From b7f9dec6c149b9a22c5b15742ff47739932013fa Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Date: Wed, 28 May 2025 18:30:37 +0100
Subject: [PATCH] spdx-schema-v2.3.json: fix OPERATING-SYSTEM package intent

For Wolfi container at cgr.dev/chainguard/wolfi-base, trivy for spdx json SBOM generates

```json
    {
      "name": "wolfi",
      "SPDXID": "SPDXRef-OperatingSystem-2bccf727fe0bc7f8",
      "versionInfo": "20230201",
      "downloadLocation": "NONE",
      "filesAnalyzed": false,
      "primaryPackagePurpose": "OPERATING-SYSTEM",
      "annotations": [
        {
          "annotator": "Tool: trivy-0.62.1",
          "annotationDate": "2025-05-28T17:07:25Z",
          "annotationType": "OTHER",
          "comment": "Class: os-pkgs"
        },
        {
          "annotator": "Tool: trivy-0.62.1",
          "annotationDate": "2025-05-28T17:07:25Z",
          "annotationType": "OTHER",
          "comment": "Type: wolfi"
        }
      ]
    }
```

Which fails validating with tools-java because "OPERATING-SYSTEM" value is with a dash, which matches the spec at https://spdx.github.io/spdx-spec/v2.3/package-information/#724-primary-package-purpose-field

Given tools in wild follow the spec, imho it is relatively safe to update the schema here.

Note we have PACKAGE_MANAGER PACKAGE-MANAGER saga before, so do help
me validating any other tools that might be impacted, so far I see
this schema file being the only one out of line.
---
 resources/spdx-schema-v2.3.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/spdx-schema-v2.3.json b/resources/spdx-schema-v2.3.json
index 403d202..36c955a 100644
--- a/resources/spdx-schema-v2.3.json
+++ b/resources/spdx-schema-v2.3.json
@@ -413,7 +413,7 @@
           "primaryPackagePurpose" : {
             "description" : "This field provides information about the primary purpose of the identified package. Package Purpose is intrinsic to how the package is being used rather than the content of the package.",
             "type" : "string",
-            "enum" : [ "OTHER", "INSTALL", "ARCHIVE", "FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE", "DEVICE", "OPERATING_SYSTEM", "FILE" ]
+            "enum" : [ "OTHER", "INSTALL", "ARCHIVE", "FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE", "DEVICE", "OPERATING-SYSTEM", "FILE" ]
           },
           "releaseDate" : {
             "description" : "This field provides a place for recording the date the package was released.",