Conan: Get real provenance data #2037
Labels
analyzer
About the analyzer tool
Comments
fviernau
added a commit
that referenced
this issue
Dec 10, 2019
As the VCS locations returned by that package manager often times do not contain the actual source code for the respective package but just a receipe to build the conan package, see #2037. Signed-off-by: Frank Viernau <frank.viernau@here.com>
fviernau
added a commit
that referenced
this issue
Dec 10, 2019
As the VCS locations returned by that package manager often times do not contain the actual source code for the respective package but just a receipe to build the conan package, see #2037. Signed-off-by: Frank Viernau <frank.viernau@here.com>
fviernau
added a commit
that referenced
this issue
Dec 10, 2019
As the VCS locations returned by that package manager often times do not contain the actual source code for the respective package but just a receipe to build the conan package, see #2037. Signed-off-by: Frank Viernau <frank.viernau@here.com>
This comment has been minimized.
This comment has been minimized.
|
See the Recipe and Sources in a Different Repo docs for details. |
|
Looks like we might be able to get the source artifact from |
mnonnenmacher
added a commit
that referenced
this issue
Oct 4, 2021
Do not parse the VCS info from the output of "conan info", because this only ever points to the recipe of the package, but not to the source code. Usually this points to the ConanCenter index [1]. Instead, try to parse the VCS info from the homepage URL of the package. This partly addresses #2037. [1] https://github.com/conan-io/conan-center-index Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 4, 2021
Try to parse the source artifact information for packages from the conandata.yml file in the local repository. Resolves #2037. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Merged
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Do not parse the VCS info from the output of "conan info", because this only ever points to the recipe of the package, but not to the source code. Usually this points to the ConanCenter index [1]. Instead, try to parse the VCS info from the homepage URL of the package. This partly addresses #2037. [1] https://github.com/conan-io/conan-center-index Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Try to parse the source artifact information for packages from the conandata.yml file in the local repository. Resolves #2037. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Do not parse the VCS info from the output of "conan info", because this only ever points to the recipe of the package, but not to the source code. Usually this points to the ConanCenter index [1]. Instead, try to parse the VCS info from the homepage URL of the package. This partly addresses #2037. [1] https://github.com/conan-io/conan-center-index Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Try to parse the source artifact information for packages from the conandata.yml file in the local repository. Resolves #2037. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Do not parse the VCS info from the output of "conan info", because this only ever points to the recipe of the package, but not to the source code. Usually this points to the ConanCenter index [1]. Instead, try to parse the VCS info from the homepage URL of the package. This partly addresses #2037. [1] https://github.com/conan-io/conan-center-index Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Try to parse the source artifact information for packages from the conandata.yml file in the local repository. Resolves #2037. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this issue
Oct 5, 2021
Do not parse the VCS info from the output of "conan info", because this only ever points to the recipe of the package, but not to the source code. Usually this points to the ConanCenter index [1]. Instead, try to parse the VCS info from the homepage URL of the package. This partly addresses #2037. [1] https://github.com/conan-io/conan-center-index Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The VCS location of several Conan dependencies point to repositories which contain only recipes used to publish these packages on Conan Central, but not the actual source code of the packages.
As result the actual sources are not being scanned, see e.g. [1,2,3].
[1] https://bintray.com/conan/conan-center
[2] https://bincrafters.readthedocs.io/en/latest/
[3] https://github.com/bincrafters/conan-protobuf
The text was updated successfully, but these errors were encountered: