Fixes for apk #624
Draft
Fixes for apk #624
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Prabhu Subramanian <[email protected]>
matt-phylum
reviewed
Aug 25, 2025
Comment on lines
+24
to
+27
| "case_sensitive": false, | ||
| "normalization_rules": [ | ||
| "It is not case sensitive and must be lowercased." | ||
| ] |
Contributor
There was a problem hiding this comment.
Suggested change
| "case_sensitive": false, | |
| "normalization_rules": [ | |
| "It is not case sensitive and must be lowercased." | |
| ] | |
| "case_sensitive": true |
ERROR: unable to select packages:
FIGLET (no such package):
required by: world[FIGLET]
/ # apk add figlet
(1/1) Installing figlet (2.2.5-r3)
Executing busybox-1.37.0-r18.trigger
OK: 8 MiB in 17 packages
| }, | ||
| "version_definition": { | ||
| "note": "The version is a package version as expected by apk.", | ||
| "requirement": "required", |
Contributor
There was a problem hiding this comment.
Suggested change
| "requirement": "required", |
Installed packages have versions, but I don't understand why the PURL spec should be limited to talking about only specific versions of installed packages, especially if vers is going to be a related standard. How would you use vers if you can't name the package?
Comment on lines
+40
to
+44
| { | ||
| "key": "distro", | ||
| "requirement": "optional", | ||
| "description": "The distribution name when using multiple distributions" | ||
| }, |
Contributor
There was a problem hiding this comment.
This doesn't make sense. I don't know if the problem is just that it's not defined properly. The distribution goes in the namespace. What does it mean if a PURL has a distribution in the namespace and in the qualifier? If it makes sense for there two be two distributions, what if there are more than two?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes from gemini
$idattribute was updated from a placeholder value to the correct URI for theapktype definition.name_definitionandversion_definitionnow correctly state that they are "required" components for a validapkpurl.normalization_ruleshave been added to both thenamespace_definitionandname_definitionto ensure their values are lowercased.version_definitionhas been updated with more specific details about the expected version format, including the commonpkgver-rXpattern.distroandrepository_urlqualifiers, and examples have been added for all defined qualifiers to provide clearer guidance.apkpurls, including packages from different vendors and those with version suffixes.