests that are pending for your approval. + * My Task Submissions: Moderation requests that are created by you. +2. Clearing Request: For more information on clearing requests, refer to [1.12 Clearing Requests, Project Page](Project.md/#112-clearing-requests). + + +To open the Requests page, click on the **Requests tab** from the main menu. + +![](/sw360/img/ImagesBasic/Request_Page/Request_Page.png) + +|Sl.No.|Description| +|:----:|:----------| +|1| [Moderation Requests](#61-moderation-requests) or [Clearing Requests](#62-clearing-request)| +|2|[Search Moderation Requests](#1-search-moderation-requests) or [Search Clearing Request](#2-search-clearing-requests)| +|3| [Moderation Request List](#1-moderation-request-list) or [Clearing Request List](#1-clearing-requests-list)| +## 6.1 Moderation Requests + +### 1. Moderation Request list + +Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. +Moderation requests are further categorized into two types: +* **Open Moderation Requests**: The moderation requests which are pending for approval. To view the list of open requests, click **Open Moderation Requests**. +* **Closed Moderation Requests**: The moderation requests which are approved. To view the list of closed requests, click **Closed Moderation Requests**. + +![](/sw360/img/ImagesBasic/Request_Page/Moderation_Requests.png) + +The moderation requests are listed with the following information: +* **Date**: Date of the creation of the request. +* **Type**: The document type for the moderation request created. +* **Document Name**: Name of the document (Project/Component/Release). +* **Requesting User**: Email Id of the user who created the moderation request. +* **Department**: Department of the requesting user. +* **Moderators**: List of the moderators for that project/component/release. +* **State**: State (In Progress/Pending/Approved/Rejected) of the moderation request. +* **Actions** + +**NOTE: USE ![](/sw360/img/ImagesBasic/SortIcon.png) TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.** + +### 1. Search Moderation Requests + +1. Search with **Date** the request was created. +2. Search the request with the document **Type** and select from the drop-down list. + * OSS + * COTS + * Internal + * Inner Source + * Service + * Freeware + * Code Snippet +3. Search the request with **Document Name**. +4. Search the request with **Requesting User**. +5. Search the request with **Department**. +6. Search the request with **State** and select from the drop-down list. + * Approved + * Pending + * Rejected + * In Progress + +### 3. Edit Moderation Requests + +To edit a moderation request, click on **Open Moderation Request / Closed Moderation Request** on the request page. +1. Search for the request you want to edit or navigate from the request list. +2. Click on the request you want to edit. You will now be redirected to another page with details of the request. +3. You can view the following moderation request information: + * Requesting user + * Submitted on + * Comment from the requested user + * Status of the request + * Moderator assigned + * Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes. + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request.png) + + +4. Click on **Proposed Changes** to view: + * Field name the changes are requested for + * Current Value of the field + * Former Value of the field + * Suggested Value for the field + * Attachments, if added + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png) + +5. To preview the current document, click on **Current Release/Current Project**. + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png) + +6. To accept the changes of the moderation request, click on **Accept Request**. +7. To reject changes for the moderation request, click on **Decline Request**. +8. To postpone a moderation request, click on **Postpone request**. +9. If you do not want to be a moderator for this request, click on **Remove Me from Moderators**. +10. If you do not want to make changes at any point of time, click on **Cancel**. + + +## 6.2 Clearing Request + + +### 1. Clearing Requests list + +Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types. + +* **Open Clearing Requests**: The clearing requests which are pending approval. To view the list of open requests, click **Open Clearing Requests**. +* **Closed Clearing Requests**: The clearing requests which are approved. To view the list of closed requests, click **Closed Clearing Requests**. + +![](/sw360/img/ImagesBasic/Request_Page/Clearing_Requests.png) + +The clearing requests are listed with the following information: + +* **Request Id**: Request ID number of the clearing request. +* **BA/BL Group**: +* **Project**: Name of the project the clearing request belongs to. +* **Status**: Status of the clearing request, rejected or closed. +* **Requesting User**: Username of the user who created the clearing request. +* **Clearing Team**: Person responsible for the approval of the clearing request. +* **Created on**: Creation date of the clearing request. +* **Preferred Clearing Date**: The proposed date of completion of clearing request. +* **Agreed Clearing Date**: The agreed date of completion for clearing request. +* **Request Closed on**: The actual date the clearing request is closed. +* **Clearing Progress** (Only applicable for open clearing requests) +* **Actions**: Click on ![](/sw360/img/ImagesBasic/Request_Page/Images/Edit_Pen.png) to edit the clearing request. + +**NOTE: USE ![](/sw360/img/ImagesBasic/Request_Page/Images/SortIcon.png) TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.** + +### 2. Search Clearing Requests: + +1. Search the request with **Select date type and range**. +2. Search the request with **Priority** and select from the drop-down list. + * Low + * Medium + * High + * Critical +3. Search the request with **BA BL group**. +4. Search the request with **Status** and select from the drop-down list. + * New + * Accepted + * In Queue + * In Progress + * Awaiting Response + +### 3. Edit Clearing Requests + +To edit a clearing request, click on **Open Clearing Request / Closed Clearing Request** on the request page. +1. Search for the request you want to edit or navigate from the request list. +2. You can also use **Quick Filter** to search for a request. +3. Click on the request you want to edit, this will redirect you to another page with details of the request. +4. To modify the clearing request, click on **Edit Request**. +5. You can view the following **clearing request information for the project**: + * Requesting User + * Created On + * Preferred Clearing Date + * Business Area/Line + * Requester Comment + * Clearing + * Request Status: You can modify the request status as required. Select the required value from the drop-down list. + * New + * Accepted + * Rejected + * In Queue + * In Progress + * Closed + * Awaiting Response + * Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. + * Low: Clearing date is greater than 4 weeks + * Medium: Clearing time is less than 2-4 weeks + * High: Clearing time is less than 2 weeks + * Critical: Clearing time is less than 1 week
+ ``` NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.``` + * Clearing team: Click on the field to select the **Clearing Team** for the request. This opens a dialogue box, search and select the clearing expert and click on **Select Users**. + * Agreed Clearing Date: Click on the field to set the clearing date + * Last Updated on + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png) +6. Click on **Clearing request comments** to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click **Add Comment**. + + ![](/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png) + +7. After making the changes, click on **Update Request**. +8. If you do not want to make changes at any point of time, click on **Cancel**. diff --git a/content/ja/docs/Userguide/SPDX_document.md b/content/ja/docs/Userguide/SPDX_document.md new file mode 100644 index 0000000..11f19d7 --- /dev/null +++ b/content/ja/docs/Userguide/SPDX_document.md @@ -0,0 +1,80 @@ +--- +linkTitle: "SPDX Document" +title: "SPDX Document" +weight: 100 +description: + SPDX Document +--- + +# **How to enable this feature** + +To use this function, please: + +1. Build the source code and deploy. + +2. Add config **spdx.document.enabled = true** (/etc/sw360/sw360.properties) to enable the feature. + +The following changes will work when **spdx.document.enabled = true** only. + +# **1. Introduction** + +SPDX Document manages Document Creation Information, Package Information, Other Licensing Information Detected, Relationships between SPDX Elements, Annotations + +# **2. How to use?** +**1. File Test Import**: https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf + +**2. Import SPDX in Page Component** + +#### Import + +- Support RDF/XML, SPDX. +- Import all Packages in the SPDX file (main package and dependent packages) +- Import relationships related to Packages and SPDX Documents (relationships related to File and Snippet are not imported) + + +#### Steps +1. Go to component page +2. Click "Import SPDX BOM" button +3. Upload SPDXRdfExample-v2.3.spdx.rdf + +#### Validate + +- "Apache Commons Lang", "glibc", "Jena" and "Saxon" components were created +- "glibc (2.11.1)", "Saxon(8.8)" and " Jena (3.12.0) " releases were created +- Tab SPDX Document exits in release glibc (2.11.1), Jena (3.12.0) and Saxon (8.8) + +#### Result + +##### Tab SPDX Document - Full Page of Release Glibc(2.11.1) + +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Glibc.png" >}} + +##### Tab SPDX Document - Lite Page of Release Glibc(2.11.1) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Glibc(2.11.1).png" >}} + + +##### Tab SPDX Document - Full Page of Release Jena (3.12.0) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Jena_(3.12.0).png" >}} + +##### Tab SPDX Document - Lite Page of Release Jena (3.12.0) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Jena_(3.12.0).png" >}} + + +##### Tab SPDX Document - Full Page of Release Saxon (8.8) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Saxon_(8.8).png" >}} + +##### Tab SPDX Document - Lite Page of Release Saxon (8.8) +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Saxon_(8.8).png" >}} + + +**3. Feature: Edit , Add tab SPDX Document in Release** + +##### Edit tab SPDX Document - Full Page +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Full_Page.png" >}} + +##### Edit tab SPDX Document - Lite Page +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Lite_Page.png" >}} + + +##### Add tab SPDX Document +{{< figure src="/sw360/img/sw360screenshots/spdx_document/Add_tab_SPDX_Document.png" >}} diff --git a/content/ja/docs/Userguide/SW360 Homepage.md b/content/ja/docs/Userguide/SW360 Homepage.md new file mode 100644 index 0000000..cc1af8a --- /dev/null +++ b/content/ja/docs/Userguide/SW360 Homepage.md @@ -0,0 +1,22 @@ +--- +linkTitle: "Home Page" +title: "Home Page" +Weight: 2 +--- + +The private area of the home page contains an overview of projects and components which are specific to you and other general information. + +{{< figure src="/sw360/img/ImagesBasic/Home_Page.png" >}} + +| Sl.No | Name | Description | +|:-----:| :------------------ |:-----------| +| 1 | Main Menu | Main menu consists primarily of the various tasks you can perform. | +| 2 | My Projects | Displays the list of projects for a specific role or clearing state. | +| 3 | My Task Assignments | Displays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator. | +| 4 | My Components | Displays the list of components that are created by you. | +| 5 | My Task Submissions | These are the change requests that are submitted by you for approval to change any aspect of a “project, component or release” for which you are not a creator or moderator. | +| 6 | Search Bar | You can find the search bar on the right top corner of the application. The search bar enables you to search for a specific project/component/release. | +| 7 | My Profile | You can find the profile icon on the right top corner of the application. You can perform the following actions in My Profile:
- **My sites**, redirects you to a page where you can view all the sites you have opened in the past.
