lix-community/nix-security-tracker
0
0
Fork 0
Code Issues 94 Pull requests 9 Projects Releases Packages Wiki Activity

Search for derivations #215

New issue
Open
opened 2024-09-27 00:17:12 +00:00 by fricklerhandwerk · 2 comments
fricklerhandwerk commented 2024-09-27 00:17:12 +00:00 (Migrated from github.com)
Copy link

As a user of the security tracker, I want to be able to search for particular derivations.

Acceptance criteria

Given I have an attribute path for a package in Nixpkgs,
When I enter that string into a dialog,
Then details and further interaction options for packages matching that search term are displayed.

Implementation notes

  • In the future, we might want to implement a more sophisticated search, which performs a text search on package metadata a-la search.nixos.org
    • API endpoint that will return matches on attribute paths
      • Return streamed results as html list elements <li> ... </li> on each character (debounced on the frontend)
As a user of the security tracker, I want to be able to search for particular derivations. ## Acceptance criteria Given I have an attribute path for a package in Nixpkgs, When I enter that string into a dialog, Then details and further interaction options for packages matching that search term are displayed. ## Implementation notes - In the future, we might want to implement a more sophisticated search, which performs a text search on package metadata a-la search.nixos.org - API endpoint that will return matches on attribute paths - Return streamed results as html list elements `<li> ... </li>` on each character (debounced on the frontend)
yannham commented 2025-05-05 12:54:52 +00:00 (Migrated from github.com)
Copy link

Naive question: can't we just reuse search.nixos.org in one way or another (including updating the latter if needed to expose some kind of API)? I remember when Rok and other people implemented search.nixos.org, I think it's not trivial to do efficiently; duplicating this work on the sec tracker would be a bit sad.

Naive question: can't we just reuse search.nixos.org in one way or another (including updating the latter if needed to expose some kind of API)? I remember when Rok and other people implemented search.nixos.org, I think it's not trivial to do efficiently; duplicating this work on the sec tracker would be a bit sad.
RaitoBezarius commented 2025-05-05 13:41:30 +00:00 (Migrated from github.com)
Copy link

That website uses an externally donated Elastic Search instance I believe.

Plus it doesn't fit the needs for the queries used in this project.

So it's a matter of choosing whether to redeploy ELK, reuse PGSQL native
FTS engine or something else.

Le lun. 5 mai 2025, 14:55, Yann Hamdaoui @.***> a
écrit :

yannham left a comment (Nix-Security-WG/nix-security-tracker#215)
https://github.com/Nix-Security-WG/nix-security-tracker/issues/215#issuecomment-2850906304

Naive question: can't we just reuse search.nixos.org in one way or
another (including updating the latter if needed to expose some kind of
API)? I remember when Rok and other people implemented search.nixos.org,
I think it's not trivial to do efficiently; duplicating this work on the
sec tracker would be a bit sad.


Reply to this email directly, view it on GitHub
https://github.com/Nix-Security-WG/nix-security-tracker/issues/215#issuecomment-2850906304,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AACMZRFGFCL2LDFVV6MBPGL245NTDAVCNFSM6AAAAABO6CX4PWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDQNJQHEYDMMZQGQ
.
You are receiving this because you were assigned.Message ID:
@.***>

That website uses an externally donated Elastic Search instance I believe. Plus it doesn't fit the needs for the queries used in this project. So it's a matter of choosing whether to redeploy ELK, reuse PGSQL native FTS engine or something else. Le lun. 5 mai 2025, 14:55, Yann Hamdaoui ***@***.***> a écrit : > *yannham* left a comment (Nix-Security-WG/nix-security-tracker#215) > <https://github.com/Nix-Security-WG/nix-security-tracker/issues/215#issuecomment-2850906304> > > Naive question: can't we just reuse search.nixos.org in one way or > another (including updating the latter if needed to expose some kind of > API)? I remember when Rok and other people implemented search.nixos.org, > I think it's not trivial to do efficiently; duplicating this work on the > sec tracker would be a bit sad. > > — > Reply to this email directly, view it on GitHub > <https://github.com/Nix-Security-WG/nix-security-tracker/issues/215#issuecomment-2850906304>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AACMZRFGFCL2LDFVV6MBPGL245NTDAVCNFSM6AAAAABO6CX4PWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDQNJQHEYDMMZQGQ> > . > You are receiving this because you were assigned.Message ID: > ***@***.***> >
👍 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
npins-auto-update
No results found.
Labels
Clear labels   
automation

   
backend

something the web server needs to provide the frontend with

  
bug

Something isn't working

  
contributor experience

   
data

something about quality or quantity of ingested data

  
deployment

   
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
nice to have

Nice to have, but not necessary for the time being

  
notifications

   
package maintainer

user story for package maintainers

  
performance

   
skin

Anything related to the visual presentation

  
tech debt

Activities that reduce tech debt

  
user story

description or implementation of a workflow

No labels
automation
backend
bug
contributor experience
data
deployment
documentation
duplicate
good first issue
help wanted
nice to have
notifications
package maintainer
performance
skin
tech debt
user story
Milestone
Clear milestone
No items
No milestone
4 Notifications
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-community/nix-security-tracker#215
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?