Drop whiteout/opaque files and warn when pkg lacks Name/Version#1017
Closed
jonasagx wants to merge 15 commits into
Closed
Drop whiteout/opaque files and warn when pkg lacks Name/Version#1017jonasagx wants to merge 15 commits into
jonasagx wants to merge 15 commits into
Conversation
Name and Version are important fields that later are used to generate CPEs, pURLs, we should warn about it. Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
jonasagx
changed the title
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
jonasagx
commented
May 27, 2022
| func dependencyName(p pkg.Package) string { | ||
| purl, err := packageurl.FromString(p.PURL) | ||
| if err != nil { | ||
| log.Warnf("Invalid PURL for package: '%s' PURL: '%s' (%w)", p.Name, p.PURL, err) |
Contributor
Author
There was a problem hiding this comment.
This log line seems unnecessary with the new warning that works for all formats
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
jonasagx
commented
May 27, 2022
|
|
||
| func (p *Package) SetID() { | ||
| if p.Name == "" { | ||
| log.Warnf("%s: missing package name, that is necessary for further metadata extraction. Please take a look at %s", p.FoundBy, p.Locations.ToSlice()) |
Contributor
Author
There was a problem hiding this comment.
Warning log to inform user which package has missing Name and/or Version.
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
jonasagx
changed the title
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Contributor
Author
|
Closing this PR in favor of #1021 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses two issues from #780
Syft indexes whiteout and opaque files
Addressed by:
Questions
ImageScheme?Packages created without Name or Version don't give warnings
Name and Version are important fields, later used to generate CPEs, pURLs. We should warn when they are missing, since that will produce broken SBOMs
Addressed by:
SetID(that function already had some warnings, so it looks like an acceptable place)SetID's warn log.Fix: #780
Signed-off-by: Jonas Xavier jonasx@anchore.com