Sbom tools

[SebastianSchildt]

Refactoring, splitting the function of eclipse/kuksa.val#756 making it pip installable

[SebastianSchildt]

@erikbosch there may be an error in pre-commit check?

Fixing sbom-tools/src/kuksa_sbom_utils/licensestore/ring.LICENSE.txt.gz
Fixing sbom-tools/src/kuksa_sbom_utils/licensestore/webpki.LICENSE.txt.gz

that is the "end of file" fixer, but is this is are compressed binary files, they should not be touched

[SebastianSchildt]

Ok, it seems pre-commit uses a python package called identify to check what files it is dealing with. Interestingly the results are not consistent for all our compressed files

(testsb-n7i5oTkr) scs2rng@RNG-C-001JT licensestore % identify-cli OpenSSL.txt.gz     
["binary", "file", "gzip", "non-executable"]
(testsb-n7i5oTkr) scs2rng@RNG-C-001JT licensestore % identify-cli ring.LICENSE.txt.gz
["binary", "file", "gzip", "non-executable", "plain-text", "text"]

It seems a bug to tag something as "binary" and "text", but a anyways both are tagged (correctly) as gzip type as well I just excluded that

[SebastianSchildt]

For completeness sake raised an issue upstream pre-commit/identify#450

[erikbosch]

@mikehaller - this could possibly be a solution for our "unlicense" discusssion the other day

[erikbosch]

Some minor comments, but I like it.

I am thinking - shall we possibly have an "example" folder? I.e. an example input file, a README that describes exactly how to run it and the expected output result. Then we could later possibly add a check in CI that running the python script still works and still produce the same result

[SebastianSchildt]

Fixed comments. I added an example folder, but at this time opted to not check in and "Output" folder, because no tests yet, and I am not sure, whether we might still change the exact format of the output in the future.

[erikbosch]

LGTM