adding rpm architecture of to our maps, so 32 bit and 64 bit rpms do …

…not fail has modified files check Signed-off-by: Adam D. Cornett <adc@redhat.com>
redhat-openshift-ecosystem · Jul 24, 2023 · 582e8b5 · 582e8b5
1 parent b4ad7f3
commit 582e8b5
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 6 deletions.
diff --git a/internal/policy/container/has_modified_files.go b/internal/policy/container/has_modified_files.go
@@ -235,13 +235,23 @@ func (p *HasModifiedFilesCheck) validate(ctx context.Context, layerIDs []string,
 				disallowedModifications = true
 				continue
 			}
-			// Check that release contains the same arch and OS release
+
+			// Check that release contains the same arch, this is to ensure that a package did not get rebuilt with
+			// a different architecture
 			previousOsRelease := strings.Contains(previousPackage.Release, packageDist)
 			currentOsRelease := strings.Contains(currentPackage.Release, packageDist)
 
-			if (previousOsRelease && !currentOsRelease) || (previousPackage.Arch != currentPackage.Arch) {
-				// If either of these differ, that's a fail
-				return false, nil
+			if previousOsRelease && !currentOsRelease {
+				logger.V(log.DBG).Info("mismatch in OS release", "file", modifiedFile)
+				disallowedModifications = true
+				continue
+			}
+
+			// Check that the architectures for previous version and current version of a given package match
+			if previousPackage.Arch != currentPackage.Arch {
+				logger.V(log.DBG).Info("mismatch in package architecture", "file", modifiedFile)
+				disallowedModifications = true
+				continue
 			}
 
 			// This appears like an update. This is allowed.
@@ -274,7 +284,7 @@ func (p HasModifiedFilesCheck) Metadata() check.Metadata {
 func extractPackageNameVersionRelease(pkgList []*rpmdb.PackageInfo) map[string]packageMeta {
 	pkgNameList := make(map[string]packageMeta, len(pkgList))
 	for _, pkg := range pkgList {
-		pkgNameList[fmt.Sprintf("%s-%s-%s", pkg.Name, pkg.Version, pkg.Release)] = packageMeta{
+		pkgNameList[strings.Join([]string{pkg.Name, pkg.Version, pkg.Release, pkg.Arch}, "-")] = packageMeta{
 			Name:        pkg.Name,
 			Version:     pkg.Version,
 			Release:     pkg.Release,
@@ -387,6 +397,7 @@ func installedFileMapWithExclusions(ctx context.Context, pkglist []*rpmdb.Packag
 		rpmdb.RPMFILE_ARTIFACT |
 		rpmdb.RPMFILE_GHOST
 	m := map[string]string{}
+
 	for _, pkg := range pkglist {
 		files, err := pkg.InstalledFiles()
 		if err != nil {
@@ -403,9 +414,15 @@ func installedFileMapWithExclusions(ctx context.Context, pkglist []*rpmdb.Packag
 				// It is either an explicitly excluded path or directory. Skip it.
 				continue
 			}
-			m[normalized] = fmt.Sprintf("%s-%s-%s", pkg.Name, pkg.Version, pkg.Release)
+
+			// if a file is already in the list it means it's already owned by one architecture, so we can ignore it for
+			// any other architecture
+			if _, ok := m[normalized]; !ok {
+				m[normalized] = strings.Join([]string{pkg.Name, pkg.Version, pkg.Release, pkg.Arch}, "-")
+			}
 		}
 	}
+
 	return m, nil
 }
 

diff --git a/internal/policy/container/has_modified_files_test.go b/internal/policy/container/has_modified_files_test.go
@@ -243,6 +243,37 @@ var _ = Describe("HasModifiedFiles", func() {
 				Expect(ok).To(BeFalse())
 			})
 		})
+		When("the package architecture changes", func() {
+			var pkgs map[string]packageFilesRef
+			BeforeEach(func() {
+				pkgs = pkgRef
+
+				pkgSecondLayerPackageFiles := pkgs["secondlayer"].LayerPackageFiles
+				delete(pkgSecondLayerPackageFiles, "this")
+				pkgSecondLayerPackageFiles["this"] = "foo-1.0-1.d10"
+
+				pkgSecondLayerPackages := pkgs["secondlayer"].LayerPackages
+				delete(pkgSecondLayerPackages, "foo-1.0-1.d9")
+				pkgSecondLayerPackages["foo-1.0-1.d10"] = packageMeta{
+					Name:    "foo",
+					Version: "1.0",
+					Release: "1.d9",
+					Arch:    "differentarch",
+				}
+
+				pkgs["secondlayer"] = packageFilesRef{
+					LayerPackages:     pkgSecondLayerPackages,
+					LayerPackageFiles: pkgSecondLayerPackageFiles,
+					LayerFiles:        append(pkgs["secondlayer"].LayerFiles, "this"),
+					HasRPMDB:          true,
+				}
+			})
+			It("should fail because of different architectures dist", func() {
+				ok, err := hasModifiedFiles.validate(context.Background(), layers, pkgs, dist)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(ok).To(BeFalse())
+			})
+		})
 		When("release dist does not match installed OS", func() {
 			When("package is a net-new", func() {
 				When("a file is modified", func() {