Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

get_repo_url and get_download_url give no result #107

Open
vargenau opened this issue Dec 1, 2022 · 7 comments
Open

get_repo_url and get_download_url give no result #107

vargenau opened this issue Dec 1, 2022 · 7 comments

Comments

@vargenau
Copy link

vargenau commented Dec 1, 2022

from packageurl.contrib import purl2url
purl2url.get_repo_url("pkg:golang/xorm.io/xorm@v0.8.2")
purl2url.get_download_url("pkg:golang/xorm.io/xorm@v0.8.2")
purl2url.get_repo_url("pkg:golang/gopkg.in/ldap.v3@v3.1.0")
purl2url.get_download_url("pkg:golang/gopkg.in/ldap.v3@v3.1.0")
purl2url.get_repo_url("pkg:alpine/zlib@1.2.11-r3?arch=x86_64&upstream=zlib&distro=alpine-3.14.3")
purl2url.get_download_url("pkg:alpine/zlib@1.2.11-r3?arch=x86_64&upstream=zlib&distro=alpine-3.14.3")

get_repo_url and get_download_url give no result for the PURLs above. Why?

@tdruez
Copy link
Collaborator

tdruez commented Feb 15, 2023

Why?

@vargenau golang and alpine types are not yet supported by purl2url.
Could you please provide the expected output for each of your examples, this would help to add support for those types.

@vargenau
Copy link
Author

Hello @tdruez,

purl2url.get_repo_url("pkg:golang/xorm.io/xorm@v0.8.2")
could return
https://pkg.go.dev/xorm.io/xorm@v0.8.2

purl2url.get_download_url("pkg:golang/xorm.io/xorm@v0.8.2")
could return
https://pkg.go.dev/xorm.io/xorm@v0.8.2#section-sourcefiles
This is not optimal, I do not know whether there exists a URL to download the whole source code of the package.

For Alpine I have no idea, https://pkgs.alpinelinux.org/packages only gives the latest release of the package.

Perhaps we could find something in https://archive.softwareheritage.org/

tdruez added a commit that referenced this issue Mar 24, 2023
Signed-off-by: Thomas Druez <tdruez@nexb.com>
@tdruez
Copy link
Collaborator

tdruez commented Apr 10, 2023

@vargenau I've added golang support for the get_repo_url in fffc8ac#diff-2f9af27ff6ddefbfe1bd9790a393d43c19fd1f4c5325be411898a260517ca164R241

It is available in the latest version.

purl2url.get_download_url("pkg:golang/xorm.io/xorm@v0.8.2")
could return
https://pkg.go.dev/xorm.io/xorm@v0.8.2#section-sourcefiles
This is not optimal, I do not know whether there exists a URL to download the whole source code of the package.

This is inconsistent with the current get_download_url implementations that return a proper URL to a downloadable file.

@vargenau
Copy link
Author

Thank you @tdruez

@CsatariGergely
Copy link

@tdruez unfortunatelly go package management is a bit more complex than this. I started pr #113 for the support, but it is not complete yet.

@tdruez
Copy link
Collaborator

tdruez commented Apr 13, 2023

@CsatariGergely could you provide some examples of golang purls that would not be supported at the moment?
I do not see any addition to the test data in your PR.

@CsatariGergely
Copy link

Here is the set what I used for internal testing:

pkg:golang/github.com/mailru/easyjson@v0.7.7
pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.1
pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.1
pkg:golang/github.com/miekg/dns@v1.1.26
pkg:golang/github.com/miekg/dns@v1.1.26
pkg:golang/github.com/mitchellh/mapstructure@v1.4.3
pkg:golang/github.com/mitchellh/mapstructure@v1.4.3
pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f
pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f
pkg:golang/github.com/oklog/run@v1.1.0
pkg:golang/github.com/oklog/run@v1.1.0
pkg:golang/github.com/oklog/ulid@v1.3.1
pkg:golang/github.com/oklog/ulid@v1.3.1
pkg:golang/github.com/opentracing/opentracing-go@v1.2.0
pkg:golang/github.com/pkg/errors@v0.9.1
pkg:golang/github.com/pkg/errors@v0.9.1
pkg:golang/github.com/prometheus/alertmanager@(devel)
pkg:golang/github.com/prometheus/alertmanager@(devel)
pkg:golang/github.com/prometheus/client_golang@v1.12.1
pkg:golang/github.com/prometheus/client_golang@v1.12.1
pkg:golang/github.com/prometheus/client_model@v0.2.0
pkg:golang/github.com/prometheus/client_model@v0.2.0
pkg:golang/github.com/prometheus/common@v0.32.1
pkg:golang/github.com/prometheus/common@v0.32.1
pkg:golang/github.com/prometheus/common/sigv4@v0.1.0
pkg:golang/github.com/prometheus/common/sigv4@v0.1.0
pkg:golang/github.com/prometheus/exporter-toolkit@v0.7.1
pkg:golang/github.com/prometheus/exporter-toolkit@v0.7.1
pkg:golang/github.com/prometheus/procfs@v0.7.3
pkg:golang/github.com/prometheus/procfs@v0.7.3
pkg:golang/github.com/rs/cors@v1.8.2
pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529
pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529
pkg:golang/github.com/shurcooL/httpfs@v0.0.0-20190707220628-8d4bc4ba7749
pkg:golang/github.com/shurcooL/httpfs@v0.0.0-20190707220628-8d4bc4ba7749
pkg:golang/github.com/shurcooL/vfsgen@v0.0.0-20200824052919-0d455de96546
pkg:golang/github.com/shurcooL/vfsgen@v0.0.0-20200824052919-0d455de96546
pkg:golang/github.com/xlab/treeprint@v1.1.0
pkg:golang/go.mongodb.org/mongo-driver@v1.8.3
pkg:golang/go.mongodb.org/mongo-driver@v1.8.3
pkg:golang/golang.org/x/crypto@v0.0.0-20210616213533-5ff15b29337e
pkg:golang/golang.org/x/crypto@v0.0.0-20210616213533-5ff15b29337e
pkg:golang/golang.org/x/mod@v0.5.1
pkg:golang/golang.org/x/net@v0.0.0-20220225172249-27dd8689420f
pkg:golang/golang.org/x/net@v0.0.0-20220225172249-27dd8689420f
pkg:golang/golang.org/x/oauth2@v0.0.0-20210514164344-f6687ab2804c
pkg:golang/golang.org/x/oauth2@v0.0.0-20210514164344-f6687ab2804c
pkg:golang/golang.org/x/sys@v0.0.0-20220114195835-da31bd327af9
pkg:golang/golang.org/x/sys@v0.0.0-20220114195835-da31bd327af9
pkg:golang/golang.org/x/text@v0.3.7
pkg:golang/golang.org/x/text@v0.3.7
pkg:golang/google.golang.org/protobuf@v1.26.0
pkg:golang/google.golang.org/protobuf@v1.26.0
pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6
pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6
pkg:golang/gopkg.in/telebot.v3@v3.0.0
pkg:golang/gopkg.in/yaml.v2@v2.4.0
pkg:golang/gopkg.in/yaml.v2@v2.4.0

True, one of these per category should be added as a testcase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants