Skip to content

Commit 5255087

Browse files
authored
Merge pull request #1736 from luhring/sbom-dir-src-log-warn
chore(sbom): resolve warning for directory source
2 parents e3c1d4b + 6e67550 commit 5255087

25 files changed

+40
-3
lines changed

pkg/sbom/sbom.go

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -116,18 +116,31 @@ func Generate(ctx context.Context, inputFilePath string, f io.Reader, distroID s
116116
}
117117
log.Debug("synthesized APK package for SBOM", "name", apkPackage.Name, "version", apkPackage.Version, "id", string(apkPackage.ID()))
118118

119+
syft.SetLogger(anchorelogger.NewSlogAdapter(log.Base()))
120+
121+
apkPackageMetadata, ok := apkPackage.Metadata.(pkg.ApkDBEntry)
122+
if !ok {
123+
return nil, fmt.Errorf("expected APK package metadata to be of type pkg.ApkDBEntry, got %T", apkPackage.Metadata)
124+
}
125+
126+
// Syft logs a scary (but inconsequential) warning if we don't supply an "alias" -- an explicit way to identify the directory source.
127+
alias := source.Alias{
128+
Name: fmt.Sprintf("%s/%s", apkPackageMetadata.Architecture, apkPackageMetadata.Package),
129+
Version: apkPackageMetadata.Version,
130+
Supplier: "chainguard",
131+
}
132+
119133
src, err := directorysource.New(
120134
directorysource.Config{
121-
Path: tempDir,
135+
Path: tempDir,
136+
Alias: alias,
122137
},
123138
)
124139
if err != nil {
125140
return nil, fmt.Errorf("failed to create source from directory: %w", err)
126141
}
127142
log.Debug("created Syft source from directory", "description", src.Describe())
128143

129-
syft.SetLogger(anchorelogger.NewSlogAdapter(log.Base()))
130-
131144
cfg := syft.DefaultCreateSBOMConfig().WithCatalogerSelection(
132145
pkgcataloging.NewSelectionRequest().WithDefaults(
133146
pkgcataloging.ImageTag,

pkg/sbom/testdata/goldenfiles/aarch64/crane-0.19.1-r6.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -786,6 +786,7 @@
786786
"id": "(redacted for determinism)",
787787
"name": "crane",
788788
"version": "0.19.1-r6",
789+
"supplier": "chainguard",
789790
"type": "directory",
790791
"metadata": {
791792
"path": "testdata/apks/aarch64/crane-0.19.1-r6.apk"

pkg/sbom/testdata/goldenfiles/aarch64/jenkins-2.461-r0.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115116,6 +115116,7 @@
115116115116
"id": "(redacted for determinism)",
115117115117
"name": "jenkins",
115118115118
"version": "2.461-r0",
115119+
"supplier": "chainguard",
115119115120
"type": "directory",
115120115121
"metadata": {
115121115122
"path": "testdata/apks/aarch64/jenkins-2.461-r0.apk"

pkg/sbom/testdata/goldenfiles/aarch64/jruby-9.4-9.4.7.0-r0.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98163,6 +98163,7 @@
9816398163
"id": "(redacted for determinism)",
9816498164
"name": "jruby-9.4",
9816598165
"version": "9.4.7.0-r0",
98166+
"supplier": "chainguard",
9816698167
"type": "directory",
9816798168
"metadata": {
9816898169
"path": "testdata/apks/aarch64/jruby-9.4-9.4.7.0-r0.apk"

pkg/sbom/testdata/goldenfiles/aarch64/openjdk-21-21.0.3-r3.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -196,6 +196,7 @@
196196
"id": "(redacted for determinism)",
197197
"name": "openjdk-21",
198198
"version": "21.0.3-r3",
199+
"supplier": "chainguard",
199200
"type": "directory",
200201
"metadata": {
201202
"path": "testdata/apks/aarch64/openjdk-21-21.0.3-r3.apk"

pkg/sbom/testdata/goldenfiles/aarch64/openssl-3.3.0-r8.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,7 @@
128128
"id": "(redacted for determinism)",
129129
"name": "openssl",
130130
"version": "3.3.0-r8",
131+
"supplier": "chainguard",
131132
"type": "directory",
132133
"metadata": {
133134
"path": "testdata/apks/aarch64/openssl-3.3.0-r8.apk"

pkg/sbom/testdata/goldenfiles/aarch64/perl-yaml-syck-1.34-r3.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,7 @@
171171
"id": "(redacted for determinism)",
172172
"name": "perl-yaml-syck",
173173
"version": "1.34-r3",
174+
"supplier": "chainguard",
174175
"type": "directory",
175176
"metadata": {
176177
"path": "testdata/apks/aarch64/perl-yaml-syck-1.34-r3.apk"

pkg/sbom/testdata/goldenfiles/aarch64/php-odbc-8.2.11-r1.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,7 @@
132132
"id": "(redacted for determinism)",
133133
"name": "php-odbc",
134134
"version": "8.2.11-r1",
135+
"supplier": "chainguard",
135136
"type": "directory",
136137
"metadata": {
137138
"path": "testdata/apks/aarch64/php-odbc-8.2.11-r1.apk"

pkg/sbom/testdata/goldenfiles/aarch64/powershell-7.4.1-r0.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5549,6 +5549,7 @@
55495549
"id": "(redacted for determinism)",
55505550
"name": "powershell",
55515551
"version": "7.4.1-r0",
5552+
"supplier": "chainguard",
55525553
"type": "directory",
55535554
"metadata": {
55545555
"path": "testdata/apks/aarch64/powershell-7.4.1-r0.apk"

pkg/sbom/testdata/goldenfiles/aarch64/py3-poetry-core-1.9.0-r1.apk.syft.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2495,6 +2495,7 @@
24952495
"id": "(redacted for determinism)",
24962496
"name": "py3-poetry-core",
24972497
"version": "1.9.0-r1",
2498+
"supplier": "chainguard",
24982499
"type": "directory",
24992500
"metadata": {
25002501
"path": "testdata/apks/aarch64/py3-poetry-core-1.9.0-r1.apk"

0 commit comments

Comments
 (0)