github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/nix/package.go (about) 1 package nix 2 3 import ( 4 "github.com/nextlinux/gosbom/gosbom/file" 5 "github.com/nextlinux/gosbom/gosbom/pkg" 6 7 "github.com/anchore/packageurl-go" 8 ) 9 10 func newNixStorePackage(storePath nixStorePath, locations ...file.Location) pkg.Package { 11 p := pkg.Package{ 12 Name: storePath.name, 13 Version: storePath.version, 14 FoundBy: catalogerName, 15 Locations: file.NewLocationSet(locations...), 16 Type: pkg.NixPkg, 17 PURL: packageURL(storePath), 18 MetadataType: pkg.NixStoreMetadataType, 19 Metadata: pkg.NixStoreMetadata{ 20 OutputHash: storePath.outputHash, 21 Output: storePath.output, 22 }, 23 } 24 25 p.SetID() 26 27 return p 28 } 29 30 func packageURL(storePath nixStorePath) string { 31 var qualifiers packageurl.Qualifiers 32 if storePath.output != "" { 33 // since there is no nix pURL type yet, this is a guess, however, it is reasonable to assume that 34 // if only a single output is installed the pURL should be able to express this. 35 qualifiers = append(qualifiers, 36 packageurl.Qualifier{ 37 Key: "output", 38 Value: storePath.output, 39 }, 40 ) 41 } 42 if storePath.outputHash != "" { 43 // it's not immediately clear if the hash found in the store path should be encoded in the pURL 44 qualifiers = append(qualifiers, 45 packageurl.Qualifier{ 46 Key: "outputhash", 47 Value: storePath.outputHash, 48 }, 49 ) 50 } 51 pURL := packageurl.NewPackageURL( 52 // TODO: nix pURL type has not been accepted yet (only proposed at this time) 53 "nix", 54 "", 55 storePath.name, 56 storePath.version, 57 qualifiers, 58 "") 59 return pURL.ToString() 60 }