-
Notifications
You must be signed in to change notification settings - Fork 531
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update package verification fields for DPKG #375
Conversation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
if version != "" { | ||
entry.SourceVersion = version | ||
entry.Source = name | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for my clarification only, this means that if version is empty, we don't want to capture the name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good question --I only migrated this part of the code (already existed in this file). Looks like it was added in #297 ... maybe an oversight?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't catch that this was migrated over. No strong opinions here, just that this looked odd. If you think this shouldn't get a bit reworked that's fine. If in doubt though, I'd recommend opening up a ticket to look at this later on (no need to block this PR on this)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is also good to go, I think that the dpkg source+version situation needs at least an issue.
@alfredodeza created #377 |
…ds-dpkg Update package verification fields for DPKG
This PR implements the suggested improvements from #371 (comment), specifically:
conffile
listing to thefiles
field, combining information from both the status file and the info/conffilemd5
field todigest
, with subfieldsvalue
andalgorithm
DpkgMetadata
changes (which is a partially breaking change)artifacts.metadata
anyOf
clause was being generated incorrectly, resulting in an always-passing validation --this was fixed as well.Partially addresses #371