- **My profile**, redirects you to a page where you can view your vCard.
- **My dashboard**, redirects you to a page where you can view a summary of your profile.
- **Notifications**, redirects you to a page where you can view all the latest updates.
- **Shared content**, redirects you to a page where you can view all the shared content which is shared with you or shared by you.
- **My submissions**, redirects you to a page where you can view all of your submissions.
- **My workflow tasks**, redirects you to a page where you can view the tasks assigned to you or your roles.
- **Account settings**, redirects you to a page where you can modify **general information**, **passwords**, **addresses and contact** information, and **alert preferences** as needed.
- **My connected applications**, redirects you to a page where you can view connected applications.
- **My organization**, redirects you to a page where you can view your organization information.
- You can sign out of SW360 using the **Sign out** option. | +| 8 | My Subscriptions | Displays a list of various components and releases you have subscribed to.
**NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.** | +| 9 | Recent Components | Displays a list of recent components which are added to SW360. | +| 10 | Recent Releases | Displays a list of recent releases which are added to SW360. | diff --git a/content/ja/docs/Userguide/Search.md b/content/ja/docs/Userguide/Search.md new file mode 100644 index 0000000..0ea29de --- /dev/null +++ b/content/ja/docs/Userguide/Search.md @@ -0,0 +1,27 @@ +--- +linkTitle: "Search" +title: "Search" +Weight: 7 +--- + + +# 7. Search + +On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360. + + +![](/sw360/img/ImagesBasic/Search_Page.png) + + +To search for a particular (object), click on Search tab and follow the procedure: + +1. Type the **keyword** in the text field. +2. The checkbox in **Restrict To Type** allows you to further restrict your search to a specific (object), you can choose to restrict the **type** to projects, components, licenses etc. +3. Click on **Search** to get the search results +4. Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page. + +### Wildcards + +The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use '?' and for multiple character wildcard he can use '*'. The Wildcard can stand in the middle of characters or at the end, but not at the beginning. + + diff --git a/content/ja/docs/Userguide/_index.md b/content/ja/docs/Userguide/_index.md new file mode 100644 index 0000000..00b5b92 --- /dev/null +++ b/content/ja/docs/Userguide/_index.md @@ -0,0 +1,106 @@ +--- +title: "User Guides" +linkTitle: "User Guides" +weight: 10 +icon: fas fa-users +description: This guide provides an overview of SW360 and how to get started with using it. It covers the basic usage, and tips for configuring SW360 to work with your software development tools. +--- + +# SW360 INTRODUCTION +SW360 is a comprehensive software catalogue application that helps organizations manage their software components and licenses effectively. This application provides detailed information about the software components used in various projects, including their licenses, clearing information, and other relevant data. With SW360, organizations can easily track and manage the software components used in their projects, ensuring compliance with licensing requirements and minimizing legal risks. + +SW360 can also be used with the license scanner, "FOSSology" which provides license clearing, which is then integrated into the workflows. SW360 integrates software artifacts and projects into the related existing infrastructures. SW360 also provides backend services for distinct tasks and a set of portlets to access these services. + +Use case areas: +- Handling project information where open-source software components and other third-party software are used. +- SBOM (Software Bill Of Materials ) Management. +- Handling component information and its associated processess. E.g.: name, vendor, version, ECCN information, license compliance information. +- Handling license information. E.g., obligations, license texts, etc. +- Collecting security vulnerability management information and matching them with components stored in component services +- Compiling and creating all license related documentation. E.g., Readme, source code bundle, that are supported by workflows. + +## SW360 Functionality + +With SW360 you can: +- Manage your components and projects +- Send source packages to the license scanner, FOSSology +- Reuse cleared components and release for projects +- Import cleared components with reports and other documents +- Browse licenses and their obligations + +## Data Model + +### **Project** + +Projects can be products, platforms, any kind of "SW bill of material (BOM)", etc, that manages a list of 3rd party components. Projects are created for a product, service, inner source, customer project or an internal project. Project types are software only, system, platform or Cloud service. + +### **Components** + +A component is a SW component with metadata. The versions of this component are linked as releases. It is a catalogue to register a component type (OSS/ COTS/ Freeware/ code snippet / Service) from a specific vendor or open-source community. For e.g., Commons by Apache, Windows server 2019 by Microsoft etc. + +### **Release** + +A release refers to a particular version of a software component that has been made available for use. It points to a stable and functional iteration of the component. Releases can include bug fixes, new features, and updates to improve the component's overall performance and user experience. + +### **Vendor** + +SW360 can be used to manage components and licenses from various vendors, including open source and proprietary software vendors. Vendor can be different from a component or releases. Vendors can be added to SW360's database and their components and licenses can be tracked and managed through the tool's interface. This allows organizations to gain better visibility into their software assets and ensure compliance with license obligations. A link to the vendor is set at the release level, as the vendor can change with new releases. + +### **Licenses** + +The project ensures that all license information pertaining to its releases are thoroughly documented and made available to the customers. This information is typically provided in the form of a ReadmeOSS file, which includes details regarding the relevant licenses, as well as any other pertinent information such as acknowledgements, copyright notices, and applicable third-party software licenses. The project strives to maintain transparency and comply with all legal requirements in relation to licensing and intellectual property, and takes necessary steps to ensure that its customers are fully informed about the licensing terms and conditions of the software they are using. + +### **Obligations** + +Obligations refer to the license obligations resulting from license interpretations. These obligations must be fulfilled by the organization to use the third-party software in a compliant manner. They are categorized based on grants, redistribution rights, specific contractual agreements, internal uses, risk related to patents, permission for modification of code etc. + +Each license obligation will be provided with Clearing Report by the Clearing Experts. The clearing report must verify that the third party software is used in compliance with license and have fulfilled all the obligations. + +OSS license obligations are typically provided centrally. +COTS license obligations must be analyzed individually for every commercial contract. + + +### **Vulnerabilities** + +The Security Vulnerability Monitoring (SVM) system is responsible for monitoring a specified list of security vulnerabilities and list all the vulnerabilities in this tab. These vulnerabilities are tracked and can be transferred to other systems or security experts as needed. The SVM has the capability to transfer the vulnerability lists via API to SW360 or the designated security expert responsible for managing them. By utilizing this system, the project can effectively monitor and manage potential security threats, ensuring the integrity and security of the software. + +### **Product Clearing** + +Product Clearing is the approval of use of all third-party software components in a product and assessing any risks before the product is approved for a specific license or sales model and supplied to third parties. This can be done by creating a 'Project Clearing Report' from SW360. + +### **Administration** + +Administration is responsible for storing and maintaining various project-related information, including the current Project Clearing State (Open, Closed, In-progress), Clearing Summary, and any risks associated with the usage of third-party software, as assessed during the project clearing process. This information is crucial to ensuring that the project is effectively managed and remains in compliance with all relevant policies and regulations. The administrative team takes necessary measures to ensure the security