Skip to content

Fix namespace detection from distro IDs#3770

Open
AyanSinhaMahapatra wants to merge 4 commits intodevelopfrom
fix-rpm-namespace
Open

Fix namespace detection from distro IDs#3770
AyanSinhaMahapatra wants to merge 4 commits intodevelopfrom
fix-rpm-namespace

Conversation

@AyanSinhaMahapatra
Copy link
Member

@AyanSinhaMahapatra AyanSinhaMahapatra commented May 8, 2024
edited
Loading

Update debian, rpm and alpine package assembly to get
distro identifier and then set this properly to
created package, dependency and package_uid instances.

Fixes #3443

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
    Run tests locally to check for errors.
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Updated documentation pages (if applicable)
  • Updated CHANGELOG.rst (if applicable)

@AyanSinhaMahapatra
Detect distro files in system package scans
e0a985a 
In docker image/other rootfs scans with SCIO we are always
scanning for system packages before we scan for application
packages, and we were not being able to use the distro
information as this was being detected in application
package scans happening later. So in this commit we are
also adding os-release file parser to system package handler.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra
Parse and set namespace from distro ID correctly
c9b9175 
Update debian, rpm and alpine package assembly to get
distro identifier and then set this properly to
created package, dependency and package_uid instances.

Reference: #3443
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra
Update default package type for alpine apk packages
8797c9f 
Reference: #3726
Reference: package-url/purl-spec#171
Reference: package-url/purl-spec#159
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra
Fix namespace assignment from distro ID
4c9e044 
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
pombredanne
pombredanne requested changes May 8, 2024
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!
But this still does not match the PURL spec at https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#apk

pombredanne
pombredanne requested changes May 9, 2024
View reviewed changes
src/packagedcode/distro.py
pretty_name = distro.pretty_name and distro.pretty_name.lower() or ''

# TODO: It is misleading to use package data fields
# name and namespace to store distro/os infomration,
Copy link
Member

@pombredanne pombredanne May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

infomration -> information

src/packagedcode/distro.py
# we should consider using extra_data fields instead.

if distro_identifier == 'debian':
namespace = 'debian'
Copy link
Member

@pombredanne pombredanne May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure there is no namespace?

pombredanne
pombredanne requested changes May 28, 2024
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we always need a default repo... here alpine for apk
For RPMs, we have and should be able to derive the distro from the vendor or distribution RPM metadata and map that to a proper namespace

...ckagedcode/data/alpine/apkbuild-problems/alpine14/community/bluedevil/APKBUILD-expected.json
"api_data_url": null,
"datasource_id": "alpine_apkbuild",
"purl": "pkg:alpine/[email protected]"
"purl": "pkg:apk/[email protected]"
Copy link
Member

@pombredanne pombredanne May 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"purl": "pkg:apk/[email protected]"
"purl": "pkg:apk/alpine/[email protected]"

@pombredanne
Copy link
Member

pombredanne commented Jun 17, 2024

@AyanSinhaMahapatra gentle ping... I would like to merge this soon enough

@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this pull request Jul 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pombredanne pombredanne pombredanne requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

distro is passed as None for RPM packages

2 participants

@AyanSinhaMahapatra @pombredanne