search

eclipse-dash / dash-licenses

Extract license information from content.
http://projects.eclipse.org/projects/technology.dash
Eclipse Public License 2.0
47 stars 33 forks source link

Support the Conan C/C++ Package Manager #326

Open waynebeaton opened 6 months ago

waynebeaton commented 6 months ago

Conan is used by at least some Eclipse project teams.

AFAICT, Conan has a means of generating a dependency graph output (conan graph info) that we can theoretically parse to get a list of dependencies.

I haven't investigated how we find metadata from this information. I presume that there is a means to get pointers to the software repository, and that there is a means to obtain metadata about components.

Based on some cursory research, it does not appear that that there is an official Package URL format for Conan v2 (and some scepticism about the v1 format).

AFAICT, Conan a notion of user which stands in for the namespace. I presume that this is a means by which we can map to a software repository. I found these examples.

OpenSSL/1.1.1@conan/stable
CLI11/1.6.1@cliutils/stable
CTRE/2.1@ctre/stable
Expat/2.2.5@pix4d/stable
FakeIt/2.0.5@gasuketsu/stable
Poco/1.9.0@pocoproject/stable
c-blosc/v1.14.4@francescalted/stable

I don't see any issues in the ClearlyDefined repository discussing their ID format for Conan. I assume that it may look something like this:

Expat/2.2.5@pix4d/stable => conan/??/pix4d/Expat/2.2.5

I'm not at all certain what the source (second field) should be. Is there a central repository? Maybe it's just conan or conan.io. This discussion (when we're ready to have it) should happen in the ClearlyDefined issue tracker.