and integrity of the stored data, and regularly updates the information as needed to reflect changes in the project's status or risk profile. + +### **Attachments and Attachment Usages** + +The project management system includes support for attachments, which are used to store and manage various types of information relevant to the project. Attachments can be stored at both the project and release levels, with release-level attachments typically consisting of source code, contracts, component license information, and Readme files, among other things. + +The project management team ensures that all necessary attachments are properly labeled and organized, allowing for easy access and retrieval when needed. By utilizing this system, the project team can effectively manage and track important project-related information, helping to ensure the success and compliance of the project. + + +### **Clearing Requests** + +These are the requests that are raised to the clearing experts to get the OSS license clearing for a project. These requests can only be raised at a project level and must be done once all the linked releases and projects are assigned to the parent project. This should be done in advance to give the clearing experts adequate time to get the license clearing report. The clearing results are further assessed by responsible experts and the project management. + +### **Export Controls and Customs (ECC)** + +Export Controls and Customs (ECC) numbers are automatically assigned to components, with the exception of Commercial Off-The-Shelf (COTS) components. In the case of COTS components, an ECC expert is responsible for setting the appropriate ECC numbers. By accurately identifying and assigning ECC numbers to components, organizations can prevent potential legal and financial penalties, as well as safeguard national security interests. + + + +### **Source Code Bundles** + +These are multiple source code packages which are attachments to a specific release to perform license analysis. The source code bundle is generated for a project to fulfill the license obligations “make source code available” which is required by some of the OSS licenses. + +## Important Links + +| Page | URL | Note | +|------|-----|------| +|Public Project Homepage | https://www.eclipse.org/sw360/ | Main project homepage | +|Public project GitHub Page | https://github.com/eclipse/sw360/ | Main project | +|Project Information in Eclipse | https://projects.eclipse.org/projects/technology.sw360 | Information on Eclipse SW360 | +|Public project home page SW360 Antenna | https://github.com/eclipse/antenna | Antenna Connects to SW360 to exchange information right from the build time | +|Public project SW360 Vagrant in GitHub | https://github.com/sw360/sw360vagrant | Vagrant Set up for SW360 | +|Public Project for SW360 chores at GitHub | https://github.com/sw360/sw360chores |Docker setup for SW360 | +|Public Project SW360 slides in GitHub | https://github.com/sw360/sw360slides | Main slide deck of SW360 published as Git repository | \ No newline at end of file diff --git a/content/ja/docs/Userguide/login.md b/content/ja/docs/Userguide/login.md new file mode 100644 index 0000000..2f3682b --- /dev/null +++ b/content/ja/docs/Userguide/login.md @@ -0,0 +1,18 @@ +--- +linkTitle: "Login" +title: "Login" +Weight: 1 +--- + +You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login. + +You will see a "Welcome to SW360!" homepage which is a public area with **Sign In** and **Create Account** buttons. +The Sign In button will redirect to the private area in order to work with the portal. + +{{< figure src="/sw360/img/ImagesBasic/duo.png" >}} + +Your private area contains an overview of your **Projects** and **Components**. + +{{< figure src="/sw360/img/ImagesBasic/homepage.png" >}} + +The idea of "Your" refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360. diff --git a/content/ja/docs/_index.md b/content/ja/docs/_index.md new file mode 100644 index 0000000..ff101f8 --- /dev/null +++ b/content/ja/docs/_index.md @@ -0,0 +1,52 @@ +--- +title: "SW360 Documentation" +linkTitle: "Documentation" + +menu: + main: + weight: 90 +--- + +## Overview +**SW360** is a software catalogue application that has been developed to facilitate the sharing of information related to software components used by an organization. Its primary objective is to manage software license information with the support of workflows. The application employs license scanners **FOSSology**, which is integrated to analyze the source code for licenses, copyrights, and other relevant information. + +SW360 has been designed to seamlessly integrate with existing software artifact and project management infrastructures. It provides separate backend services for distinct tasks and a set of portlets to access these services. To ensure a smooth and hassle-free deployment, a complete deployment unit is available, which includes a Vagrant box or Docker container that contains a complete configuration of all services and portlets. + +SW360 comprises the following main use case areas: + +- Project: Handling of project information with all contained Open Source SW components and other Third Party SW Components and Snippets. +- Component/Releases: Handling of information and processes related to components, e.g. name, vendor, version, ECCN information, license compliance information +- License: Handling of information regarding licenses, e.g. license texts, copyrights, acknowledgements, obligations etc. +- Vulnerability: Collecting Security Vulnerability Management Information and matching them with components stored in the component service +- License Compliance documentation: all relevant documents (e.g. Readme, source code bundle) can be created, supported by workflows. + +## Functionality +The SW360 is a software catalogue application with which you can: + +- Manage your components and projects +- Send source packages to the clearing tool Fossology +- Reuse cleared components and releases for your project +- Import cleared components with clearing reports and other documents +- Browse licenses and their obligations + +SW360 is +- Based on the Open Source Liferay portal server +- Integrated with Fossology + + In order to work with SW360, please note a fundamental setup in the data model when dealing with components: + +- A component is a list of releases with metadata. +- A Release is a version of a component with metadata and specific attachments. +- A project refers to a number of releases of components accordingly, not components. +- A vendor is separate from a component and releases. The link to the vendor is set at the release. (think of Sun and Oracle where the owner changed with a new release) + +## Getting started + +| Name | URL | Remarks | +| --- | --- | --- | +| Main home page | https://www.eclipse.org/sw360/ | main home page with general info | +| Project @ Github | https://github.com/eclipse/sw360 | where the music plays | +| Developer mailing list | sw360-dev@eclipse.org | for developers, discussion about developing | +| Slack Channel | https://sw360chat.slack.com/ | the main chat spot, everybody is welcome | +| Slack Channel Invitation Link | [Sharable join link to join](https://join.slack.com/t/sw360chat/shared_invite/enQtNzg5NDQxMTQyNjA5LThiMjBlNTRmOWI0ZjJhYjc0OTk3ODM4MjBmOGRhMWRmN2QzOGVmMzQwYzAzN2JkMmVkZTI1ZjRhNmJlNTY4ZGI) | that should bring you in | +| sw360 developer meeting | [Meeting Info](Developer-Meetings) | Everyone is welcome! | diff --git a/content/ja/events/2016/bitkom-ak-open-source.md b/content/ja/events/2016/bitkom-ak-open-source.md new file mode 100644 index 0000000..c45efab --- /dev/null +++ b/content/ja/events/2016/bitkom-ak-open-source.md @@ -0,0 +1,26 @@ +--- +key: bitkom-ak-open-source +title: Bitkom AK Open Source +topic: + - SW360 – Your Open Component Hub +id: bitkom-ak-open-source +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Senior Software Engineer, Robert Bosch GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: +draft: false +description: | + In this session, Johannes Kristan from Bosch Software Innovations GmbH and Michael C. Jaeger from Siemens AG present SW360 as an open component hub for managing open-source software components. The talk highlights SW360's capabilities in tracking, managing, and ensuring compliance for open-source components across various projects. + - **Session Highlights**: + - Introduction to SW360 as an open component hub + - Key features and benefits of SW360 for open-source component management + - Ensuring compliance and transparency across open-source projects +--- diff --git a/content/ja/events/2016/eclipsecon-europe-2016.md b/content/ja/events/2016/eclipsecon-europe-2016.md new file mode 100644 index 0000000..8e0d1a5 --- /dev/null +++ b/content/ja/events/2016/eclipsecon-europe-2016.md @@ -0,0 +1,35 @@ +--- +key: eclipsecon-europe-2016 +title: EclipseCon Europe 2016 +topic: + - Open Source Component Management -- Unconference Session +id: eclipsecon-europe-2016 +format: session +tags: + - session +speakers: + - name: "Johannes Kristan" + affiliation: "Senior Software Engineer, Robert Bosch GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "http://wiki.eclipse.org/Eclipse_Unconference_Europe_2016#Open_Source_Component_Management" +draft: false +description: | + In this unconference session at EclipseCon Europe 2016, Johannes Kristan from Bosch Software Innovations GmbH and Michael C. Jaeger from Siemens AG discuss open-source component management. The session explores how organizations can manage open-source components effectively, address compliance challenges, and use best practices for component tracking and license management. + - **Session Highlights**: + - Open-source component management strategies + - Best practices for managing compliance and licenses + - How to track and manage open-source components in projects + - For more details, visit the [official session page](http://wiki.eclipse.org/Eclipse_Unconference_Europe_2016#Open_Source_Component_Management). +--- diff --git a/content/ja/events/2016/jaxenter.md b/content/ja/events/2016/jaxenter.md new file mode 100644 index 0000000..eede2e0 --- /dev/null +++ b/content/ja/events/2016/jaxenter.md @@ -0,0 +1,28 @@ +--- +key: jaxenter +title: JAXenter +topic: + - Neu im Eclipse-Universum: SW360 – das Katalogisierungsprogramm für Software-Komponenten +id: jaxenter +format: article +tags: + - article +speakers: + - name: "Dominik Mohilo" + affiliation: "JAXenter" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: + article_link: "https://jaxenter.de/eclipse-sw360-44641" +draft: false +description: | + In this article, Dominik Mohilo from JAXenter introduces SW360, a new cataloging tool for software components within the Eclipse ecosystem. The article explores how SW360 can help manage software components, track licenses, and ensure compliance across software development projects. + - **Article Highlights**: + - Introduction to SW360 as a cataloging tool for software components + - Features and benefits of using SW360 for license tracking and compliance + - Integration of SW360 within the Eclipse ecosystem + - For more details, read the full [article here](https://jaxenter.de/eclipse-sw360-44641). +--- diff --git a/content/ja/events/2016/linux-foundation-collab-summit-2016.md b/content/ja/events/2016/linux-foundation-collab-summit-2016.md new file mode 100644 index 0000000..39e0386 --- /dev/null +++ b/content/ja/events/2016/linux-foundation-collab-summit-2016.md @@ -0,0 +1,30 @@ +--- +key: linux-foundation-collab-summit-2016 +title: Linux Foundation Collab Summit 2016 +topic: + - SW360: A Place like Home for OSS +id: linux-foundation-collab-summit-2016 +format: talk +tags: + - talk +speakers: + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" + - Maximilian Huber + - TNG Technology Consulting +presentation: + session_link: "https://collabsummit2016.sched.com/event/6YQh/sw360-a-place-like-home-for-oss-michael-jaeger-siemens-maximilian-huber-tng-technology-consulting" +draft: false +description: | + In this session at the Linux Foundation Collab Summit 2016, Michael C. Jaeger from Siemens AG and Maximilian Huber from TNG Technology Consulting discuss SW360, a platform designed as a "home" for open-source software (OSS). They explore how SW360 can be used for managing open-source components, tracking licenses, and ensuring compliance in software development projects. + - **Session Highlights**: + - Overview of SW360 as a hub for open-source software + - How SW360 facilitates license tracking and compliance + - Key features of SW360 that make it an ideal platform for OSS management + - For more details, visit the [official session page](https://collabsummit2016.sched.com/event/6YQh/sw360-a-place-like-home-for-oss-michael-jaeger-siemens-maximilian-huber-tng-technology-consulting). +--- diff --git a/content/ja/events/2017/eclipsecon-europe-2017.md b/content/ja/events/2017/eclipsecon-europe-2017.md new file mode 100644 index 0000000..44e9631 --- /dev/null +++ b/content/ja/events/2017/eclipsecon-europe-2017.md @@ -0,0 +1,30 @@ +--- +key: eclipsecon-europe-2017 +title: EclipseCon Europe 2017 +topic: + - Leveraging Open Source Projects for Open Source Management +id: eclipsecon-europe-2017 +format: talk +tags: + - talk +speakers: + - name: "Marcel Kurzmann" + affiliation: " Bosch Software Innovations GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: + session_link: "https://www.eclipsecon.org/europe2017" + slides_link: "https://www.eclipsecon.org/europe2017/sites/default/files/slides/Leveraging_Open_Source_Projects_for_OSM_EclipseCon.pdf" + video_link: "https://youtu.be/z19ifXKAkgE" +draft: false +description: | + In this session, Marcel Kurzmann from Bosch Software Innovations GmbH discusses how open-source projects can be leveraged for effective open-source management. The talk highlights strategies for managing open-source software in projects and the benefits of using open-source tools for governance, compliance, and collaboration. + - **Session Highlights**: + - How to leverage open-source projects for effective management + - Key tools and strategies for open-source governance + - Real-world examples and best practices + - For more details, visit the [official session page](https://www.eclipsecon.org/europe2017). +--- diff --git a/content/ja/events/2017/eclipsecon-france-2017.md b/content/ja/events/2017/eclipsecon-france-2017.md new file mode 100644 index 0000000..b2b3062 --- /dev/null +++ b/content/ja/events/2017/eclipsecon-france-2017.md @@ -0,0 +1,37 @@ +--- +key: eclipsecon-france-2017 +title: EclipseCon France 2017 +topic: + - SW360 – The Component Management Hub +id: eclipsecon-france-2017 +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Senior Software Engineer, Robert Bosch GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "https://www.eclipsecon.org/france2017/conference/schedule/session/2017-06-22" + slides_link: "https://www.eclipsecon.org/france2017/sites/default/files/slides/036%20OSS%20sw360%2020170315%20slides%20Eclipseconfrance%2002_0.pptx" + video_link: "https://youtu.be/ifb8vkfwiT4" +draft: false +description: | + In this session, Johannes Kristan from Bosch Software Innovations GmbH and Michael C. Jaeger from Siemens AG present SW360, a component management hub designed to help manage open-source components and their dependencies. The session covers how SW360 facilitates better tracking of open-source components, ensuring compliance, and integrating with software development processes. + - **Session Highlights**: + - Introduction to SW360 as a component management hub + - Key features of SW360 for managing open-source components + - Best practices for using SW360 to ensure compliance and streamline workflows + - For more details, visit the [official session page](https://www.eclipsecon.org/france2017/conference/schedule/session/2017-06-22). +--- diff --git a/content/ja/events/2017/open-compliance-summit-2017.md b/content/ja/events/2017/open-compliance-summit-2017.md new file mode 100644 index 0000000..ad3cf3f --- /dev/null +++ b/content/ja/events/2017/open-compliance-summit-2017.md @@ -0,0 +1,35 @@ +--- +key: open-compliance-summit-2017 +title: Open Compliance Summit 2017 +topic: + - Open Source with Open Source: Component Management with SW360 +id: open-compliance-summit-2017 +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Senior Software Engineer, Robert Bosch GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "https://ocs2017.sched.com/event/CY94/open-source-with-open-source-component-management-with-sw360-johannes-kristan-bosch-michael-jaeger-siemens" +draft: false +description: | + In this session, Johannes Kristan from Bosch Software Innovations GmbH and Michael C. Jaeger from Siemens AG present how SW360 facilitates component management in open-source projects. They discuss the importance of open-source compliance and how SW360 helps manage open-source components and licenses to ensure compliance throughout the software development lifecycle. + - **Session Highlights**: + - How SW360 assists in open-source component management + - Best practices for managing open-source licenses and dependencies + - Integration of SW360 into the software development lifecycle + - For more details, visit the [official session page](https://ocs2017.sched.com/event/CY94/open-source-with-open-source-component-management-with-sw360-johannes-kristan-bosch-michael-jaeger-siemens). +--- diff --git a/content/ja/events/2017/open-source-leadership-summit-2017.md b/content/ja/events/2017/open-source-leadership-summit-2017.md new file mode 100644 index 0000000..70ed6ca --- /dev/null +++ b/content/ja/events/2017/open-source-leadership-summit-2017.md @@ -0,0 +1,28 @@ +--- +key: open-source-leadership-summit-2017 +title: Open Source Leadership Summit 2017 +topic: + - SW360 - An Open Component Hub +id: open-source-leadership-summit-2017 +format: talk +tags: + - talk +speakers: + - name: "Steffen Evers" + affiliation: " Bosch Software Innovations GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: + session_link: "http://events17.linuxfoundation.org/events/open-source-leadership-summit/program/schedule" +draft: false +description: | + In this session, Steffen Evers from Bosch Software Innovations GmbH presents SW360, an open component hub designed to streamline the management of open-source components in software projects. The session highlights how SW360 helps manage software components, ensuring compliance, improving transparency, and optimizing workflows across development teams. + - **Session Highlights**: + - Introduction to SW360 as an open component hub + - Key features and benefits of SW360 in managing open-source components + - How SW360 ensures compliance and transparency in software projects + - For more details, visit the [official session page](http://events17.linuxfoundation.org/events/open-source-leadership-summit/program/schedule). +--- diff --git a/content/ja/events/2017/open-source-summit-europe-2017.md b/content/ja/events/2017/open-source-summit-europe-2017.md new file mode 100644 index 0000000..c54ce16 --- /dev/null +++ b/content/ja/events/2017/open-source-summit-europe-2017.md @@ -0,0 +1,36 @@ +--- +key: open-source-summit-europe-2017 +title: Open Source Summit Europe 2017 +topic: + - OSS Compliance Automation with SW360 +id: open-source-summit-europe-2017 +format: talk +tags: + - talk +speakers: +speakers: + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" + - name: "Steffen Evers" + affiliation: " Bosch Software Innovations GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: + session_link: "https://osseu17.sched.com/event/ByIp/oss-compliance-automation-with-sw360-michael-jaeger-siemens-ag" +draft: false +description: | + In this session, Michael C. Jaeger from Siemens AG and Steffen Evers from Bosch Software Innovations GmbH discuss how SW360 automates OSS compliance processes. They explore how automation simplifies the management of open-source software and license compliance, ensuring efficiency and compliance across the development lifecycle. + - **Session Highlights**: + - Automating OSS compliance using SW360 + - Key features for managing open-source software licenses and dependencies + - Streamlining the compliance process with automated tools + - For more details, visit the [official session page](https://osseu17.sched.com/event/ByIp/oss-compliance-automation-with-sw360-michael-jaeger-siemens-ag). +--- diff --git a/content/ja/events/2017/seoul-copyright-forum-2017.md b/content/ja/events/2017/seoul-copyright-forum-2017.md new file mode 100644 index 0000000..5cb9dca --- /dev/null +++ b/content/ja/events/2017/seoul-copyright-forum-2017.md @@ -0,0 +1,26 @@ +--- +key: seoul-copyright-forum-2017 +title: The Seoul Copyright Forum 2017 +topic: + - License compliance: FOSS tools for speed and scale +id: seoul-copyright-forum-2017 +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Siemens AG" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: +draft: false +description: | + In this session, Karsten Gerloff from Siemens AG explores how FOSS (Free and Open Source Software) tools can be used to achieve license compliance efficiently, at scale. The talk covers the tools, strategies, and processes that can help organizations manage open-source software compliance in large-scale projects. + - **Session Highlights**: + - Overview of FOSS tools for license compliance + - Strategies for managing compliance at speed and scale + - Key considerations when implementing FOSS tools in compliance workflows +--- diff --git a/content/ja/events/2018/bitkom-ak-open-source.md b/content/ja/events/2018/bitkom-ak-open-source.md new file mode 100644 index 0000000..47d0b8a --- /dev/null +++ b/content/ja/events/2018/bitkom-ak-open-source.md @@ -0,0 +1,35 @@ +--- +key: bitkom-ak-open-source +title: Bitkom AK Open Source +topic: + - Eclipse SW360 – Automatisierte License Compliance +id: bitkom-ak-open-source +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Senior Software Engineer, Robert Bosch GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "https://www.bitkom.org/veranstaltungen" +draft: false +description: | + In this session, Johannes Kristan from Bosch Software Innovations GmbH and Michael C. Jaeger from Siemens AG discuss how Eclipse SW360 automates license compliance management. The session focuses on streamlining the process of tracking and managing open-source licenses and ensuring compliance within software projects. + - **Session Highlights**: + - Automating license compliance with SW360 + - Benefits of using SW360 for managing open-source dependencies + - Key features of the tool and how they simplify compliance processes + - For more details, visit the [official session page](https://www.bitkom.org/veranstaltungen). +--- diff --git a/content/ja/events/2018/bitkom-forum-open-source-2018.md b/content/ja/events/2018/bitkom-forum-open-source-2018.md new file mode 100644 index 0000000..4635d04 --- /dev/null +++ b/content/ja/events/2018/bitkom-forum-open-source-2018.md @@ -0,0 +1,35 @@ +--- +key: bitkom-forum-open-source-2018 +title: Bitkom Forum Open Source 2018 +topic: + - Eclipse SW360 – Lessons Learned From Automated License Compliance +id: bitkom-forum-open-source-2018 +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Senior Software Engineer, Robert Bosch GmbH" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "https://www.bitkom.org/bfoss18/" +draft: false +description: | + In this session, Johannes Kristan from Bosch Software Innovations GmbH and Michael C. Jaeger from Siemens AG share their experiences and lessons learned from implementing automated license compliance with Eclipse SW360. The talk focuses on the challenges and benefits of automating compliance management in open-source projects using SW360. + - **Session Highlights**: + - Overview of automated license compliance + - Real-world lessons from SW360 implementation + - Benefits of automating compliance processes in open-source projects + - For more details, visit the [official session page](https://www.bitkom.org/bfoss18/). +--- diff --git a/content/ja/events/2018/free-software-legal-licensing-workshop-2018.md b/content/ja/events/2018/free-software-legal-licensing-workshop-2018.md new file mode 100644 index 0000000..caf415c --- /dev/null +++ b/content/ja/events/2018/free-software-legal-licensing-workshop-2018.md @@ -0,0 +1,29 @@ +--- +key: free-software-legal-licensing-workshop-2018 +title: The Free Software Legal and Licensing Workshop 2018 +topic: + - Eclipse SW360: Generating License Information for Products with SPDX Docs +id: free-software-legal-licensing-workshop-2018 +format: talk +tags: + - talk +speakers: +speakers: + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "https://fsfe.org/activities/ftf/legal-conference.en.html" +draft: false +description: | + In this session, Michael C. Jaeger from Siemens AG explores how Eclipse SW360 can be used to generate license information for products using SPDX documents. The talk highlights the importance of license tracking and compliance, especially in open-source software products. + - **Session Highlights**: + - How to use Eclipse SW360 for generating SPDX docs + - Managing license information for open-source products + - Importance of SPDX documents in ensuring compliance + - For more details, visit the [official session page](https://fsfe.org/activities/ftf/legal-conference.en.html). +--- diff --git a/content/ja/events/2018/inner-source-commons-2018.md b/content/ja/events/2018/inner-source-commons-2018.md new file mode 100644 index 0000000..a24d13d --- /dev/null +++ b/content/ja/events/2018/inner-source-commons-2018.md @@ -0,0 +1,28 @@ +--- +key: inner-source-commons-2018 +title: Inner Source Commons 2018 +topic: + - Committing to Change: Inner Source at Siemens +id: inner-source-commons-2018 +format: talk +tags: + - talk +speakers: + - name: "Johannes Kristan" + affiliation: "Siemens AG" + about: "" + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: + session_link: "https://www.innersourcecommons.org/2018/" +draft: false +description: | + In this session, Karsten Gerloff from Siemens AG discusses how Siemens has embraced Inner Source to foster a culture of open collaboration within the organization. The talk explores the challenges, successes, and strategies behind adopting Inner Source practices at a large enterprise. + - **Session Highlights**: + - The benefits of adopting Inner Source within Siemens + - Key lessons learned and challenges faced + - How Inner Source practices help drive innovation and collaboration in large organizations + - For more details, visit the [official session page](https://www.innersourcecommons.org/2018/). +--- diff --git a/content/ja/events/2018/yanking-the-chain-open-source.md b/content/ja/events/2018/yanking-the-chain-open-source.md new file mode 100644 index 0000000..9c1c459 --- /dev/null +++ b/content/ja/events/2018/yanking-the-chain-open-source.md @@ -0,0 +1,29 @@ +--- +key: yanking-the-chain-open-source-software-compliance +title: Yanking the Chain Open Source Software Compliance in the Supply Chain +topic: + - Eclipse SW360 – Open Source Management with Open Source +id: yanking-the-chain-open-source-software-compliance +format: talk +tags: + - talk +speakers: +speakers: + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" +presentation: + session_link: "http://oshug.org/event/65" +draft: false +description: | + In this session, Michael C. Jaeger from Siemens AG presents how Eclipse SW360 is used for managing open-source software in the supply chain. The