github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/arch/package.go

github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/arch/package.go (about)

     1  package arch
     2  
     3  import (
     4  	"strings"
     5  
     6  	"github.com/anchore/packageurl-go"
     7  	"github.com/anchore/syft/syft/file"
     8  	"github.com/anchore/syft/syft/linux"
     9  	"github.com/anchore/syft/syft/pkg"
    10  )
    11  
    12  func newPackage(m *parsedData, release *linux.Release, dbLocation file.Location) pkg.Package {
    13  	licenseCandidates := strings.Split(m.Licenses, "\n")
    14  
    15  	p := pkg.Package{
    16  		Name:      m.Package,
    17  		Version:   m.Version,
    18  		Locations: file.NewLocationSet(dbLocation),
    19  		Licenses:  pkg.NewLicenseSet(pkg.NewLicensesFromLocation(dbLocation.WithoutAnnotations(), licenseCandidates...)...),
    20  		Type:      pkg.AlpmPkg,
    21  		PURL:      packageURL(m, release),
    22  		Metadata:  m.AlpmDBEntry,
    23  	}
    24  	p.SetID()
    25  
    26  	return p
    27  }
    28  
    29  func packageURL(m *parsedData, distro *linux.Release) string {
    30  	if distro == nil || distro.ID != "arch" {
    31  		// note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example)
    32  		return ""
    33  	}
    34  
    35  	qualifiers := map[string]string{
    36  		pkg.PURLQualifierArch: m.Architecture,
    37  	}
    38  
    39  	if m.BasePackage != "" {
    40  		qualifiers[pkg.PURLQualifierUpstream] = m.BasePackage
    41  	}
    42  
    43  	return packageurl.NewPackageURL(
    44  		"alpm", // `alpm` for Arch Linux and other users of the libalpm/pacman package manager. (see https://github.com/package-url/purl-spec/pull/164)
    45  		distro.ID,
    46  		m.Package,
    47  		m.Version,
    48  		pkg.PURLQualifiers(
    49  			qualifiers,
    50  			distro,
    51  		),
    52  		"",
    53  	).ToString()
    54  }