github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/nix/package.go (about) 1 package nix 2 3 import ( 4 "github.com/anchore/packageurl-go" 5 "github.com/anchore/syft/syft/file" 6 "github.com/anchore/syft/syft/pkg" 7 ) 8 9 func newNixStorePackage(storePath nixStorePath, locations ...file.Location) pkg.Package { 10 p := pkg.Package{ 11 Name: storePath.name, 12 Version: storePath.version, 13 FoundBy: catalogerName, 14 Locations: file.NewLocationSet(locations...), 15 Type: pkg.NixPkg, 16 PURL: packageURL(storePath), 17 MetadataType: pkg.NixStoreMetadataType, 18 Metadata: pkg.NixStoreMetadata{ 19 OutputHash: storePath.outputHash, 20 Output: storePath.output, 21 }, 22 } 23 24 p.SetID() 25 26 return p 27 } 28 29 func packageURL(storePath nixStorePath) string { 30 var qualifiers packageurl.Qualifiers 31 if storePath.output != "" { 32 // since there is no nix pURL type yet, this is a guess, however, it is reasonable to assume that 33 // if only a single output is installed the pURL should be able to express this. 34 qualifiers = append(qualifiers, 35 packageurl.Qualifier{ 36 Key: "output", 37 Value: storePath.output, 38 }, 39 ) 40 } 41 if storePath.outputHash != "" { 42 // it's not immediately clear if the hash found in the store path should be encoded in the pURL 43 qualifiers = append(qualifiers, 44 packageurl.Qualifier{ 45 Key: "outputhash", 46 Value: storePath.outputHash, 47 }, 48 ) 49 } 50 pURL := packageurl.NewPackageURL( 51 // TODO: nix pURL type has not been accepted yet (only proposed at this time) 52 "nix", 53 "", 54 storePath.name, 55 storePath.version, 56 qualifiers, 57 "") 58 return pURL.ToString() 59 }