Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nix install details #800

Merged
merged 1 commit into from
Feb 9, 2022
Merged

Add nix install details #800

merged 1 commit into from
Feb 9, 2022

Conversation

06kellyjac
Copy link
Contributor

Added install details for nix

I'd also like to say I'm also happy to help out with the nix cataloger (#462) if you push it to a draft PR

@spiffcs
Copy link
Contributor

spiffcs commented Feb 7, 2022

Thanks for the PR @06kellyjac! Please make sure the commits are signed and verified. See this documentation for more details docs.

spiffcs
spiffcs reviewed Feb 7, 2022
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you also be able to include a screenshot showing this running on nix-os? I don't have a platform to verify this on at the moment.

README.md Outdated Show resolved Hide resolved
@06kellyjac
Copy link
Contributor Author

signed and verified

Ahh, I thought it was just DCO
I don't have a personal signing key yet but I can use my work one I guess. (Work is pro FLOSS so no issues there)

@spiffcs
Copy link
Contributor

spiffcs commented Feb 7, 2022

I'll push a commit this morning that fixes the integration tests here. Looks like SPDX updated their license list over the weekend as well.

@06kellyjac
Copy link
Contributor Author

nix can be used on linux distros other than NixOS and can be used on darwin

We build syft (and other golang tools) for these targets:

  • aarch64-linux
  • i686-linux
  • x86_64-linux
  • x86_64-darwin
  • aarch64-darwin

My macOS vm:

image

My NixOS machine:

λ nix-env -f . -i syft
installing 'syft-0.36.0'
this path will be fetched (5.24 MiB download, 18.60 MiB unpacked):
  /nix/store/2lpnlhbqg82n50l3wjrnk0s9bgjnd7qb-syft-0.36.0
copying path '/nix/store/2lpnlhbqg82n50l3wjrnk0s9bgjnd7qb-syft-0.36.0' from 'https://cache.nixos.org'...
building '/nix/store/6fqwynzzfz4inx152r1n27fsnd4fkjk9-user-environment.drv'...
λ syft --help
Generate a packaged-based Software Bill Of Materials (SBOM) from container images and filesystems

Usage:
   [flags]
   [command]

Examples:
  syft packages alpine:latest                a summary of discovered packages
  syft packages alpine:latest -o json        show all possible cataloging details
  syft packages alpine:latest -o cyclonedx   show a CycloneDX formatted SBOM
  syft packages alpine:latest -o spdx        show a SPDX 2.2 tag-value formatted SBOM
  syft packages alpine:latest -o spdx-json   show a SPDX 2.2 JSON formatted SBOM
  syft packages alpine:latest -vv            show verbose debug information

  Supports the following image sources:
    syft packages yourrepo/yourimage:tag     defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry.
    syft packages path/to/a/file/or/dir      a Docker tar, OCI tar, OCI directory, or generic filesystem directory

  You can also explicitly specify the scheme to use:
    syft packages docker:yourrepo/yourimage:tag          explicitly use the Docker daemon
    syft packages docker-archive:path/to/yourimage.tar   use a tarball from disk for archives created from "docker save"
    syft packages oci-archive:path/to/yourimage.tar      use a tarball from disk for OCI archives (from Skopeo or otherwise)
    syft packages oci-dir:path/to/yourimage              read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)
    syft packages dir:path/to/yourproject                read directly from a path on disk (any directory)
    syft packages file:path/to/yourproject/file          read directly from a path on disk (any single file)
    syft packages registry:yourrepo/yourimage:tag        pull image directly from a registry (no container runtime required)


Available Commands:
  completion  Generate a shell completion for Syft (listing local docker images)
  help        Help about any command
  packages    Generate a package SBOM
  version     show the version

