-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cleanup references to os #29
Comments
If we don't already have WIP for this, I can give it a shot. I am interested in learning more about Ahab to see if I can plug it into my containerized pipelines. |
@deadlysyn go for it. Im not aware on anyone working this yet. Please reach out with any questions or open a draft PR if you get that far and we can work through it together. 👍 |
i've gone through chase/iq.go (mostly) and s/os/package-manager along with related cleanup...wanted to get your thoughts on a couple questions. context: the former // package.go
type IPackage interface {
ExtractPurlsFromProjectList(string) []string
}
// apt.go, etc...
type Apt struct {
ProjectList parse.ProjectList
}
func (a Apt) ExtractPurlsFromProjectList(operating string) (purls []string) {
for _, s := range a.ProjectList.Projects {
var purl = fmt.Sprintf("pkg:deb/%s/%s@%s", operating, s.Name, s.Version)
purls = append(purls, purl)
}
return
} passing // apk.go
type Apk struct {
ProjectList parse.ProjectList
}
func (a Apk) ExtractPurlsFromProjectList(operating string) (purls []string) {
for _, s := range a.ProjectList.Projects {
var purl = fmt.Sprintf("pkg:alpine/%s@%s", s.Name, s.Version)
purls = append(purls, purl)
}
return
} is that:
thoughts? TIA! |
Re: Os passed in to create the purl path. So its by intention but honestly we effectively have it hardcoded to https://ossindex.sonatype.org/ecosystem/debian And as you can see alpine and rpm dont have that setup at all. Probably a question for @ken-duck why that might be different and if we need to accomodate for cc @deadlysyn |
Thanks for the insight @zendern will wait for @ken-duck to provide feedback, but also going to workup an initial PR and link in so there's actual changes/code to review. I'll link that in here, hopefully later today. Thanks to your pointers, I also found https://github.com/package-url/purl-spec#purl which, if I read correctly, says the OS (or package manager) is the "type" which is required (namespace is optional, but we have stuff like pkg:alpine so I think alpine is "type" from the spec). If that's a correct statement, then we should consistently provide the type field in our output, whether OS or package manager...and from the same doc, using the package manager as the type will be more correct (they give examples of npm, nuget, etc). Since it's the weekend I'm going to include some of this interpretation in the initial PR, and can fixup as needed after feedback. |
So excited to get this submitted, I mistakenly thought Hacktoberfest submissions were already being counted (since they opened up signup page last week). :-D Oh well, at least there are more to do. Let me know if the interface/purl changes are too crazy. TIA for review. |
Thanks for creating an issue! Please fill out this form so we can be
sure to have all the information we need, and to minimize back and forth.
So today we do
--os
to be able to pass in the operating system you want to target. Realistically the OS is not important but the package manager is more important.This is much less important now that auto detection is a thing but I would like to possibly do the following things.
-os
option-pm
--package-manager
option that allows for you to pass inyum
,dkpg
,apt
,dnf
, etc etc.Nothing really ... the OS flag has always bothered me a little :)
See these comments here
ahab/packages/detector.go
Line 40 in 4279556
cc @bhamail / @DarthHater / @ken-duck
The text was updated successfully, but these errors were encountered: