improve the way sbomnix reads pacakge metadata

Question

improve the way sbomnix reads pacakge metadata

henrirosten opened this issue a year ago · comments

sbomnix reads the nix package meta info from the json file given via the command-line --meta option.

This needs to be re-done properly, ultimately aiming to get rid of the need for --meta command line argument completely.

Domen Kožar · Answer 1 · Tue Sep 19 2023 21:07:34 GMT+0800 (China Standard Time)

How about:

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 51c78c55d599..f4ad35af2c1a 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -299,6 +299,7 @@ else let
        "__impureHostDeps" "__propagatedImpureHostDeps"
        "sandboxProfile" "propagatedSandboxProfile"]
        ++ lib.optional (__structuredAttrs || envIsExportable) "env"))
+    // { meta =  builtins.toJSON (attrs.meta or {}); }
     // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
       name =
         let

Henri Rosten · Answer 2 · Mon Sep 25 2023 17:12:36 GMT+0800 (China Standard Time)

@domenkozar : thanks for providing input to this issue!

What you are proposing requires a change in nixpkgs, right?

Domen Kožar · Answer 3 · Mon Sep 25 2023 21:42:30 GMT+0800 (China Standard Time)

NixOS/nixpkgs#256296

Henri Rosten · Answer 4 · Fri Dec 22 2023 17:35:49 GMT+0800 (China Standard Time)

Resolved with #100