Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for dependency relationships for alpine (apk) #1063

Merged
merged 12 commits into from
Nov 9, 2022
Merged

Add support for dependency relationships for alpine (apk) #1063

merged 12 commits into from
Nov 9, 2022

Conversation

luhring
Copy link
Contributor

@luhring luhring commented Jun 24, 2022
edited by wagoodman
Loading

Partially addresses #572

@tgerla tgerla assigned tgerla and unassigned luhring Aug 11, 2022
@spiffcs spiffcs marked this pull request as ready for review August 18, 2022 19:35
@spiffcs
Copy link
Contributor

spiffcs commented Aug 18, 2022

@tgerla I took this out of draft - if you push your changes I can review

@tgerla tgerla requested a review from spiffcs August 30, 2022 20:18
@tgerla
Copy link
Contributor

tgerla commented Aug 30, 2022

Hi @spiffcs (and anyone else interested) -- I think this one is ready to go. Can you please review my last commit, "adjust test conditions"? I think I've updated the test correctly, but I am Go noob.

kzantow
kzantow reviewed Aug 30, 2022
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like there are a couple // TODOs that might be important to fill out on this one -- what do you think?

syft/pkg/apk_metadata.go Outdated Show resolved Hide resolved
syft/pkg/cataloger/apkdb/parse_apk_db.go Outdated Show resolved Hide resolved
syft/pkg/cataloger/apkdb/parse_apk_db.go Outdated Show resolved Hide resolved
spiffcs
spiffcs reviewed Sep 19, 2022
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a question about schema change procedure as well as separator being used. When we settle on the right separator we might want to add a quick test to be sure the split is behaving correctly.

Also small nit on the strings usage

splits := strings.Split(provides, "=")
if strings.Contains(splits[0], "=") {
    // protect against unsuccesful split
}

syft/pkg/apk_metadata.go Outdated Show resolved Hide resolved
syft/pkg/cataloger/apkdb/parse_apk_db.go Outdated Show resolved Hide resolved
@wagoodman
Copy link
Contributor

@tgerla it looks like there may be more things that were not originally in scope that need to be considered as part of this PR. It looks like the https://wiki.alpinelinux.org/wiki/Apk_spec page got a really healthy update over the last few months to help interpret an APK index vs installed DB file, which will be really helpful for determining the missing bits. I'd be happy to pair on this.

@wagoodman wagoodman self-assigned this Oct 5, 2022
kzantow
kzantow approved these changes Oct 6, 2022
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few non-blocking questions...

syft/pkg/apk_metadata.go Show resolved Hide resolved
test/integration/encode_decode_cycle_test.go Outdated Show resolved Hide resolved
test/integration/encode_decode_cycle_test.go Outdated Show resolved Hide resolved
syft/pkg/cataloger/apkdb/parse_apk_db.go Outdated Show resolved Hide resolved
@wagoodman wagoodman mentioned this pull request Oct 21, 2022
Merged
luhring and others added 9 commits November 9, 2022 09:52
@luhring @wagoodman
Fix type of pull deps and add support for provides
de5e022 
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
@wagoodman
[wip] apk dependency lookup
659a590 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@spiffcs @wagoodman
update whitespace for linter
6d9c4c0 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@tgerla @wagoodman
adjust test conditions
06c72cf 
Signed-off-by: Timothy Gerla <tim@gerla.net>
@tgerla @wagoodman
fix TODOs and improve Provides parser
d935e97
@spiffcs @wagoodman
run simports after main merge
10ae8d6 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@wagoodman
add tests to cover apk relationship parsing cases
96e8977 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
generate JSON schema for breaking changes to apk metadata
b71bd10 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
update tests to account for additional dependencies
b5423bd 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
[wip] fix relationship encoding for cyclonedx
5c4c10a 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
Merge remote-tracking branch 'origin/main' into apk-dependencies
635afb7 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
simplify package relationships that can be expressed
d7858c7 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman enabled auto-merge (squash) November 9, 2022 15:28
@wagoodman wagoodman merged commit 949cff1 into anchore:main Nov 9, 2022
This was referenced Nov 15, 2022
Merged
Merged
@wagoodman wagoodman added the enhancement New feature or request label Dec 6, 2022
@luhring
Copy link
Contributor Author

luhring commented Jan 19, 2023

This one should not have been squashed 😄

@luhring luhring mentioned this pull request Jan 19, 2023
Merged
@wagoodman wagoodman mentioned this pull request Oct 10, 2023
Open
38 tasks
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@luhring @wagoodman
@spiffcs @tgerla
Add support for dependency relationships for alpine (apk) (anchore#1063)
21ae6d9 
* Fix type of pull deps and add support for provides

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* [wip] apk dependency lookup

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update whitespace for linter

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* adjust test conditions

Signed-off-by: Timothy Gerla <tim@gerla.net>

* fix TODOs and improve Provides parser

* run simports after main merge

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* add tests to cover apk relationship parsing cases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* generate JSON schema for breaking changes to apk metadata

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update tests to account for additional dependencies

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* [wip] fix relationship encoding for cyclonedx

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* simplify package relationships that can be expressed

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Timothy Gerla <tim@gerla.net>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Timothy Gerla <tim@gerla.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgerla tgerla tgerla left review comments

@kzantow kzantow kzantow approved these changes

@spiffcs spiffcs spiffcs left review comments

@wagoodman wagoodman Awaiting requested review from wagoodman

Assignees

@tgerla tgerla

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@luhring @spiffcs @tgerla @wagoodman @kzantow