Skip to content

fix alpm jsonschema #623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
prabhu wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

fix alpm jsonschema #623

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
711f485
fix alpm
prabhu Aug 23, 2025
222eaee
Adds normalization_rules for name
prabhu Aug 23, 2025
3dc3541
Review comments
prabhu Aug 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions types/alpm-definition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{
"$schema": "https://packageurl.org/schemas/purl-type-definition.schema-1.0.json",
"$id": "https://packageurl.org/types/github-definition.json",
"$id": "https://packageurl.org/types/alpm-definition.json",
Copy link
Member

@pombredanne pombredanne Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is valid and important change

"type": "alpm",
"type_name": "Arch Linux package",
"description": "Arch Linux packages and other users of the libalpm/pacman package manager.",
"repository": {
"use_repository": true,
"note": "There is no default package repository; this should be implied either from the distro qualifiers key or using a repository base url as repository_url qualifiers key."
"note": "There is no default package repository; this should be implied either from the distro qualifiers key or using a repository base url as a repository_url qualifiers key."
},
"namespace_definition": {
"requirement": "required",
Expand All @@ -18,13 +18,18 @@
]
},
"name_definition": {
"note": "The name is the package name. It is not case sensitive and must be lowercased.",
"requirement": "required",
Copy link
Member

@pombredanne pombredanne Aug 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a property defined in the schema for name, because a purl without a name is mostly harmless in all cases, so if you run make conf && make check you will get:

$ make check
-> Validate JSON schemas
ok -- validation done
The following files were checked:
  schemas/purl-test.schema.json
  schemas/purl-type-definition.schema.json
  schemas/purl-types-index.schema.json
-> Validate JSON data files against the schemas
ok -- validation done
The following files were checked:
  purl-types-index.json
Schema validation errors were encountered.
  types/alpm-definition.json::$.qualifiers_definition[0]: Additional properties are not allowed ('examples' was unexpected)
  types/alpm-definition.json::$.qualifiers_definition[1]: Additional properties are not allowed ('examples' was unexpected)
  types/alpm-definition.json::$.qualifiers_definition[2]: Additional properties are not allowed ('examples' was unexpected)
make: *** [Makefile:53: checkjson] Error 1

Copy link
Member

@pombredanne pombredanne Aug 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually that part was schema-valid

Copy link
Contributor Author

@prabhu prabhu Aug 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If name is not mandatory we risk the proliferation of non actionable purls for given types. So some strictness is better. I consciously avoided regex, min lengths and other properties that was suggested by Gemini so had some filter but completely forgot to validate. Will fix the validation errors and push later this evening.

Copy link
Member

@pombredanne pombredanne Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The schema has been updated. The name is always required now https://github.com/package-url/purl-spec/blob/f0ee1f6ab00ea980c4965a34d7d00bd7e8fb2cb0/schemas/purl-type-definition.schema-1.1.json so this change is fine.

"note": "The name is the package name. It is not case sensitive and must be lowercased. Any characters that are reserved in the PURL specification, such as '@', must be percent-encoded.",
"case_sensitive": false,
"native_name": "name"
"native_name": "name",
"normalization_rules": [
"It is not case sensitive and must be lowercased."
]
},
"version_definition": {
"requirement": "required",
Copy link
Member

@pombredanne pombredanne Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Versions are never required, so this change must be removed.

"native_name": "version",
"note": "The version is the version of the package as specified in vercmp(8) at (https://man.archlinux.org/man/vercmp.8#DESCRIPTION as part of alpm.",
"note": "The version of the package. The format must be valid for comparison by the vercmp(8) utility (see https://man.archlinux.org/man/vercmp.8).",
"case_sensitive": true,
"normalization_rules": [
"normalize version as specified in vercmp(8) at https://man.archlinux.org/man/vercmp.8#DESCRIPTION as part of alpm."
Expand All @@ -36,11 +41,24 @@
"requirement": "optional",
"native_name": "arch",
"description": "The arch is the qualifiers key for a package architecture."
},
{
"key": "distro",
"requirement": "optional",
"description": "The distribution name when using multiple distributions."
},
{
"key": "repository_url",
Copy link
Member

@pombredanne pombredanne Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a standard qualifier so it not really needed here IMHO, but it does not hurt either... @johnmhoran what do you think?

"requirement": "optional",
"description": "Base URL for the package repository."
}
],
"examples": [
"pkg:alpm/arch/pacman@6.0.1-1?arch=x86_64",
"pkg:alpm/arch/python-pip@21.0-1?arch=any",
"pkg:alpm/arch/containers-common@1:0.47.4-4?arch=x86_64"
"pkg:alpm/arch/containers-common@1:0.47.4-4?arch=x86_64",
"pkg:alpm/manjaro/systemd@251.7-1?arch=x86_64",
"pkg:alpm/arch/ca-certificates-utils@20210603-1?arch=any",
"pkg:alpm/arch/example%40package@1.2-3?arch=x86_64"
]
}