scancode-toolkit
scancode-toolkit copied to clipboard
nexB
distro is passed as None for RPM packages
Description
For debian based packages we pass namespace=distro here https://github.com/nexB/scancode-toolkit/blob/8ed266372416a4e55cf739dadafa175214dca980/src/packagedcode/debian.py#L634 but never passes distro apart from the case where it's distroless.
How To Reproduce
Look at the issue details
Hey @TG1999 , did you mean handle "None" value for 'distro' or set a default value to distro?
Some hints for solving this:
-
the distro needs to be found first. There may be several ways to do this either based on data available inside a package (a .deb), in its version or name (where there may be a hint that it's from Ubuntu), or in the rootfs for installed packages where we can collect a distro in https://github.com/nexB/scancode-toolkit/blob/develop/src/packagedcode/distro.py
-
once found, use this as the namespace
-
if not found, should we have a default? I am not sure, yet using
debianmay make sense?
Don't we have the same/similar problem for redhat, fedora or centos for type=rpm? We need some well-documented default in all cases
Don't we have the same/similar problem for redhat, fedora or centos for type=rpm? We need some well-documented default in all cases
Yes! The issue exists with RPMs too
This is fixed for debian by the following PRs:
- https://github.com/nexB/scancode.io/pull/1096
- https://github.com/nexB/scancode-toolkit/pull/3682
We are detecting namespace from clues found in package attributes, and also providing a default namespace
debianif no clues are present. Then on the SCIO side we are using the distro_id to override this too, if there are irregularities there.
We need to do something similar for RPM.
For RPMs, the same thing to do is IMHO to use the /etc/os-release "identifier" field ( as in identifier: rhel) for the distro. And use this as a namespace for the RPM PURL.