Search /usr/share for rpmdb to fix scan on ostree-managed images #1756
Conversation
| @@ -11,7 +11,7 @@ import ( | |||
| // Packages is the legacy Berkely db based format | |||
| // Packages.db is the "ndb" format used in SUSE | |||
| // rpmdb.sqlite is the sqlite format used in fedora + derivates | |||
| const RpmDBGlob = "**/var/lib/rpm/{Packages,Packages.db,rpmdb.sqlite}" | |||
| const RpmDBGlob = "**/{var/lib,usr/share}/rpm/{Packages,Packages.db,rpmdb.sqlite}" | |||
There was a problem hiding this comment.
Would you be able to add a test that has a simple rpmdb in this alternate location?
There was a problem hiding this comment.
Side note: if you'd like to also support OpenSUSE, you might also need /var/lib/sysimage/ like in snyk/snyk-docker-plugin@27958de#diff-eee7d1bac79f2c7987a266d8feb00c77789bdbe75c4149b727af365f22e84f0aR14
There was a problem hiding this comment.
We already support opensuse today because there is a symlink in var/lib/rpm back to usr/lib/sysimage. However, I'm not certain which distribution is using /var/lib/sysimage off the top of my head (sounds familiar though).
❯ docker run --rm -it opensuse/tumbleweed ls -al /var/lib/sysimage
ls: cannot access '/var/lib/sysimage': No such file or directory
❯ docker run --rm -it opensuse/tumbleweed ls -al /var/lib/rpm
lrwxrwxrwx 1 root root 26 Apr 26 18:26 /var/lib/rpm -> ../../usr/lib/sysimage/rpm
❯ docker run --rm -it opensuse/tumbleweed ls -al /usr/lib/sysimage/rpm
total 10292
drwxr-xr-x 2 root root 4096 Apr 26 18:26 .
drwxr-xr-x 3 root root 4096 Apr 26 18:26 ..
-rw-r--r-- 1 root root 0 Apr 26 18:26 .rpm.lock
-rw-r--r-- 1 root root 6377472 Apr 26 18:26 Index.db
-rw-r--r-- 1 root root 4151824 Apr 26 18:26 Packages.db
|
@fpytloun you'll also need to sign-off your commits |
|
I added a cataloger glob test to make certain the cataloger is selecting the right paths, so the PR should be good to go once you sign off your commit @fpytloun . 👍 |
|
Thank you @wagoodman 👍 Signed commit, should be ready now 🙂 |
fpytloun
force-pushed
the
ostree
branch
2 times, most recently
from
d012417 to
a168f9e
Compare
Fixes: anchore#1755 Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Filip Pytloun <filip@pytloun.cz>
|
Sorry, to fix DCO I had to rebase and squash your commit into mine with |
* main: chore(docs): Update lists of catalogers (#1780) chore: add more detail on SPDX file IDs (#1769) Search /usr/share for rpmdb to fix scan on ostree-managed images (#1756) chore(deps): bump github.com/docker/docker (#1767) rename sbom.PackageCatalog to sbom.Packages (#1773) chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 (#1768) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
…hore#1756) Fixes: anchore#1755 Signed-off-by: Filip Pytloun <filip@pytloun.cz> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
fixes: #1755