Table of Contents

FOSSology RESTful interface (under discussion)

Goal: Provide a simple HTTP interface for those needing to do their own data access. This is not an sql replacement, or even a simple grammar, but rather a simple method to do common queries while hiding the complexities of sql data retrieval. 

So far, the only input has been for the need to post a file to a 
fossology server and return a comma separated list of licenses.  
You can do that in v 1.2 like this:
  wget -O - --post-file=myfile.c http://myserv.com/?mod=agent_nomos_once

Need to specify in query:

1) Does the query apply to a specific file, or every file in a repository file tree? 

  Only one of these may be specified.  Default is file.
  &range=file
  &range=tree

2) How to identify a file (range=file) or top of tree (range=tree). 

  Zero or more of these may be specified.  Default is whole repository.
  &filepk={uploadtree_pk}   An uploadtree_pk is a fossology internal unique
                            key to a file in an upload file hierarchy.
                            e.g. &filepk=123
  &filename={filename}      e.g. &filename=foo.c
  &filepath={filepath}      e.g. &filepath=foo.tar.gz/A/B/myfile 
                                 &filepath=foo.c
  &uploadpk={upload_pk}     An upload_pk is a fossology internal unique key
                            to an uploaded file (which might be a simple file
                            like foo.c or a container like RHEL.x.iso or foo.tar.
                            e.g. &uploadpk=234

3) Query parameters. 

  Query parameters may be any table.column, or pseudo parameter (see 4).
    e.g. &pkg_rpm.pkg_name="Pound-2.4-0.1.d.fc8.src.rpm"
         &pkg_rpm.version=1.2.3

4) Operators 

  Query parameters may include simple operators.

4.1) >, <, =, !=, >=, ⇐ (the equal operator is implied in “version=1.2.3”). 

    Otherwise, the operator is included in the value string.
    e.g. &pkg_rpm.version=">1.2.3"
    e.g. &pkg_rpm.version=">=1.2.3"&pkg_rpm.version="<2.1"

4.2) POSIX regular expressions 

    ~   matches regular expression, case sensitive
    ~*  matches regular expression, case insensitive
    !~  Does not match regex, case sensitive
    !~* Does not match regex, case insensitive
    e.g. &filename="~'^Pound'"  To match all files whose names start with "Pound"

4) Pseudo parameters/values 4.1) Input 

  latest   - latest agent version that produced result for the target.
             This is the default when an agent version is not specified.
  agent    - For some queries it may be important to specify which agent
             produced the results you are interested.
  agentrev - Fossology data (licenses and buckets) is persistent.  So there
             may be data from multiple scans of the same data with different
             versions of the scanner (agent).
  filename
  filepath

4.2) Output 

  licenses - comma separated license string
  diff()   - difference (e.g. license difference between input files/trees)

5) Output columns 

  &out="{column string}
  e.g. &out="filename, licenses"

Notes: 1) There may be multiple ways to specify the same information. For example: 

  &filename=foo.c
  &filepath=foo.c

2) Authentication may be turned off for REST interface, or it may be specified 

  in the http request.

Query Examples

1) Retrieve licenses for RPM pkg abc, version 123. As determined by the latest 

   nomos run on the pkg.
   Query: pkgname=abc&version=123&agent=nomos&agentrev=latest&out="licenses"
   Output: "lic1, lic2, lic3"

2) RPM package license history (defaults to latest agent scan) 

   Query: pkgname=abc&out="pkg_name,version,licenses"
   Output: pkgname, pkgversion, "lic1, lic2, lic3"
           Repeat with lines for each version

3) RPM package file licenses for each file in package abc for upload 12. 

   Query: pkgname=abc&upload=12&allfiles=yes&out="path,licenses"
   Output: abc.rpm/a/b/foo, "lic1, lic2, lic3"
           Repeat for each file in the package

4) Same as 3 but also report bucket file is in 

   Query: pkgname=abc&upload=12&allfiles=yes&out="path,bucket,licenses"
   Output: abc.rpm/a/b/foo, "SHIP-HOLD", "lic1, lic2, lic3"
           Repeat for each file in the package

5) Retrieve summary, pkg_arch for file Pound-2.4-0.1.d.fc8.src.rpm 

   Query: filename=Pound-2.4-0.1.d.fc8.src.rpm?out="summary, pkg_arch"
   This example shows how packages can be treated as files.  This is a query
   type "rpm" because the output fields are from the package information.

6) What licenses does file foo have? 

   Query: name=foo&agent=nomos&agentrev=latest&out="path, licenses"
   Output: "x.tar/dir/foo, "lic1, lic2, lic3"
           Repeat for each foo in the repository

7) Find file licenses for each file in foo.tar for upload 12. 

   Query: name=foo.tar&upload=12&allfiles=yes&out="path,licenses"
   Output: foo.tar/a/b/xyz.c, "lic1, lic2, lic3"
           Repeat for each file in foo.tar.

8) Retrieve the bucket history for all versions of pkg X and bucketpool Y

9) Retrieve a list of files and their licenses (ui-nomos-list csv output)

Package fields

Here is the list of fields we save for packages.  Each of these can be
specified as either an input or output field.
1) RPM package fields
  pkg_name 
  pkg_alias
  pkg_arch
  version
  license
  pkg_group
  packager
  release
  build_date
  vendor
  url
  source_rpm
  summary
  description

2) Debian package fields 

  pkg_name 
  pkg_arch
  version
  section
  priority
  installed_size
  maintainer
  homepage
  source
  description
  summary
  format
  uploaders
  standards_version

Fill out with other fields after api syntax is decided.