From e46c6dbb2007b80ac6445a9343c48625bacc1de8 Mon Sep 17 00:00:00 2001
From: Appu Goundan <appu@google.com>
Date: Fri, 7 Feb 2025 15:55:54 -0500
Subject: [PATCH] Make it easier to find deb versions

Signed-off-by: Appu Goundan <appu@google.com>
---
 SECURITY.md |  2 +-
 knife       | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 6fcd298ac..a6b6173e6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@
 
 Distroless currently tracks debian 12 ([bookworm](https://packages.debian.org/bookworm)) packages.
 
-Debian tracking information at https://github.com/GoogleContainerTools/distroless/blob/main/debian_archives.bzl and generally is updated within 48 hours of debian publishing an update.
+Debian package versions used for the current build are found in https://github.com/GoogleContainerTools/distroless/blob/main/private/repos/deb. It can be parsed and printed into simple json data by invoking `./knife deb-versions` at the root of this project.
 
 ## Reporting a Vulnerability
 
diff --git a/knife b/knife
index aafacc4df..4509f7c3f 100755
--- a/knife
+++ b/knife
@@ -157,6 +157,12 @@ function cmd_test () {
     bazel test --test_timeout=900 //... $arch_specific_targets
 }
 
+function cmd_deb_versions () {
+    echo "🔧 Printing .deb Versions (bookworm) from private/repos/deb/bookworm*.lock.json"
+    echo ""
+
+    jq -n '[inputs.packages[]] | group_by(.arch) | map({(.[0].arch): map({package: .name, version: .version})})' private/repos/deb/bookworm*.lock.json
+}
 
 case "${1:-"~~nocmd"}" in
 lock)
@@ -177,8 +183,11 @@ test)
 update-java-archives)
     cmd_update_java_archives
     ;;
+deb-versions)
+    cmd_deb_versions
+    ;;
 ~~nocmd) # no command provided
-    echo "provide a command: lock, update-snapshots, github-update-snapshots, update-java-archives, test"
+    echo "provide a command: lock, update-snapshots, github-update-snapshots, update-java-archives, test, deb-versions"
     exit 1
     ;;
 *) # unknown command