packageurl-python icon indicating copy to clipboard operation
packageurl-python copied to clipboard

Published 20 hours ago verified publisher icon package-url

get_repo_url and get_download_url give no result

Open vargenau opened this issue 2 years ago • 7 comments

from packageurl.contrib import purl2url purl2url.get_repo_url("pkg:golang/xorm.io/[email protected]") purl2url.get_download_url("pkg:golang/xorm.io/[email protected]") purl2url.get_repo_url("pkg:golang/gopkg.in/[email protected]") purl2url.get_download_url("pkg:golang/gopkg.in/[email protected]") purl2url.get_repo_url("pkg:alpine/[email protected]?arch=x86_64&upstream=zlib&distro=alpine-3.14.3") purl2url.get_download_url("pkg:alpine/[email protected]?arch=x86_64&upstream=zlib&distro=alpine-3.14.3")

get_repo_url and get_download_url give no result for the PURLs above. Why?

vargenau avatar Dec 01 '22 12:12 vargenau

Why?

@vargenau golang and alpine types are not yet supported by purl2url. Could you please provide the expected output for each of your examples, this would help to add support for those types.

tdruez avatar Feb 15 '23 06:02 tdruez

Hello @tdruez,

purl2url.get_repo_url("pkg:golang/xorm.io/[email protected]") could return https://pkg.go.dev/xorm.io/[email protected]

purl2url.get_download_url("pkg:golang/xorm.io/[email protected]") could return https://pkg.go.dev/xorm.io/[email protected]#section-sourcefiles This is not optimal, I do not know whether there exists a URL to download the whole source code of the package.

For Alpine I have no idea, https://pkgs.alpinelinux.org/packages only gives the latest release of the package.

Perhaps we could find something in https://archive.softwareheritage.org/

vargenau avatar Feb 15 '23 17:02 vargenau

@vargenau I've added golang support for the get_repo_url in https://github.com/package-url/packageurl-python/commit/fffc8ac24b27cd60518cb8e302e2c4c9abd37212#diff-2f9af27ff6ddefbfe1bd9790a393d43c19fd1f4c5325be411898a260517ca164R241

It is available in the latest version.

purl2url.get_download_url("pkg:golang/xorm.io/[email protected]") could return https://pkg.go.dev/xorm.io/[email protected]#section-sourcefiles This is not optimal, I do not know whether there exists a URL to download the whole source code of the package.

This is inconsistent with the current get_download_url implementations that return a proper URL to a downloadable file.

tdruez avatar Apr 10 '23 05:04 tdruez

Thank you @tdruez

vargenau avatar Apr 13 '23 08:04 vargenau

@tdruez unfortunatelly go package management is a bit more complex than this. I started pr #113 for the support, but it is not complete yet.

CsatariGergely avatar Apr 13 '23 09:04 CsatariGergely

@CsatariGergely could you provide some examples of golang purls that would not be supported at the moment? I do not see any addition to the test data in your PR.

tdruez avatar Apr 13 '23 09:04 tdruez

Here is the set what I used for internal testing:

pkg:golang/github.com/mailru/[email protected] pkg:golang/github.com/matttproud/[email protected] pkg:golang/github.com/matttproud/[email protected] pkg:golang/github.com/miekg/[email protected] pkg:golang/github.com/miekg/[email protected] pkg:golang/github.com/mitchellh/[email protected] pkg:golang/github.com/mitchellh/[email protected] pkg:golang/github.com/mwitkow/[email protected] pkg:golang/github.com/mwitkow/[email protected] pkg:golang/github.com/oklog/[email protected] pkg:golang/github.com/oklog/[email protected] pkg:golang/github.com/oklog/[email protected] pkg:golang/github.com/oklog/[email protected] pkg:golang/github.com/opentracing/[email protected] pkg:golang/github.com/pkg/[email protected] pkg:golang/github.com/pkg/[email protected] pkg:golang/github.com/prometheus/alertmanager@(devel) pkg:golang/github.com/prometheus/alertmanager@(devel) pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/common/[email protected] pkg:golang/github.com/prometheus/common/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/prometheus/[email protected] pkg:golang/github.com/rs/[email protected] pkg:golang/github.com/sean-/[email protected] pkg:golang/github.com/sean-/[email protected] pkg:golang/github.com/shurcooL/[email protected] pkg:golang/github.com/shurcooL/[email protected] pkg:golang/github.com/shurcooL/[email protected] pkg:golang/github.com/shurcooL/[email protected] pkg:golang/github.com/xlab/[email protected] pkg:golang/go.mongodb.org/[email protected] pkg:golang/go.mongodb.org/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/golang.org/x/[email protected] pkg:golang/google.golang.org/[email protected] pkg:golang/google.golang.org/[email protected] pkg:golang/gopkg.in/alecthomas/[email protected] pkg:golang/gopkg.in/alecthomas/[email protected] pkg:golang/gopkg.in/[email protected] pkg:golang/gopkg.in/[email protected] pkg:golang/gopkg.in/[email protected]

True, one of these per category should be added as a testcase.

CsatariGergely avatar Apr 13 '23 11:04 CsatariGergely