We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If I generate the SBOM for a Haskell package in nixpkgs, eg vector:
vector
nix run github:tiiuae/sbomnix#sbomnix -- --depth 1 nixpkgs#haskellPackages.vector
Then the result is missing license information for some of the packages:
❯ cut -d , -f 2,17 < sbom.csv "pname","meta_license_short" "elfutils","gpl2Only;lgpl3Plus;gpl3Plus" "ghc","bsd3" "glibc","The GNU C Library" "gmp-with-cxx","lgpl3Only;gpl2Only" "libffi","mit" "ncurses","mit" "primitive","" "vector","" "vector-stream",""
For example, the "vector" package itself is given no license. However, it certainly has this metadata in nixpkgs:
"vector" = callPackage ({ mkDerivation, base, base-orphans, deepseq, doctest, HUnit , primitive, QuickCheck, random, tasty, tasty-bench, tasty-hunit , tasty-inspection-testing, tasty-quickcheck, template-haskell , transformers, vector-stream }: mkDerivation { pname = "vector"; version = "0.13.1.0"; sha256 = "1vpcxn0zkhmvksz373iz66bv42f358jv3zqg390vk2mbkqkp5wk3"; revision = "1"; editedCabalFile = "03fpy8vnjyk7hw6sci361pmb05jl5z05yb08yjv5wxqxnp7jq0xw"; libraryHaskellDepends = [ base deepseq primitive vector-stream ]; testHaskellDepends = [ base base-orphans doctest HUnit primitive QuickCheck random tasty tasty-hunit tasty-inspection-testing tasty-quickcheck template-haskell transformers ]; benchmarkHaskellDepends = [ base random tasty tasty-bench ]; description = "Efficient Arrays"; license = lib.licenses.bsd3; }) {};
The text was updated successfully, but these errors were encountered:
No branches or pull requests
If I generate the SBOM for a Haskell package in nixpkgs, eg
vector
:Then the result is missing license information for some of the packages:
For example, the "vector" package itself is given no license. However, it certainly has this metadata in nixpkgs:
The text was updated successfully, but these errors were encountered: