Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: find bitnami files even when no relationships #3676

Merged
merged 1 commit into from
Feb 21, 2025
Merged

fix: find bitnami files even when no relationships #3676

merged 1 commit into from
Feb 21, 2025

Conversation

willmurphyscode
Copy link
Contributor

Description

The bitnami cataloger assigns files under /opt/bitnami/PACKAGE to be owned by PACKAGE unless they are otherwise owned. Previously, this main package was identified only by relationships, leading to an edge case where if there was a bitnami SBOM with a single package in it, there were no relationships, and so there would be no main package to assign the files to, leading to deduplication failures.

Instead, when encountering a bitnami SBOM with exactly one package in it, assume that package is the main package of that SBOM.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (please discuss with the team first; Syft is 1.0 software and we won't accept breaking changes without going to 2.0)
  • Documentation (updates the documentation)
  • Chore (improve the developer experience, fix a test flake, etc, without changing the visible behavior of Syft)
  • Performance (make Syft run faster or use less memory, without changing visible behavior much)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@willmurphyscode
fix: find bitnami files even when no relationships
8028d37 
The bitnami cataloger assigns files under /opt/bitnami/PACKAGE to be
owned by PACKAGE unless they are otherwise owned. Previously, this main
package was identified only by relationships, leading to an edge case
where if there was a bitnami SBOM with a single package in it, there
were no relationships, and so there would be no main package to assign
the files to, leading to deduplication failures.

Instead, when encountering a bitnami SBOM with exactly one package in
it, assume that package is the main package of that SBOM.

Signed-off-by: Will Murphy <[email protected]>
@willmurphyscode willmurphyscode enabled auto-merge (squash) February 21, 2025 14:14
@willmurphyscode willmurphyscode merged commit dd2ee2b into main Feb 21, 2025
12 checks passed
@willmurphyscode willmurphyscode deleted the fix-bitnami-owned-files branch February 21, 2025 14:22
@kzantow kzantow added the bug Something isn't working label Feb 21, 2025
@BrewTestBot BrewTestBot mentioned this pull request Feb 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@willmurphyscode @wagoodman @kzantow