packageurl-python icon indicating copy to clipboard operation
packageurl-python copied to clipboard
verified publisher icon package-url

feature request: name to purl for rpm/deb

Open armijnhemel opened this issue 4 years ago • 8 comments

It would be very useful if it would be possible to supply a name of a package and then get a purl object.

For example. I would like to do something like:

>>> purl_object = packageurl.PackageURL.from_package_name('vim_8.1.0875-5_amd64.deb')

and get a correct purl object.

armijnhemel avatar Sep 02 '21 13:09 armijnhemel

@armijnhemel that's a great feature! @TG1999 what do you think?

pombredanne avatar Sep 15 '21 14:09 pombredanne

Yes sure @pombredanne , can we get some sample input and outputs, so we can think of a mapping for same

TG1999 avatar Sep 15 '21 14:09 TG1999

I realize that from a plain package you cannot determine the distro such as "debian" or "fedora". I think it would be acceptable to assume that this would be supplied as a parameter or to set it to a generic value, which can later be changed or overridden.

armijnhemel avatar Sep 15 '21 19:09 armijnhemel

Package to purl string could be like this:

babeld_1.8.3-1_amd64.deb -> pkg:deb/[email protected]?arch=amd64
bash-5.1.0-2.fc34.x86_64.rpm -> pkg:rpm/fedora/[email protected]?arch=x86_64

Optionally, because there is 'fc34' in the name you could conclude that it is Fedora 34, but I wouldn't do that, as I can see that there are packages in Fedora 34 that have fc33 in the name.

Currently when feeding these purl strings to PackageURL.from_string gives me:

packageurl.PackageURL.from_string('pkg:rpm/[email protected]?arch=x86_64')
PackageURL(type='rpm', namespace=None, name='bash', version='5.1.0-2', qualifiers={'arch': 'x86_64'}, subpath=None)

so I could imagine the identical output for the proposed method:

packageurl.PackageURL.from_package_name('bash-5.1.0-2.fc34.x86_64.rpm')
PackageURL(type='rpm', namespace=None, name='bash', version='5.1.0-2', qualifiers={'arch': 'x86_64'}, subpath=None)

armijnhemel avatar Sep 17 '21 11:09 armijnhemel

@armijnhemel thanks! that's clear.

pombredanne avatar Sep 17 '21 13:09 pombredanne

@armijnhemel would this be only for .deb and .rpm?

pombredanne avatar Oct 04 '21 15:10 pombredanne

@armijnhemel would this be only for .deb and .rpm?

For now yes. In the future I could also envision ipkg (extension: ipk) and possibly others (Python wheel, etc.).

armijnhemel avatar Oct 04 '21 15:10 armijnhemel

FWIW, we have a lot of these in url2purl... but for full URLs, not mere package archives

>>> url2purl("https://files.pythonhosted.org/packages/a1/eb/b37ef5647243ade8308f7bb46b1a45e6204790c163cbd8cf6df990d5c1c1/boolean.py-3.8.tar.gz")
PackageURL(type='pypi', namespace=None, name='boolean.py', version='3.8', qualifiers={}, subpath=None)

and not yet for debian and RPMs

pombredanne avatar Feb 17 '22 11:02 pombredanne