New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add lua/rockspec cataloger #2613
base: main
Are you sure you want to change the base?
Conversation
db54ddf
to
b3d158a
Compare
b3d158a
to
29dbd22
Compare
Depends on anchore/packageurl-go#18 |
29dbd22
to
cf83f7f
Compare
9b235c4
to
bfdedea
Compare
47a1969
to
5e00648
Compare
This comment has been minimized.
This comment has been minimized.
a9cdb1b
to
afda7a1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the delay here, @LaurentGoderre. I left some feedback inline. I'll also note that this can be rebased to get rid of some duplicate changes from the packageurl lib upgrade. That said, one thing I'd like to make sure about is in fact, the EDIT: I see the discussion here about it, so luarock seems to be fine.luarock
string in the packageurl that doesn't seem to match the notes in the spec types of just lua
.
@@ -109,6 +110,7 @@ func DefaultPackageTaskFactories() PackageTaskFactories { | |||
), | |||
newSimplePackageTaskFactory(java.NewNativeImageCataloger, pkgcataloging.DirectoryTag, pkgcataloging.InstalledTag, pkgcataloging.ImageTag, pkgcataloging.LanguageTag, "java"), | |||
newSimplePackageTaskFactory(nix.NewStoreCataloger, pkgcataloging.DirectoryTag, pkgcataloging.InstalledTag, pkgcataloging.ImageTag, pkgcataloging.LanguageTag, "nix"), | |||
newSimplePackageTaskFactory(lua.NewPackageCataloger, pkgcataloging.DirectoryTag, pkgcataloging.InstalledTag, pkgcataloging.ImageTag, pkgcataloging.LanguageTag, "lua"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it typical to find lua rockspec files in images (and "installed")?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know about typical but the image that prompted this changed (Kong DOI) has them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed it does
root@9568d1a22c40:/# find / | grep rockspec | grep cjson
root@9568d1a22c40:/# luarocks install lua-cjson
Installing https://luarocks.org/lua-cjson-2.1.0.10-1.src.rock
lua-cjson 2.1.0.10-1 depends on lua >= 5.1 (5.4-1 provided by VM: success)
gcc -O2 -fPIC -I/usr/local/include -c lua_cjson.c -o lua_cjson.o
gcc -O2 -fPIC -I/usr/local/include -c strbuf.c -o strbuf.o
gcc -O2 -fPIC -I/usr/local/include -c fpconv.c -o fpconv.o
gcc -shared -o /tmp/luarocks_build-lua-cjson-2.1.0.10-1-2704986/cjson.so lua_cjson.o strbuf.o fpconv.o
lua-cjson 2.1.0.10-1 is now installed in /usr/local (license: MIT)
root@9568d1a22c40:/# find / | grep rockspec | grep cjson
/usr/local/lib/luarocks/rocks-5.4/lua-cjson/2.1.0.10-1/lua-cjson-2.1.0.10-1.rockspec
I don't know if it's actively needed at runtime or if it is metadata that could be scrubbed and the lib still used. But the luarocks install
command will leave rockspecs behind 👍 .
syft/pkg/rockspec.go
Outdated
Name string | ||
Version string | ||
License string | ||
Homepage string | ||
Description string | ||
URL string | ||
Dependencies map[string]string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These all need json
tags.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better?
This comment has been minimized.
This comment has been minimized.
c71f8f0
to
cd4cac9
Compare
6d5b178
to
10f1a1a
Compare
a041548
to
f4bb717
Compare
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
No description provided.