Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix apkdb checksum representation #1247

Merged
merged 1 commit into from
Oct 5, 2022
Merged

Fix apkdb checksum representation #1247

merged 1 commit into from
Oct 5, 2022

Conversation

wagoodman
Copy link
Contributor

The apkdb checksum digest algorithm is currently misleading. Today we always list sha1, however, the apk-tools indicates that two values are possible: md5 and sha1. In the case where the checksum is a sha1 a Q1 value is prepended to the base64 representation of the checksum value.

This PR adds the md5 algorithm indication when found and additionally adds more annotations to the sha1 case to indicate the value has additional processing.

@wagoodman
fix apkdb checksum representation
db0f947 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman requested a review from a team October 5, 2022 18:58
@github-actions
Copy link

github-actions bot commented Oct 5, 2022

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/alpmdb-cataloger-2                    14.6ms ±27%    11.4ms ± 1%  -21.42%  (p=0.008 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.53ms ± 1%    1.34ms ± 9%  -12.94%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            3.88ms ± 1%    3.26ms ± 0%  -16.00%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.27ms ± 1%    1.07ms ± 0%  -15.95%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         881µs ± 2%     752µs ± 2%  -14.71%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                    1.04ms ± 1%    0.88ms ± 0%  -15.25%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                    1.51ms ± 1%    1.27ms ± 1%  -15.67%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      16.8ms ± 0%    14.5ms ± 1%  -14.13%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.42ms ± 1%    1.23ms ± 2%  -13.24%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.56µs ± 2%    2.21µs ± 1%  -13.79%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.56ms ± 1%    1.36ms ± 1%  -13.21%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    812µs ± 1%     702µs ± 0%  -13.47%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/alpmdb-cataloger-2                    5.26MB ± 0%    5.26MB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               202kB ± 0%     202kB ± 0%     ~     (p=0.651 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             945kB ± 0%     945kB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     214kB ± 0%     214kB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         158kB ± 0%     158kB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     203kB ± 0%     203kB ± 0%     ~     (p=0.175 n=5+4)
ImagePackageCatalogers/rpm-db-cataloger-2                     302kB ± 0%     302kB ± 0%     ~     (p=0.421 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.44MB ± 0%    3.44MB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.25MB ± 0%    1.25MB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                369kB ± 0%     369kB ± 0%   -0.08%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    136kB ± 0%     136kB ± 0%     ~     (p=0.690 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/alpmdb-cataloger-2                     85.7k ± 0%     85.7k ± 0%     ~     (p=0.968 n=5+4)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               4.25k ± 0%     4.25k ± 0%     ~     (p=0.333 n=4+5)
ImagePackageCatalogers/python-package-cataloger-2             16.6k ± 0%     16.6k ± 0%     ~     (p=0.516 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     5.53k ± 0%     5.53k ± 0%     ~     (p=0.429 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         3.32k ± 0%     3.32k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     4.60k ± 0%     4.60k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpm-db-cataloger-2                     8.13k ± 0%     8.13k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       57.5k ± 0%     57.5k ± 0%     ~     (p=0.333 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      5.43k ± 0%     5.43k ± 0%     ~     (p=1.000 n=4+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                7.27k ± 0%     7.27k ± 0%     ~     (all equal)
ImagePackageCatalogers/portage-cataloger-2                    3.59k ± 0%     3.59k ± 0%     ~     (all equal)

@wagoodman wagoodman merged commit 48f0a46 into main Oct 5, 2022
@wagoodman wagoodman deleted the fix-apkdb-checksum branch October 5, 2022 20:29
spiffcs added a commit that referenced this pull request Oct 11, 2022
@spiffcs
Merge branch 'main' into 1241-source-relationships
da442ce 
* main:
  refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
  Update syft bootstrap tools to latest versions. (#1254)
  Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
  Update syft bootstrap tools to latest versions. (#1244)
  fix apkdb checksum representation (#1247)
spiffcs added a commit to cpendery/syft that referenced this pull request Oct 11, 2022
@spiffcs
Merge branch 'main' into feat-dups
0a4d187 
* main:
  refactor: Remove experimental Anchore Enterprise upload functionality (anchore#1257)
  Update syft bootstrap tools to latest versions. (anchore#1254)
  Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (anchore#1253)
  Update syft bootstrap tools to latest versions. (anchore#1244)
  fix apkdb checksum representation (anchore#1247)
  feat: add identifiable field to source object (anchore#1243)
  feat: attest support for Singularity images (anchore#1201)
  Update syft bootstrap tools to latest versions. (anchore#1239)
  Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (anchore#1240)
  fix: Follow symlinks when searching for globs in all-layers scope (anchore#1221)
spiffcs added a commit that referenced this pull request Oct 13, 2022
@spiffcs
Merge branch 'main' into kubecon-draft
b6f6c46 
* main: (45 commits)
  feat: add RelationshipsBySourceOwnership to syft json output (#1248)
  fix: reset merged package into map; (#1258)
  refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
  Update syft bootstrap tools to latest versions. (#1254)
  Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
  Update syft bootstrap tools to latest versions. (#1244)
  fix apkdb checksum representation (#1247)
  feat: add identifiable field to source object (#1243)
  feat: attest support for Singularity images (#1201)
  Update syft bootstrap tools to latest versions. (#1239)
  Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240)
  fix: Follow symlinks when searching for globs in all-layers scope (#1221)
  update requires to use list; remove field (#1234)
  Add Conan (C/C++) conan.lock file support (#1230)
  add sequence diagrams and flesh out TODO notes (#1233)
  Do not fail if unable to parse `.rpm` file (#1232)
  fix: support exclude patterns on Windows (#1228)
  Update syft bootstrap tools to latest versions. (#1225)
  Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224)
  Update syft bootstrap tools to latest versions. (#1223)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@wagoodman @aiwantaozi
fix apkdb checksum representation (anchore#1247)
a7cc0da 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@wagoodman @spiffcs
fix apkdb checksum representation (#1247)
9b34fcc 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@wagoodman @spiffcs
fix apkdb checksum representation (#1247)
bbe7ce1 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@wagoodman
fix apkdb checksum representation (anchore#1247)
532cce9 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wagoodman @spiffcs