Skip to content

DNM: Fix packagePurpose#2545

Open
Taffer wants to merge 4 commits into
chainguard-dev:mainfrom
Taffer:fix-packagePurpose
Open

DNM: Fix packagePurpose#2545
Taffer wants to merge 4 commits into
chainguard-dev:mainfrom
Taffer:fix-packagePurpose

Conversation

@Taffer

@Taffer Taffer commented May 26, 2026

Copy link
Copy Markdown
Member

Per https://github.com/chainguard-dev/customer-issues/issues/3564,

Per SPDX 2.3 spec, the valid enum values use underscores: OPERATING_SYSTEM. The hyphenated OPERATING-SYSTEM is not in the allowed set.

NexusIQ CLI error (v2.11.1):
Line: 30, Column: 50, Path: $.packages[0].primaryPackagePurpose,
Error: does not have a value in the enumeration ["OTHER", "INSTALL", "ARCHIVE",
"FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE",
"DEVICE", "OPERATING_SYSTEM", "FILE"]Bug 3: Unparseable SPDX content
File: /var/lib/db/sbom/triton-inference-server-local-cache-26.04-r0.spdx.json

Ran make generate test test-e2e, all was happy.

@Taffer Taffer enabled auto-merge (squash) May 26, 2026 14:54
@sil2100

sil2100 commented May 27, 2026

Copy link
Copy Markdown
Member

@Taffer

Taffer commented May 27, 2026

Copy link
Copy Markdown
Member Author

@Taffer Taffer changed the title Fix packagePurpose DNM: Fix packagePurpose May 27, 2026
@xnox

xnox commented May 28, 2026

Copy link
Copy Markdown
Member

@Taffer @sil2100 - pretty sure we might want to change this in mono/apokaas and maybe in cyclonedx instead?

Has customer tried using cyclonedx?

Possibly can make it an apkoaas featureflag to generate underscore or dash; based on a customer desire.

Possibly can emit two stanzas one with dash and one with underscore. Most implementations will ignore one; or the other.

Taffer commented May 28, 2026

Copy link
Copy Markdown
Member Author

It looks like the spec uses OPERATING-SYSTEM and NexusIQ CLI is wanting OPERATING_SYSTEM, possibly because of the published schema. According to @sil2100, they were supposed to fix the schema to have OPERATING-SYSTEM. 🤷

@Taffer Taffer force-pushed the fix-packagePurpose branch from 8f06417 to eb2e2d3 Compare June 9, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants