github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/cataloger/arch/package.go (about) 1 package arch 2 3 import ( 4 "strings" 5 6 "github.com/anchore/packageurl-go" 7 "github.com/anchore/syft/syft/file" 8 "github.com/anchore/syft/syft/linux" 9 "github.com/anchore/syft/syft/pkg" 10 ) 11 12 func newPackage(m *parsedData, release *linux.Release, dbLocation file.Location, otherLocations ...file.Location) pkg.Package { 13 licenseCandidates := strings.Split(m.Licenses, "\n") 14 15 locs := file.NewLocationSet(dbLocation) 16 locs.Add(otherLocations...) 17 18 p := pkg.Package{ 19 Name: m.Package, 20 Version: m.Version, 21 Locations: locs, 22 Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocation(dbLocation.WithoutAnnotations(), licenseCandidates...)...), 23 Type: pkg.AlpmPkg, 24 PURL: packageURL(m, release), 25 Metadata: m.AlpmDBEntry, 26 } 27 p.SetID() 28 29 return p 30 } 31 32 func packageURL(m *parsedData, distro *linux.Release) string { 33 if distro == nil || distro.ID != "arch" { 34 // note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example) 35 return "" 36 } 37 38 qualifiers := map[string]string{ 39 pkg.PURLQualifierArch: m.Architecture, 40 } 41 42 if m.BasePackage != "" { 43 qualifiers[pkg.PURLQualifierUpstream] = m.BasePackage 44 } 45 46 return packageurl.NewPackageURL( 47 "alpm", // `alpm` for Arch Linux and other users of the libalpm/pacman package manager. (see https://github.com/package-url/purl-spec/pull/164) 48 distro.ID, 49 m.Package, 50 m.Version, 51 pkg.PURLQualifiers( 52 qualifiers, 53 distro, 54 ), 55 "", 56 ).ToString() 57 }