talk highlights the complexities of compliance in the open-source ecosystem and how SW360 helps organizations manage and track open-source usage and licenses across various supply chain components. + - **Session Highlights**: + - The role of SW360 in open-source management + - Ensuring compliance within the open-source supply chain + - Key features and benefits of using SW360 for license management + - For more details, visit the [official session page](http://oshug.org/event/65). +--- diff --git a/content/ja/events/2019/open-source-summit-japan-2019.md b/content/ja/events/2019/open-source-summit-japan-2019.md new file mode 100644 index 0000000..ab1afe5 --- /dev/null +++ b/content/ja/events/2019/open-source-summit-japan-2019.md @@ -0,0 +1,29 @@ +--- +key: open-source-summit-japan-2019 +title: Open Source Summit Japan 2019 +topic: + - Using SW360 for OSS Compliance Management Process +id: open-source-summit-japan-2019 +format: talk +tags: + - talk +speakers: + - name: "Kouki Hama" + affiliation: "Software Engineering Researcher, Toshiba Corporation" + about: "Kouki Hama is a researcher of software engineering in Toshiba Corporation. He researches open source compliance and these tools. He is also one of the members of OpenChain project Japan workgroup and one of the contributors for Eclipse SW360 projects." + speakerimage: "/img/speakers/kouki-hama.png" + address: "Nishinomiya, Hyogo, Japan" + linkedin: "https://www.linkedin.com/in/kouki-hama-841111187/" + github: "https://github.com/KoukiHama" +presentation: + session_link: "https://sched.co/OVtF" + slides_link: "https://events19.linuxfoundation.org/wp-content/uploads/2018/07/OpenSourceSummitJapan_final.pdf" +draft: false +description: | + In this session, Kouki Hama from Toshiba Corporation discusses how SW360 is utilized to manage open-source software (OSS) compliance. The session highlights the steps and processes necessary for managing OSS compliance in organizations and emphasizes the use of SW360 as a tool for tracking dependencies and ensuring proper license management. + - **Session Highlights**: + - Overview of OSS compliance challenges + - Using SW360 for efficient OSS compliance management + - Key features of SW360 that streamline compliance processes + - For more details, visit the [official session page](https://sched.co/OVtF). +--- diff --git a/content/ja/events/2021/open-source-summit-europe-2021.md b/content/ja/events/2021/open-source-summit-europe-2021.md new file mode 100644 index 0000000..8f68bd0 --- /dev/null +++ b/content/ja/events/2021/open-source-summit-europe-2021.md @@ -0,0 +1,36 @@ +--- +key: open-source-summit-europe-2021 +title: Open Source Summit Europe 2021 +topic: + - SW360 SBOM and License Obligation Management +id: open-source-summit-europe-2021 +format: talk +tags: + - talk +speakers: + - name: "Michael C. Jaeger" + affiliation: "Project Lead, Siemens AG" + about: "Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software." + speakerimage: "" + address: "Munich, Germany" + linkedin: "" + github: "" + - name: "Kouki Hama" + affiliation: "Software Engineering Researcher, Toshiba Corporation" + about: "Kouki Hama is a researcher of software engineering in Toshiba Corporation. He researches open source compliance and these tools. He is also one of the members of OpenChain project Japan workgroup and one of the contributors for Eclipse SW360 projects." + speakerimage: "/img/speakers/kouki-hama.png" + address: "Nishinomiya, Hyogo, Japan" + linkedin: "https://www.linkedin.com/in/kouki-hama-841111187/" + github: "https://github.com/KoukiHama" +presentation: + session_link: "https://osselc21.sched.com/" + session_details_link: "https://sched.co/lAVK" +draft: false +description: | + In this session, Michael Jaeger from Siemens AG and Kouki Hama from Toshiba Corporation dive deep into the role of SW360 in managing Software Bill of Materials (SBOM) and OSS license obligations. This talk emphasizes the importance of these tools in managing open-source compliance and dependency tracking. + - **Session Highlights**: + - Managing SBOM using SW360 + - OSS license obligations and compliance + - Practical examples and use cases + - For more details, visit the [official session page](https://sched.co/lAVK). +--- diff --git a/content/ja/events/2022/eclipsecon-2022.md b/content/ja/events/2022/eclipsecon-2022.md new file mode 100644 index 0000000..0e0e67b --- /dev/null +++ b/content/ja/events/2022/eclipsecon-2022.md @@ -0,0 +1,29 @@ +--- +key: eclipsecon-2022 +title: EclipseCon 2022 +topic: + - sw360: How New Life Is Being Injected Into Traditional Compliance Software +id: eclipsecon-2022 +format: talk +tags: + - talk +speakers: + - name: "Helio Chissini de Castro" + affiliation: "Software Technologies Lead at CARIAD" + about: "" + speakerimage: "" + address: "Ulm, Baden-Württemberg, Germany" + linkedin: "https://www.linkedin.com/in/heliocastro/" + github: "https://github.com/heliocastro" +presentation: + session_link: "https://www.eclipsecon.org/2022/sessions/sw360-how-new-life-been-injected-traditional-compliance-software" + video_link: "https://youtu.be/sbCwuV6iuOM" +draft: false +description: | + In this session, Helio Chissini de Castro discusses how the traditional compliance software landscape is being revitalized with the help of sw360, a tool designed to improve and modernize the compliance process in open source software. This talk covers key aspects of sw360's role in enhancing software compliance and simplifying its integration into modern development practices. + - **Session Highlights**: + - Overview of traditional compliance challenges + - Introduction to sw360 as a solution + - Case studies and success stories + - For more details, visit the [official session page](https://www.eclipsecon.org/2022/sessions/sw360-how-new-life-been-injected-traditional-compliance-software). +--- diff --git a/content/ja/events/2022/fosdem-2022.md b/content/ja/events/2022/fosdem-2022.md new file mode 100644 index 0000000..1787762 --- /dev/null +++ b/content/ja/events/2022/fosdem-2022.md @@ -0,0 +1,30 @@ +--- +key: fosdem-2022 +title: "FOSDEM 2022" +topic: + - How to Manage OSS License Obligations and SBoM by SW360's New Features +id: fosdem-2022 +format: talk +tags: + - talk +speakers: + - name: "Kouki Hama" + affiliation: "Toshiba Corporation" + about: "Kouki Hama is a researcher of software engineering in Toshiba Corporation. He researches open source compliance and these tools. He is also one of the members of OpenChain project Japan workgroup and one of the contributors for Eclipse SW360 projects." + speakerimage: "/img/speakers/kouki-hama.png" + address: "Nishinomiya, Hyogo, Japan" + linkedin: "https://www.linkedin.com/in/kouki-hama-841111187/" + github: "https://github.com/KoukiHama" +presentation: + session_link: "https://fosdem.org/2022/schedule/event/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/" + slides_link: "https://fosdem.org/2022/schedule/event/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/attachments/slides/5198/export/events/attachments/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/slides/5198/fosdem_2022_hama.pdf" + video_link: "https://video.fosdem.org/2022/D.dependency/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features.webm" +draft: false +description: | + In this session, Kouki Hama from Toshiba Corporation discusses how SW360's new features help manage open-source software (OSS) license obligations and Software Bill of Materials (SBoM). The talk explores how these features improve compliance and transparency in the development and use of open-source software. + - **Session Highlights**: + - New SW360 features for managing OSS license obligations + - Integration of SBoM with SW360 + - Practical case studies and implementations + - For more details, visit the [official session page](https://fosdem.org/2022/schedule/event/how_to_manage_oss_license_obligation_and_sbom_using_sw360_new_features/). +--- \ No newline at end of file diff --git a/content/ja/events/2022/open-source-summit-japan-2022.md b/content/ja/events/2022/open-source-summit-japan-2022.md new file mode 100644 index 0000000..b2a828e --- /dev/null +++ b/content/ja/events/2022/open-source-summit-japan-2022.md @@ -0,0 +1,37 @@ +--- +key: open-source-summit-japan-2022 +title: Open Source Summit Japan 2022 +topic: + - SW360 SBOM: Managing Vulnerability Information, SPDX Documents, and New Dependency Network Between a Project and Software Components +id: open-source-summit-japan-2022 +format: talk +tags: + - talk +speakers: + - name: "Kouki Hama" + affiliation: "Software Engineering Researcher, Toshiba Corporation" + about: "Kouki Hama is a researcher of software engineering in Toshiba Corporation. He researches open source compliance and these tools. He is also one of the members of OpenChain project Japan workgroup and one of the contributors for Eclipse SW360 projects." + speakerimage: "/img/speakers/kouki-hama.png" + address: "Nishinomiya, Hyogo, Japan" + linkedin: "https://www.linkedin.com/in/kouki-hama-841111187/" + github: "https://github.com/KoukiHama" + - name: "Tien Le" + affiliation: "Team Leader, Toshiba Corporation" + about: "Tien Le is a software developer for