From 84023db435ef2a2cac60e3fc9d12e844ce467b5f Mon Sep 17 00:00:00 2001
From: Simon Avery <savery@ieee.org>
Date: Fri, 8 Dec 2023 23:15:43 -0800
Subject: [PATCH] Resolves #15.  Uses RegistryInstances to replace accessing
 Pkg internals to retrieve registry information

---
 Project.toml            |  2 ++
 src/PkgToSoftwareBOM.jl |  1 +
 src/Registry.jl         | 36 +++++++++++-------------------------
 src/spdxBuild.jl        |  2 +-
 test/runtests.jl        |  5 +----
 5 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/Project.toml b/Project.toml
index 29a27d2..d2d20fb 100644
--- a/Project.toml
+++ b/Project.toml
@@ -8,9 +8,11 @@ Pkg = "44cfe95a-1eb2-52ea-b672-e2afdf69b78f"
 SPDX = "47358f48-d834-4249-91f5-f6185eb3d540"
 TOML = "fa267f1f-6049-4f14-aa54-33bafae1ed76"
 UUIDs = "cf7118a7-6976-5b1a-9a39-7adc72f591a4"
+RegistryInstances = "2792f1a3-b283-48e8-9a74-f99dce5104f3"
 
 [compat]
 SPDX = "0.3.1"
+RegistryInstances = "0.1.0"
 julia = "1.8"
 
 [extras]
diff --git a/src/PkgToSoftwareBOM.jl b/src/PkgToSoftwareBOM.jl
index b08ce9a..54e0f03 100644
--- a/src/PkgToSoftwareBOM.jl
+++ b/src/PkgToSoftwareBOM.jl
@@ -6,6 +6,7 @@ using Pkg
 using UUIDs
 using TOML
 using SPDX
+using RegistryInstances
 
 export spdxCreationData, spdxPackageInstructions
 
diff --git a/src/Registry.jl b/src/Registry.jl
index 9294e05..b5d101f 100644
--- a/src/Registry.jl
+++ b/src/Registry.jl
@@ -19,7 +19,7 @@ end
 
 function _registry_packagequery(packages::Dict{UUID, Pkg.API.PackageInfo}, registry::AbstractString)
     #Get the requested registry
-    active_regs= Pkg.Registry.reachable_registries()
+    active_regs= reachable_registries()
     selected_registry= nothing
     for reg in active_regs
         if reg.name == registry
@@ -38,22 +38,7 @@ function _registry_packagequery(packages::Dict{UUID, Pkg.API.PackageInfo}, regis
     return registry_pkg
 end
 
-function get_registry_data(registryPkg::Pkg.Registry.PkgEntry, filename::AbstractString)
-    registryPath= registryPkg.registry_path
-    if isfile(registryPath)
-        # Compressed registry (ex. the General Registry) that has been read into memory
-        return TOML.parse(registryPkg.in_memory_registry[join([registryPkg.path, filename], "/")])
-    elseif isdir(registryPath)
-        data= open(normpath(joinpath(registryPath, registryPkg.path, filename))) do f
-            TOML.parse(f)
-        end
-        return data
-    else
-        error("get_registry_data(): Apparent breaking change to Pkg data structures")
-    end
-end
-
-function populate_registryinfo(uuid::UUID, package::Pkg.API.PackageInfo, registry::Pkg.Registry.RegistryInstance)
+function populate_registryinfo(uuid::UUID, package::Pkg.API.PackageInfo, registry::RegistryInstance)
     package.is_tracking_repo && return nothing
     is_stdlib(uuid) && return nothing
 
@@ -69,17 +54,18 @@ function populate_registryinfo(uuid::UUID, package::Pkg.API.PackageInfo, registr
         return nothing
     end
     
-    Package= get_registry_data(registryPkg, "Package.toml")
-    Versions= get_registry_data(registryPkg, "Versions.toml")
+    registryPkgData= registry_info(registryPkg)
 
     # TODO: Resolve the correct Compat and Deps for this version
 
     # If actively tracking the registry, verify that the version exists in this registry
-    package.is_tracking_registry && !haskey(Versions, string(package.version)) && return missing
+    package.is_tracking_registry && !haskey(registryPkgData.version_info, package.version) && return missing
+
+    packageSubdir= isnothing(registryPkgData.subdir) ? "" : registryPkgData.subdir
 
