Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for RPM DB package relationships #2872

Merged
merged 1 commit into from
May 14, 2024

Conversation

wagoodman
Copy link
Contributor

Related to #572

Adds support for tracking RPM to RPM dependencies (from an RPM DB, not from RPM files) as package relationships.

Note: there are several cases where package evidence seems to support self-referential dependencies (e.g. bash depends on bash) however, the RPM/yum/dnf tooling does not support this conclusion. For this reason this cataloger will prune all self-referential RPM DB package relationships.

@wagoodman wagoodman added the enhancement New feature or request label May 14, 2024
@wagoodman wagoodman requested a review from a team May 14, 2024 16:22
@wagoodman wagoodman self-assigned this May 14, 2024
@github-actions github-actions bot added the json-schema Changes the json schema label May 14, 2024
@wagoodman wagoodman force-pushed the add-rpm-db-relationships branch from 1c0345e to 649b8dc Compare May 14, 2024 16:33
@wagoodman wagoodman marked this pull request as ready for review May 14, 2024 16:33
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 🟢

Just had a question about how we're doing the allocation for relationship filtering here

func denySelfReferences(pkgs []pkg.Package, rels []artifact.Relationship, err error) ([]pkg.Package, []artifact.Relationship, error) {
// it can be common for dependency evidence to be self-referential (e.g. bash depends on bash), which is not useful
// for the dependency graph, thus we remove these cases
for i := 0; i < len(rels); i++ {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that we're decrementing i to account for the filter. Are we doing the loop this way to avoid doubling the relationship allocations?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exactly -- if there are no self referential package relationships then we aren't allocating another slice

syft/pkg/cataloger/redhat/dependency.go Show resolved Hide resolved
@wagoodman wagoodman merged commit 7ad7627 into main May 14, 2024
11 checks passed
@wagoodman wagoodman deleted the add-rpm-db-relationships branch May 14, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request json-schema Changes the json schema
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

2 participants