Toshiba Corporation. He's been active in the open source community for over five years, including FOSSology, Scancode, Node.js, Linux, and recently focused on SW360. At Toshiba in Vietnam, Tien works in several roles as project leader, requirement analyst, software architect for web applications and Linux OS. These developments work with open-source software." + speakerimage: "" + address: "" + linkedin: "" + github: "" +presentation: + session_link: "https://osselc21.sched.com/" + slides_link: "https://static.sched.com/hosted_files/ossjapan2022/ed/OSSJapan2022-SW360.pdf" + video_link: "https://youtu.be/JP69MOFFE4o" +draft: false +description: | + In this session, Kouki Hama and Tien Le from Toshiba Corporation delve into the role of Software Bill of Materials (SBOM) in managing vulnerability information, SPDX documents, and understanding the new dependency network between software components and projects. The session covers essential open-source practices and strategies for effective dependency management in modern software development. + - **Session Highlights**: + - Overview of SBOM in vulnerability management + - Understanding SPDX documents + - Analyzing project-to-component dependency networks + - For more details, visit the [official session page](https://sched.co/1D12t). +--- diff --git a/content/ja/events/_index.md b/content/ja/events/_index.md new file mode 100644 index 0000000..d7d5daa --- /dev/null +++ b/content/ja/events/_index.md @@ -0,0 +1,11 @@ +--- +title: "Events" +linkTitle: "Events" +menu: + main: + weight: 12 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} diff --git a/content/ja/gsoc/GSoC-projects-2025.md b/content/ja/gsoc/GSoC-projects-2025.md new file mode 100644 index 0000000..fddd9fb --- /dev/null +++ b/content/ja/gsoc/GSoC-projects-2025.md @@ -0,0 +1,295 @@ +--- +linkTitle: "GSoC 2025" +title: "GSoC Idea List - 2025" +Weight: 1 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ + +
+ +
+ + +Welcome to the idea page for all GSoC 2025 related information. + +- Check https://github.com/eclipse-sw360/sw360/discussions/2868 + +## Intro + +SW360 project has been selected as a mentoring Org with GSoC 2025. Thank you, +Google! + +Please see two main resources for finding out more SW360 in general: + +- Check https://eclipse.dev/sw360/ and development and deployment section. +- Try to install SW360 from source or your can try the [Docker](https://github.com/eclipse-sw360/sw360/blob/main/docker-compose.yml) + +Meetings: Checkout the [Meetings table]({{< relref path="_index.md">}}#meetings-table) + +## Interested in Application? - Getting Grip + +If you are interested in an application - great! We encourage your application. +So the question is how to get started with the topic, just a few points: + +- Check https://eclipse.dev/sw360/docs/ for development and operational guides. +- Check the frontend project for UI: https://github.com/eclipse-sw360/sw360-frontend +- Try to install SW360, either from source or Docker + - https://github.com/eclipse-sw360/sw360/blob/main/docker-compose.yml +- Read the proposed topics +- Use the mailing list sw360-dev@eclipse.org or contact proposed mentors for + further steps. +- [Matrix group](https://chat.eclipse.org/#/room/#technology.sw360-general:matrix.eclipse.org) +- [GitHub discussion](https://github.com/eclipse-sw360/sw360/discussions/2868) +- If you are interested in trying to make contributions, see + [contribution guidelines](https://github.com/eclipse-sw360/sw360/blob/main/CONTRIBUTING.md). + +## Mentors + +Interested in becoming a mentor? Please reach out to us! + +#### Volunteers so far: + +- [Afsah Syeda](https://github.com/afsahsyeda) +- [Akshit Joshi](https://github.com/akshitjoshii) +- [Amrit Kumar Verma](https://github.com/amritkv) +- [Arun Azhakesan](https://github.com/arunazhakesan) +- [Gaurav Mishra](https://github.com/GMishx) +- [Helio Chissini de Castro](https://github.com/heliocastro) +- [Katharina Ettinger](https://github.com/EttingerK) +- [Keerthi BL](https://github.com/keerthi-bl) +- [Kouki Hama](https://github.com/KoukiHama) +- [Rudra Chopra](https://github.com/rudra-superrr) + +## Topic Proposals + +Please reach out to us to add more proposals for GSoC 2025. + +Currently, discussion happening on +https://github.com/eclipse-sw360/sw360/discussions/2868 + +## Topic Proposals from 2025 + +1. [License Change Detection](#license-change-detection) +2. [Improve integration with FOSSology](#improve-integration-with-fossology) +3. [Thrift layer removal](#thrift-layer-removal) +4. [Improve tests for all REST API endpoints](#improve-tests-for-all-rest-api-endpoints) +5. [SBOM based recommendation](#sbom-based-recommendation) +6. [Creating Project as a Service](#creating-project-as-a-service) +7. [Update Official Documentation Page](#update-official-documentation-page) + +### License Change Detection + +**Goal:** Understand the changes in licensing between two versions of a +software package. + +This would be combined effort between SW360 and FOSSology. + +As the software evolves in time, so does their licensing. A scenario where a +package (say "mylib-v1.2") was scanned by FOSSology and cleaned by a clearing +team. The new version of the package (say "mylib-v1.5") was released and +uploaded again to FOSSology for clearing. Now, another metric can be generated +showing the files from both packages against the change in licensing per file +(addition, removal, change of license or new file). + +This either can be shown in FOSSology itself, but also when doing an initial +scan report (ISR), triggered from SW360. Then it would be very visible for the +requester if there are changes in the new version of the release or not. Also, +the diff could be shown in the CLI files. + +It can generate a table like: + +| File path | mylib-v1.2 | mylib-v1.5 | +|:-----------------|:-----------|:-----------| +| path/to/file | MIT | MIT | +| path/to/file2 | MIT,BSD | MIT | +| path/to/file3 | GPL-2.0 | GPL-3.0 | +| path/to/new-file | | BSD | + + +| Category | Rating | +|:-----------------------|:---------------------| +| Low Hanging Fruit | ** | +| Risk/Exploratory | * | +| Fun/Peripheral | *** | +| Core Development | * | +| Project Infrastructure | ** | +| Project size | Medium | +| Preferred contributor | Student/professional | +| Skills needed | XML, Java | +| Contact | @EttingerK @GMishx | + + +### Improve integration with FOSSology + +**Goal:** Use extended REST API of FOSSology to improve the "Send to FOSSology" +feature + +SW360 already have ways to interact with [FOSSology](https://fossology.org), +however the interaction as of now is very limited. The idea is to expand on +this interaction and make use of extended +[REST API of FOSSology](https://github.com/fossology/fossology/blob/master/src/www/ui/api/documentation/openapiv2.yaml) +and have features like: +* Upload source to FOSSology +* Search and link to existing sources with checksum match +* Reuse previous version of release uploaded/existing in FOSSology +* Provide option to select agents for scanning in FOSSology +* Fetch different kind of reports from FOSSology, not just SPDX + +Relevant information: +* FOSSology REST API: https://github.com/fossology/fossology/blob/master/src/www/ui/api/documentation/openapiv2.yaml +* SW360 existing endpoints: `releases/{id}/checkFossologyProcessStatus` +* SW360 existing endpoints: `releases/{id}/triggerFossologyProcess` + +| Category | Rating | +|:-----------------------|:----------------------------| +| Low Hanging Fruit | *** | +| Risk/Exploratory | ** | +| Fun/Peripheral | *** | +| Core Development | ** | +| Project Infrastructure | ** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, REST & HTTP libraries | +| Contact | @GMishx, @rudra-superrr | + + +### Thrift layer removal + +**Goal:** Remove thrift layer for communication with Database + +Remove thrift layer which is used to interact with DB as it is not required and +makes the installation process of SW360 unnecessarily complex. This change will +help project moving forward with modern architectures like microservices. + +| Category | Rating | +|:-----------------------|:-------------------------------| +| Low Hanging Fruit | * | +| Risk/Exploratory | *** | +| Fun/Peripheral | ** | +| Core Development | *** | +| Project Infrastructure | ** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, CouchDB | +| Contact | @GMishx @smrutis1 @heliocastro | + + +### Improve tests for all REST API endpoints + +**Goal:** Improve existing tests for all REST API endpoints and write new tests + +Write unit and integration tests for all REST API endpoints. This will help in +improving the code quality and make the project more robust. + +| Category | Rating | +|:-----------------------|:---------------------------------| +| Low Hanging Fruit | *** | +| Risk/Exploratory | * | +| Fun/Peripheral | ** | +| Core Development | *** | +| Project Infrastructure | ** | +| Project size | Medium | +| Preferred contributor | Student/professional | +| Skills needed | Java, JUnit, REST API | +| Contact | @GMishx @heliocastro @keerthi-bl | + + +### SBOM based recommendation + +**Goal:** Recommendation of packages based on SBOM of a project + +When a user imports a SBOM file, the tool will share the information about the +cleared & uncleared packages used in that project based on existing knowledge +available in SW360. In addition to that if any package is uncleared, +1. The tool will recommend equivalent package, which is already cleared in + SW360, which in turn will reduce the project clearing time. +2. If the user still wants to use the same uncleared package, the tool will + give an estimated time to clear the package as well as the project using + reports like ISR. + +| Category | Rating | +|:-----------------------|:---------------------| +| Low Hanging Fruit | ** | +| Risk/Exploratory | * | +| Fun/Peripheral | ** | +| Core Development | ** | +| Project Infrastructure | ** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, Python, AI/ML | +| Contact | @amritkv @GMishx | + + +### Creating Project as a Service + +**Goal:** Separate out the Project and related modules as a separate +microservice + +The idea is to separate the Project related modules as a separate microservice +which can then be customized independently for different organizations while +still reusing the common Component repository. + +| Category | Rating | +|:-----------------------|:----------------------------------| +| Low Hanging Fruit | * | +| Risk/Exploratory | *** | +| Fun/Peripheral | *** | +| Core Development | * | +| Project Infrastructure | *** | +| Project size | Large | +| Preferred contributor | Student/professional | +| Skills needed | Java, Spring, Microservices, REST | +| Contact | @keerthi-bl @GMishx @heliocastro | + + +### Update Official Documentation Page + +**Goal:** Separate out the Project and related modules as a separate +microservice + +#### Motivation +The current official documentation page (https://eclipse.dev/sw360/) lacks clear +instructions regarding environment configurations and upgrade procedures for +recent software versions. This discrepancy often confuses users and negatively +affects productivity during installation or updating processes. Keeping the +official documentation accurate and up-to-date helps attract new users and +fosters an active user community. Moreover, documentation updates do not require +direct changes to the software source code, allowing contributors to undertake +this task concurrently with other development or testing activities, thus +lowering the barriers for OSS contributions. + +### Proposed Changes +- Clearly document environment setup instructions and upgrade procedures + corresponding to the latest software versions. +- Complement missing details in documentation, such as updates to dependencies + and version compatibility, reducing user confusion. +- Enhance visual clarity by adding practical examples and screenshots + illustrating the updated procedures. + +### Notes +- This task involves no source code modifications, making it easy to execute + alongside other development tasks or community activities. +- Documentation updates are valuable contributions to OSS projects and serve as + excellent entry points for new contributors. +- It is advisable to explicitly recognize documentation maintenance as a + significant and formally acknowledged form of OSS contribution. + +| Category | Rating | +|:-----------------------|:--------------------------------| +| Low Hanging Fruit | *** | +| Risk/Exploratory | * | +| Fun/Peripheral | ** | +| Core Development | * | +| Project Infrastructure | *** | +| Project size | Medium | +| Preferred contributor | Student/professional | +| Skills needed | Markdown, Hugo | +| Contact | @GMishx @heliocastro @KoukiHama | + +
diff --git a/content/ja/gsoc/_index.md b/content/ja/gsoc/_index.md new file mode 100644 index 0000000..665749e --- /dev/null +++ b/content/ja/gsoc/_index.md @@ -0,0 +1,58 @@ +--- +title: "Google Summer of Code" +linkTitle: "GSoC" +menu: + main: + weight: 80 +--- + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ + +
+
+ + +## Google Summer of Code 2025 + +SW360 is selected as a mentoring Org with +[Google Summer of Code 2025](https://opensource.googleblog.com/2025/01/google-summer-of-code-2025-is-here.html). + +You can visit our [idea page for GSoC 2025]({{< relref path="GSoC-projects-2025.md">}}). + +More info to come here. + +### Projects + +[//]: # "Following are the important links to projects." + +| Contributor | Project | Final Reports | +|:------------|:--------|:--------------| +| | | | + +### Proposed Mentors + +- [Afsah Syeda](https://github.com/afsahsyeda) +- [Akshit Joshi](https://github.com/akshitjoshii) +- [Amrit Kumar Verma](https://github.com/amritkv) +- [Arun Azhakesan](https://github.com/arunazhakesan) +- [Gaurav Mishra](https://github.com/GMishx) +- [Helio Chissini de Castro](https://github.com/heliocastro) +- [Katharina Ettinger](https://github.com/EttingerK) +- [Keerthi BL](https://github.com/keerthi-bl) +- [Kouki Hama](https://github.com/KoukiHama) +- [Rudra Chopra](https://github.com/rudra-superrr) + +### Meetings table + +| Topic(s) | Timings | Meeting link | ICS | +|:---------|:--------|:-------------|:----| +| | | | | + +Thanks for being part of the community. 💚 + +
diff --git a/content/ja/screenshots/index.md b/content/ja/screenshots/index.md new file mode 100644 index 0000000..2539283 --- /dev/null +++ b/content/ja/screenshots/index.md @@ -0,0 +1,93 @@ +--- +title: "スクリーンショット" +description: "一枚の写真は千の言葉に値する" +menu: + main: + weight: 11 +--- + + +{{< blocks/cover image_anchor="top" height="sm" color="primary" >}} +{{< page/header >}} +{{< /blocks/cover >}} + +
+ +SW360アプリケーションは、ソフトウェアコンポーネントのカタログや、ソフトウェアプロジェクト、製品、サービスのソフトウェア部品表(SBOM)を管理するためにいくつかのセクションに分かれています。ホーム画面のメニューバーには、以下の主要なセクションが含まれています。 + +
+ +## ホーム + +ログインしたユーザーが作成したコンポーネントとプロジェクトを一覧表示するダッシュボードです。この概要から、ユーザー自身のプロジェクトやコンポーネントに直接アクセスできます。 + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-home.png" title="ホーム" >}} + + {{< /gallery/card >}} + +{{< /gallery/gallery >}} + + +## プロジェクト + +個々のプロジェクトには、ライセンスコンプライアンス、輸出管理(ECC)、脆弱性、プロジェクト用の添付ファイルのロック、脆弱性管理など、さまざまな側面を管理するためのサブセクションが提供されています。 + +各プロジェクトには、外部IDなどの属性を設定でき、SW360のデータセットを外部システムとマッピングすることが可能です。 + +プロジェクトセクションは、SW360において最も重要な作業エリアです。SW360では、「プロジェクト」という用語を製品、サービス、または社内プロジェクトの同義語として使用します。プロジェクトエリアは、ユーザーに表示可能なすべてのプロジェクトのリストから始まります。 + +ライセンスコンプライアンスに関して、SW360は各コンポーネントのリリースごとにグローバルなクリアリングステータスを維持できます。また、個々のプロジェクトでの使用に応じたクリアリングステータスも設定できます。 + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projectlist.png" title="メインエリア" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects01.png" title="概要" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects02.png" title="クリアリングステータス" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects03.png" title="ECCクリアリングステータス" >}} + {{< /gallery/card >}} + +{{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-projects04.png" title="リリースとプロジェクト" >}} + {{< /gallery/card >}} +{{< /gallery/gallery >}} + +## コンポーネント + +SW360のコンポーネントは、OSS、商用コンポーネント、サービス(その他の種類も含む)など、複数の種類を持つことができます。ライセンスコンプライアンスは、OSSに限らず、すべてのソフトウェアタイプに関わるためです。コンポーネントはリリースのコンテナであり、異なるリリースごとにライセンスコンプライアンス情報やその他の属性が変更される可能性があります。 + +各リリースには、基本的な属性を保存でき、これらの属性の一部は非公式なものですが、組織内のソフトウェア使用状況の統計に役立つ情報を提供できます。 + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-components02.png" title="コンポーネント" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-components01.png" title="コンポーネント編集" >}} + {{< /gallery/card >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-components04.png" title="コンポーネントクリアランス" >}} + {{< /gallery/card >}} + +{{< /gallery/gallery >}} + + +## 検索 + +SW360はすべてのデータをインデックス化しているため、キーワード検索を行うと、プロジェクト、コンポーネント、ライセンスなど、さまざまなデータセットの結果が得られます。検索用語はデータセットタイプごとにフィルタリングできます。 + +{{< gallery/gallery >}} + + {{< gallery/card src="/sw360/img/sw360screenshots/sw360screenshot-search.png" title="検索" >}} + {{< /gallery/card >}} + +{{< /gallery/gallery >}} + +
+ diff --git a/i18n/en.toml b/i18n/en.toml new file mode 100644 index 0000000..0eb5fc0 --- /dev/null +++ b/i18n/en.toml @@ -0,0 +1,8 @@ +[welcome] +other = "Welcome to our website!" +[about] +other = "about" +[Screenshots] +other ="Screenshots" +[Presentations] +other = "Presentations" diff --git a/i18n/fr.toml b/i18n/fr.toml new file mode 100644 index 0000000..b5f2060 --- /dev/null +++ b/i18n/fr.toml @@ -0,0 +1,11 @@ +[welcome] +other = "Bienvenue sur notre site!" + +[about] +other = "À propos" + +[Screenshots] +other = "Captures d’écran" + +[Presentations] +other = "Présentations" diff --git a/i18n/ja.toml b/i18n/ja.toml new file mode 100644 index 0000000..d4a6e14 --- /dev/null +++ b/i18n/ja.toml @@ -0,0 +1,11 @@ +[welcome] +other = "私たちのウェブサイトへようこそ!" + +[about] +other = "概要" + +[Screenshots] +other = "スクリーンショット" + +[Presentations] +other = "プレゼンテーション" diff --git a/i18n/vi.toml b/i18n/vi.toml new file mode 100644 index 0000000..002f79b --- /dev/null +++ b/i18n/vi.toml @@ -0,0 +1,11 @@ +[welcome] +other = "Chào mừng bạn đến với trang web của chúng tôi!" + +[about] +other = "giới thiệu" + +[Screenshots] +other = "Ảnh chụp màn hình" + +[Presentations] +other = "Bài thuyết trình" diff --git a/i18n/zh.toml b/i18n/zh.toml new file mode 100644 index 0000000..51d35ed --- /dev/null +++ b/i18n/zh.toml @@ -0,0 +1,11 @@ +[welcome] +other = "欢迎来到我们的网站!" + +[about] +other = "关于" + +[Screenshots] +other = "截图" + +[Presentations] +other = "演示文稿"