Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add support for RPM DB package relationships #2872

Merged
merged 1 commit into from
May 14, 2024
Merged

Add support for RPM DB package relationships #2872

merged 1 commit into from
May 14, 2024

Conversation

wagoodman
Copy link
Contributor

Related to #572

Adds support for tracking RPM to RPM dependencies (from an RPM DB, not from RPM files) as package relationships.

Note: there are several cases where package evidence seems to support self-referential dependencies (e.g. bash depends on bash) however, the RPM/yum/dnf tooling does not support this conclusion. For this reason this cataloger will prune all self-referential RPM DB package relationships.

@wagoodman wagoodman added the enhancement New feature or request label May 14, 2024
@wagoodman wagoodman requested a review from a team May 14, 2024 16:22
@wagoodman wagoodman self-assigned this May 14, 2024
@github-actions github-actions bot added the json-schema Changes the json schema label May 14, 2024
@wagoodman
add support for RPM DB package relationships
649b8dc 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman force-pushed the add-rpm-db-relationships branch from 1c0345e to 649b8dc Compare May 14, 2024 16:33
@wagoodman wagoodman marked this pull request as ready for review May 14, 2024 16:33
@wagoodman wagoodman mentioned this pull request May 14, 2024
Open
42 tasks
spiffcs
spiffcs approved these changes May 14, 2024
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 🟢

Just had a question about how we're doing the allocation for relationship filtering here

syft/pkg/cataloger/redhat/cataloger.go
func denySelfReferences(pkgs []pkg.Package, rels []artifact.Relationship, err error) ([]pkg.Package, []artifact.Relationship, error) {
// it can be common for dependency evidence to be self-referential (e.g. bash depends on bash), which is not useful
// for the dependency graph, thus we remove these cases
for i := 0; i < len(rels); i++ {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that we're decrementing i to account for the filter. Are we doing the loop this way to avoid doubling the relationship allocations?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exactly -- if there are no self referential package relationships then we aren't allocating another slice

@wagoodman wagoodman merged commit 7ad7627 into main May 14, 2024
11 checks passed
@wagoodman wagoodman deleted the add-rpm-db-relationships branch May 14, 2024 17:48
@BrewTestBot BrewTestBot mentioned this pull request May 28, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request json-schema Changes the json schema
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wagoodman @spiffcs