Update debian support #1096
Update debian support #1096
Conversation
|
@AyanSinhaMahapatra What is the status of a proper release for SCTK? |
|
@tdruez we're hoping for a release this week 🤞 |
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra
force-pushed
the
update-debian-support
branch
from
2611659 to
f2bdc30
Compare
AyanSinhaMahapatra
left a comment
AyanSinhaMahapatra
left a comment
There was a problem hiding this comment.
Ready for review now. I've rebased this on top of the merged SCTK v32.1.0 now in main.
scanpipe/pipes/rootfs.py
Outdated
| installed_packages = rootfs.get_installed_packages(package_getter) | ||
| for index, (purl, package) in enumerate(installed_packages): | ||
| logger.info(f"Creating package #{index}: {purl}") | ||
| if package.namespace != distro_id: |
There was a problem hiding this comment.
This is related to: #899
In SCTK we are now getting the namespace populated from clues present in package data with this commit and if we don't have any clues we are assigning a defualt value to the namespace which is debian for debian packages.
In SCIO we get distro data from os-release which overrides these values, as they are always correct and takes care of occasional false-positives and default debian cases.
There was a problem hiding this comment.
I updated the logic to only optionally update the namespace when we have multiple namespaces detected among all the packages, as this is when we want to override.
@pombredanne ping also, what do you think?
There was a problem hiding this comment.
What about the distroless case at 486d69e#diff-9fc8547b0afef7ac993fcd0ca883098de99e6b77d53c245e2b87bdf1dbd2ed84L123? Is this correct to make the namespace debian?
There was a problem hiding this comment.
Per https://github.com/GoogleContainerTools/distroless
see https://github.com/GoogleContainerTools/distroless/blob/f55b2b343481f52ef3bde34c8a2f3631a40a36c1/debian_packages.yaml#L75 ... the namespace is debian in all cases.... some deb11 some deb12. Eventually the way to go will be to match these.
There was a problem hiding this comment.
In that case we are good, thanks!
| "version_codename": null, | ||
| "version_id": "9", | ||
| "pretty_name": "Debian GNU/Linux 9 (stretch)", | ||
| "name": "Ubuntu", |
There was a problem hiding this comment.
Here I've updated the os-release file in the basic-rootfs test case to the ubuntu distro file, as the packages detected below seem to be ubuntu packages, and the old example seemed to be wrong. Otherwise the namespaces being overridden from this os-release file seemed to be wrong.
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra
force-pushed
the
update-debian-support
branch
from
f2bdc30 to
3a912f8
Compare
Also updates SCTK to latest develop and aboutcode-org/scancode-toolkit#3682
So it has changes from aboutcode-org/scancode-toolkit#3620 and regenerated test files.