Merge pull request #1750 from GoogleContainerTools/update-security-info

loosebazooka · web-flow · commit 46f693a0c784 · 2025-02-10T11:38:14.000-05:00
Make it easier to find deb versions
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,7 +4,7 @@
 
 Distroless currently tracks debian 12 ([bookworm](https://packages.debian.org/bookworm)) packages.
 
-Debian tracking information at https://github.com/GoogleContainerTools/distroless/blob/main/debian_archives.bzl and generally is updated within 48 hours of debian publishing an update.
+Debian package versions used for the current build are found in https://github.com/GoogleContainerTools/distroless/blob/main/private/repos/deb. It can be parsed and printed into simple json data by invoking `./knife deb-versions` at the root of this project.
 
 ## Reporting a Vulnerability
 
diff --git a/knife b/knife
@@ -157,6 +157,12 @@ function cmd_test () {
     bazel test --test_timeout=900 //... $arch_specific_targets
 }
 
+function cmd_deb_versions () {
+    echo "🔧 Printing .deb Versions (bookworm) from private/repos/deb/bookworm*.lock.json"
+    echo ""
+
+    jq -n '[inputs.packages[]] | group_by(.arch) | map({(.[0].arch): map({package: .name, version: .version})})' private/repos/deb/bookworm*.lock.json
+}
 
 case "${1:-"~~nocmd"}" in
 lock)
@@ -177,8 +183,11 @@ test)
 update-java-archives)
     cmd_update_java_archives
     ;;
+deb-versions)
+    cmd_deb_versions
+    ;;
 ~~nocmd) # no command provided
-    echo "provide a command: lock, update-snapshots, github-update-snapshots, update-java-archives, test"
+    echo "provide a command: lock, update-snapshots, github-update-snapshots, update-java-archives, test, deb-versions"
     exit 1
     ;;
 *) # unknown command
