github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/arch/package.go (about) 1 package arch 2 3 import ( 4 "context" 5 "strings" 6 7 "github.com/anchore/packageurl-go" 8 "github.com/anchore/syft/syft/file" 9 "github.com/anchore/syft/syft/linux" 10 "github.com/anchore/syft/syft/pkg" 11 ) 12 13 func newPackage(ctx context.Context, m *parsedData, release *linux.Release, dbLocation file.Location, otherLocations ...file.Location) pkg.Package { 14 licenseCandidates := strings.Split(m.Licenses, "\n") 15 16 locs := file.NewLocationSet(dbLocation) 17 locs.Add(otherLocations...) 18 19 p := pkg.Package{ 20 Name: m.Package, 21 Version: m.Version, 22 Locations: locs, 23 Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocationWithContext(ctx, dbLocation.WithoutAnnotations(), licenseCandidates...)...), 24 Type: pkg.AlpmPkg, 25 PURL: packageURL(m, release), 26 Metadata: m.AlpmDBEntry, 27 } 28 p.SetID() 29 30 return p 31 } 32 33 func packageURL(m *parsedData, distro *linux.Release) string { 34 if distro == nil || distro.ID != "arch" { 35 // note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example) 36 return "" 37 } 38 39 qualifiers := map[string]string{ 40 pkg.PURLQualifierArch: m.Architecture, 41 } 42 43 if m.BasePackage != "" { 44 qualifiers[pkg.PURLQualifierUpstream] = m.BasePackage 45 } 46 47 return packageurl.NewPackageURL( 48 "alpm", // `alpm` for Arch Linux and other users of the libalpm/pacman package manager. (see https://github.com/package-url/purl-spec/pull/164) 49 distro.ID, 50 m.Package, 51 m.Version, 52 pkg.PURLQualifiers( 53 qualifiers, 54 distro, 55 ), 56 "", 57 ).ToString() 58 }