From 2ec7affff445261c78942e0d07719c91f81f35bb Mon Sep 17 00:00:00 2001
From: nikstur <nikstur@outlook.com>
Date: Fri, 12 Jul 2024 18:08:30 +0200
Subject: [PATCH 1/2] transformer: de-duplicate components from vendored SBOMs

---
 rust/transformer/src/cyclonedx.rs | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/rust/transformer/src/cyclonedx.rs b/rust/transformer/src/cyclonedx.rs
index 59dacdd..c104066 100644
--- a/rust/transformer/src/cyclonedx.rs
+++ b/rust/transformer/src/cyclonedx.rs
@@ -1,3 +1,4 @@
+use std::collections::BTreeMap;
 use std::convert::Into;
 use std::fs;
 use std::path::Path;
@@ -84,15 +85,35 @@ impl CycloneDXComponents {
 
     /// Extend the `Components` with components read from multiple BOMs inside a directory.
     pub fn extend_from_directory(&mut self, path: impl AsRef<Path>) -> Result<()> {
+        let mut m = BTreeMap::new();
+
+        // Insert the components from the original SBOM
+        for component in self.0 .0.clone() {
+            let key = component
+                .bom_ref
+                .clone()
+                .unwrap_or_else(|| component.name.to_string());
+            m.entry(key).or_insert(component);
+        }
+
+        // Add the components from the vendored SBOMs
         for entry in fs::read_dir(&path)
             .with_context(|| format!("Failed to read {:?}", path.as_ref()))?
             .flatten()
         {
             let bom = CycloneDXBom::from_file(entry.path())?;
-            if let Some(component) = bom.components() {
-                self.0 .0.extend(component.0);
+            if let Some(components) = bom.components() {
+                for component in components.0 {
+                    let key = component
+                        .bom_ref
+                        .clone()
+                        .unwrap_or_else(|| component.name.to_string());
+                    m.entry(key).or_insert(component);
+                }
             }
         }
+
+        self.0 .0 = m.into_values().collect();
         Ok(())
     }
 }

From e3ca2d8810d795ba1b1d9aa19cacb83f28e5e09c Mon Sep 17 00:00:00 2001
From: nikstur <nikstur@outlook.com>
Date: Fri, 12 Jul 2024 18:08:13 +0200
Subject: [PATCH 2/2] tests: add passthruRust test using cloud-hypervisor

---
 flake.nix             | 2 +-
 nix/tests/default.nix | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index d75ae2b..1ea2d30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -79,7 +79,7 @@
             nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.rustfmt ];
             checkPhase = "cargo fmt --check";
           });
-        } // import ./nix/tests { inherit pkgs buildBom; };
+        } // import ./nix/tests { inherit pkgs buildBom passthruVendoredSbom; };
 
         pre-commit = {
           check.enable = true;
diff --git a/nix/tests/default.nix b/nix/tests/default.nix
index c9b33a3..cbac4bd 100644
--- a/nix/tests/default.nix
+++ b/nix/tests/default.nix
@@ -1,8 +1,11 @@
 { pkgs
 , buildBom
+, passthruVendoredSbom
 }:
 
 let
+  rustPassthru = pkg: pkgs.callPackage (passthruVendoredSbom.rust pkg) { };
+
   buildtimeOptions = { includeBuildtimeDependencies = true; };
 
   # This list cannot grow indefinitely because building a Bom requires all
@@ -24,6 +27,9 @@ let
 
     { name = "git-extra-paths"; drv = git; options = { extraPaths = [ poetry ]; }; }
     { name = "git-extra-paths-buildtime"; drv = git; options = buildtimeOptions // { extraPaths = [ poetry ]; }; }
+
+    { name = "cloud-hypervisor"; drv = rustPassthru cloud-hypervisor; options = { }; }
+    { name = "cloud-hypervisor"; drv = rustPassthru cloud-hypervisor; options = buildtimeOptions; }
   ];
 
   cycloneDxSpec = pkgs.fetchFromGitHub {