Flags:
  -c, --config string              application config file
  -d, --dockerfile string          include dockerfile for upload to Anchore Enterprise
      --exclude stringArray        exclude paths from being scanned using a glob expression
      --file string                file to write the default report output to (default is STDOUT)
  -h, --help                       help for this command
  -H, --host string                the hostname or URL of the Anchore Enterprise instance to upload to
      --import-timeout uint        set a timeout duration (in seconds) for the upload to Anchore Enterprise (default 30)
  -o, --output stringArray         report output format, options=[json text table cyclonedx cyclonedx-json spdx-tag-value spdx-json] (default [table])
      --overwrite-existing-image   overwrite an existing image during the upload to Anchore Enterprise
  -p, --password string            the password to authenticate against Anchore Enterprise
  -q, --quiet                      suppress all logging output
  -s, --scope string               selection of layers to catalog, options=[Squashed AllLayers] (default "Squashed")
  -u, --username string            the username to authenticate against Anchore Enterprise
  -v, --verbose count              increase verbosity (-v = info, -vv = debug)
      --version                    version for this command

Use " [command] --help" for more information about a command.

λ syft version
Application:   syft
Version:       0.36.0
BuildDate:     2022-01-19T16:43:16Z
GitCommit:     aebe843c6f0307d5c263c25257caf3e6ea827c78
GitTreeState:  clean
Platform:      linux/amd64
GoVersion:     go1.17.6
Compiler:      gc

λ syft packages alpine:latest
 ✔ Pulled image
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [14 packages]
NAME                    VERSION      TYPE
alpine-baselayout       3.2.0-r18    apk
alpine-keys             2.4-r1       apk
apk-tools               2.12.7-r3    apk
busybox                 1.34.1-r3    apk
ca-certificates-bundle  20191127-r7  apk
libc-utils              0.7.2-r3     apk
libcrypto1.1            1.1.1l-r7    apk
libretls                3.3.4-r2     apk
libssl1.1               1.1.1l-r7    apk
musl                    1.2.2-r7     apk
musl-utils              1.2.2-r7     apk
scanelf                 1.3.3-r0     apk
ssl_client              1.34.1-r3    apk
zlib                    1.2.11-r3    apk

@06kellyjac
Copy link
Contributor Author

06kellyjac commented Feb 7, 2022
edited
Loading

Should I add a note about syft being in the unstable channel currently awaiting the 22.05 release? (in march)

nixos.org search - unstable channel - syft

wagoodman
wagoodman reviewed Feb 7, 2022
View reviewed changes
README.md Show resolved Hide resolved
@wagoodman
Copy link
Contributor

Should I add a note about syft being in the unstable channel currently awaiting the 22.05 release? (in march)

I think that's a good idea 👍

@wagoodman
Copy link
Contributor

(rebased to pull in a fix for failing integration tests)

wagoodman
wagoodman approved these changes Feb 9, 2022
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I combined the two phrases into one, other than that just awaiting passing CI. Thanks for providing the Nix packaging for Syft!! 🚀

@wagoodman
Copy link
Contributor

wagoodman commented Feb 9, 2022
edited
Loading

@06kellyjac looks like there is a small problem with the DCO signoff:

Commit sha: 1b8d4dc, Author: 06kellyjac, Committer: Alex Goodman; Expected “06kellyjac dev@j-k.io”, but got “06kellyjac jack@control-plane.io”

I didn't see the problem at first until @luhring pointed it out:

 want: "06kellyjac dev@j-k.io"
  got: "06kellyjac jack@control-plane.io"

Can you adjust the signoff to match the committer details?

@06kellyjac
Copy link
Contributor Author

I updated the dco to jack@control-plane.io since I use that email with this gpg key. I thought I changed the committer email but I'll fix that

@06kellyjac
Add nix install details
cd299a0 
Signed-off-by: 06kellyjac <jack@control-plane.io>
@wagoodman wagoodman merged commit 5ab872c into anchore:main Feb 9, 2022
@06kellyjac 06kellyjac deleted the nix_install branch February 9, 2022 21:03
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@06kellyjac
Add nix install details (anchore#800)
8eca80d 
Signed-off-by: 06kellyjac <jack@control-plane.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs left review comments

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@06kellyjac @spiffcs @wagoodman