     # Verify the tree hash in the registry matches the hash in the package
-    tree_hash= haskey(Versions, string(package.version)) ? Versions[string(package.version)]["git-tree-sha1"] : nothing
-    package.is_tracking_registry && tree_hash !== package.tree_hash && error("Tree hash of $(package.name) v$(string(package.version)) does not match registry:  $(string(package.tree_hash)) (Package) vs. $(Versions[string(package.version)]["git-tree-sha1"]) (Registry)")
+    tree_hash= haskey(registryPkgData.version_info, package.version) ? treehash(registryPkgData, package.version) : nothing
+    package.is_tracking_registry && string(tree_hash) !== package.tree_hash && error("Tree hash of $(package.name) v$(string(package.version)) does not match registry:  $(string(package.tree_hash)) (Package) vs. $(treehash(registryPkgData, package.version)) (Registry)")
 
     pkgRegInfo= PackageRegistryInfo(;
         registryName= registry.name,
@@ -89,9 +75,9 @@ function populate_registryinfo(uuid::UUID, package::Pkg.API.PackageInfo, registr
         packageUUID= uuid,
         packageName= registryPkg.name,
         packageVersion= package.version,
-        packageURL= Package["repo"],
-        packageSubdir= get(Package, "subdir", ""),
-        packageTreeHash= tree_hash
+        packageURL= registryPkgData.repo,
+        packageSubdir= packageSubdir,
+        packageTreeHash= string(tree_hash)
     )
     
     return pkgRegInfo
diff --git a/src/spdxBuild.jl b/src/spdxBuild.jl
index 57f639e..37f6b74 100644
--- a/src/spdxBuild.jl
+++ b/src/spdxBuild.jl
@@ -22,7 +22,7 @@ function generateSPDX(docData::spdxCreationData= spdxCreationData(), sbomRegistr
 
     # Add description of the registries in use
     spdxDoc.DocumentComment= (ismissing(spdxDoc.DocumentComment) ? "" : "$(spdxDoc.DocumentComment)\n\n") * "Registries used for populating Package data:\n"
-    active_registries= Pkg.Registry.reachable_registries()
+    active_registries= reachable_registries()
     for reg in active_registries
         if reg.name in sbomRegistries
             spdxDoc.DocumentComment= spdxDoc.DocumentComment * 
diff --git a/test/runtests.jl b/test/runtests.jl
index 48ad597..bedd9c2 100644
--- a/test/runtests.jl
+++ b/test/runtests.jl
@@ -18,14 +18,13 @@ using UUIDs
     # Add Test Registry
     Pkg.Registry.add(RegistrySpec(url= "https://github.com/SamuraiAku/DummyRegistry.jl.git"))
 
-    testdir= mktempdir()
     @testset "README.md examples: Environment" begin
 
         ## Example #1
         sbom = generateSPDX()
         # The SBOM is too big and complex to check everything, but we can check some things
         root_relationships= filter(r -> r.RelationshipType=="DESCRIBES", sbom.Relationships)
-        @test issetequal(getproperty.(root_relationships, :RelatedSPDXID), ["SPDXRef-PkgToSoftwareBOM-6254a0f9-6143-4104-aa2e-fd339a2830a6", "SPDXRef-SPDX-47358f48-d834-4249-91f5-f6185eb3d540"])
+        @test issetequal(getproperty.(root_relationships, :RelatedSPDXID), ["SPDXRef-PkgToSoftwareBOM-6254a0f9-6143-4104-aa2e-fd339a2830a6", "SPDXRef-SPDX-47358f48-d834-4249-91f5-f6185eb3d540", "SPDXRef-RegistryInstances-2792f1a3-b283-48e8-9a74-f99dce5104f3"])
         @test !isempty(filter(p -> p.SPDXID == "SPDXRef-PkgToSoftwareBOM-6254a0f9-6143-4104-aa2e-fd339a2830a6", sbom.Packages))
         @test !isempty(filter(p -> p.SPDXID == "SPDXRef-SPDX-47358f48-d834-4249-91f5-f6185eb3d540", sbom.Packages))
         @test !isempty(filter(isequal(SpdxRelationshipV2("SPDXRef-SPDX-47358f48-d834-4249-91f5-f6185eb3d540 DEPENDENCY_OF SPDXRef-PkgToSoftwareBOM-6254a0f9-6143-4104-aa2e-fd339a2830a6")), sbom.Relationships))
@@ -88,8 +87,6 @@ using UUIDs
         @test SPDX_pkg.LicenseDeclared== myLicense
         @test SPDX_pkg.Copyright== myPackage_instr.copyright
         @test SPDX_pkg.Name== package_name
-
-
     end
 
     @testset "Repo Track + Dual registries" begin