allow reading runtime dependencies without requiring the package availability in local nix store
henrirosten opened this issue · comments
Currently, to get the runtime dependencies for a given target, sbomnix requires the target to be available in local nix store.
Note: for buildtime-only dependencies, only the derivation file is required.
The task in this item is to change sbomnix so that runtime dependencies can also be found without requiring the package be installed locally.
Example (nmap is not locally installed):
Buildtime:
sbomnix /nix/store/n54bb3k7p568x2i6abvkavmzc2nwgihh-nmap-7.93.drv --type=buildtime
WARNING Command line argument '--meta' missing: SBOM will not include license information (see '--help' for more details)
INFO Loading buildtime dependencies referenced by '/nix/store/n54bb3k7p568x2i6abvkavmzc2nwgihh-nmap-7.93.drv'
INFO Wrote: sbom.cdx.json
INFO Wrote: sbom.spdx.json
INFO Wrote: sbom.csv
Runtime:
sbomnix /nix/store/n54bb3k7p568x2i6abvkavmzc2nwgihh-nmap-7.93.drv --type=runtime
WARNING Command line argument '--meta' missing: SBOM will not include license information (see '--help' for more details)
INFO Loading runtime dependencies referenced by '/nix/store/n54bb3k7p568x2i6abvkavmzc2nwgihh-nmap-7.93.drv'
Traceback (most recent call last):
File "/home/hrosten/projects/sbomnix/venv/bin/sbomnix", line 33, in <module>
sys.exit(load_entry_point('sbomnix', 'console_scripts', 'sbomnix')())
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/sbomnix/main.py", line 87, in main
sbomdb = SbomDb(target_path, runtime, buildtime, args.meta)
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/sbomnix/sbomdb.py", line 48, in __init__
self._init_dependencies(nix_path)
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/sbomnix/sbomdb.py", line 62, in _init_dependencies
runtime_dependencies = NixDependencies(nix_path, buildtime=False)
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/nixgraph/graph.py", line 255, in __init__
self._parse_runtime_dependencies(nix_path)
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/nixgraph/graph.py", line 261, in _parse_runtime_dependencies
nix_out = exec_cmd(
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/sbomnix/utils.py", line 114, in exec_cmd
raise error
File "/nix/store/g7mndp0nh7jy7xc9gxv1jjdl6jxac7hi-python3.10-sbomnix-1.4.5/lib/python3.10/site-packages/sbomnix/utils.py", line 104, in exec_cmd
ret = subprocess.run(cmd, capture_output=True, encoding="utf-8", check=True)
File "/nix/store/syz2y6j53y5hpzbs7l0965zwxshi8iyl-python3-3.10.10/lib/python3.10/subprocess.py", line 526, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['nix', '--extra-experimental-features', 'nix-command', 'path-info', '/nix/store/n54bb3k7p568x2i6abvkavmzc2nwgihh-nmap-7.93.drv']' returned non-zero exit status 1.
It is apparently not possible to get the runtime-only dependencies without realising the output paths.
PR #72 fixes this issue by specifying --force-realise option for nix-store query when finding the runtime dependencies. Therefore, after PR #72, the second example in the original description of this issue (sbomnix /nix/store/n54bb3k7p568x2i6abvkavmzc2nwgihh-nmap-7.93.drv --type=runtime) would no longer throw, but automatically realise the derivation output path before finding the runtime dependencies.