github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/alpm/package.go (about) 1 package alpm 2 3 import ( 4 "strings" 5 6 "github.com/anchore/packageurl-go" 7 "github.com/anchore/syft/syft/file" 8 "github.com/anchore/syft/syft/linux" 9 "github.com/anchore/syft/syft/pkg" 10 ) 11 12 func newPackage(m *parsedData, release *linux.Release, dbLocation file.Location) pkg.Package { 13 licenseCandidates := strings.Split(m.Licenses, "\n") 14 15 p := pkg.Package{ 16 Name: m.Package, 17 Version: m.Version, 18 Locations: file.NewLocationSet(dbLocation), 19 Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocation(dbLocation.WithoutAnnotations(), licenseCandidates...)...), 20 Type: pkg.AlpmPkg, 21 PURL: packageURL(m, release), 22 MetadataType: pkg.AlpmMetadataType, 23 Metadata: m.AlpmMetadata, 24 } 25 p.SetID() 26 27 return p 28 } 29 30 func packageURL(m *parsedData, distro *linux.Release) string { 31 if distro == nil || distro.ID != "arch" { 32 // note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example) 33 return "" 34 } 35 36 qualifiers := map[string]string{ 37 pkg.PURLQualifierArch: m.Architecture, 38 } 39 40 if m.BasePackage != "" { 41 qualifiers[pkg.PURLQualifierUpstream] = m.BasePackage 42 } 43 44 return packageurl.NewPackageURL( 45 "alpm", // `alpm` for Arch Linux and other users of the libalpm/pacman package manager. (see https://github.com/package-url/purl-spec/pull/164) 46 distro.ID, 47 m.Package, 48 m.Version, 49 pkg.PURLQualifiers( 50 qualifiers, 51 distro, 52 ), 53 "", 54 ).ToString() 55 }