Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when epoch is missing from the immudb record #42

Open
KAWAHARA-souta opened this issue Jul 3, 2024 · 0 comments
Open

Error when epoch is missing from the immudb record #42

KAWAHARA-souta opened this issue Jul 3, 2024 · 0 comments

Comments

@KAWAHARA-souta
Copy link
Contributor

When generating SBOMs for some packages, alma-sbom fails with the following error.

Traceback (most recent call last):
  File "/home/khwarizmi/git/alma-sbom/alma_sbom.py", line 712, in <module>
    cli_main()
  File "/home/khwarizmi/git/alma-sbom/alma_sbom.py", line 687, in cli_main
    sbom = get_info_about_package(
  File "/home/khwarizmi/git/alma-sbom/alma_sbom.py", line 252, in get_info_about_package
    source_rpm, package_nevra = _get_specific_info_about_package(
  File "/home/khwarizmi/git/alma-sbom/alma_sbom.py", line 150, in _get_specific_info_about_pack
age
    epoch=immudb_metadata['epoch'],
KeyError: 'epoch'

step to reproduce:

(env) $ sha256sum ./AlmaLinux-9.4-x86_64-dvd/AppStream/Packages/OpenIPMI-2.0.32-3.el9.i686.rpm
96f79c00cf635268379227f39f4745dedf20d6ad275e37a2d056bd9f4984b5c4  ./AlmaLinux-9.4-x86_64-dvd/AppStream/Packages/OpenIPMI-2.0.32-3.el9.i686.rpm
(env) $ python alma_sbom.py --rpm-package-hash 96f79c00cf635268379227f39f4745dedf20d6ad275e37a2d056bd9f4984b5c4 --file-format cyclonedx-json

The immudb record like below.

{
  'Name': 'OpenIPMI-2.0.32-3.el9.i686.rpm', 
  'Kind': 'file', 
  'Size': 116064, 
  'Hash': '96f79c00cf635268379227f39f4745dedf20d6ad275e37a2d056bd9f4984b5c4', 
  'Metadata': {
    'arch': 'i686', 
    'git_commit': '7366558c4f3b4991ab8f68e25f22515e7133a2c0', 
    'git_ref': 'imports/c9/OpenIPMI-2.0.32-3.el9',
    'git_url': 'https://git.almalinux.org/rpms/OpenIPMI.git', 
    'name': 'OpenIPMI', 
    'release': '3.el9', 
    'sbom_api': '0.2', 
    'source_type': 'git', 
    'sourcerpm': 'OpenIPMI-2.0.32-3.el9.src.rpm', 
    'version': '2.0.32'
  }, 
  'Signer': 'sbom_signer_almalinux', 
  'Original_timestamp': '0001-01-01T00:00:00Z', 
  'timestamp': 1695069406
}

I'm considering two approaches to address this issue:

  1. Since epoch is one of the basic version information elements, we could terminate with an error when epoch is missing.
  2. From a user's perspective, according to RPM specifications, we could treat a missing epoch as equivalent to 0 and proceed with processing.

I don't fully understand how immudb is handled on ALBS, so I can't determine which approach is correct. This package is included in the 9.4 DVD ISO image, so from the ISO-SBOM specification perspective (#41), I would prefer approach 2, but I'm not sure if this is the right choice.
Do you have any advice?
KAWAHARA-souta pushed a commit to KAWAHARA-souta/alma-sbom that referenced this issue Aug 27, 2024
@kawaharasouta @KAWAHARA-souta
Fix some incomplete metadata issue partially
e9310e0 
When data cannot be retrieved from immudb, or when data for package is
missing, if the --rpm-package option was used to specify an rpm package,
I made it so that the rpm package is used to supplement the information.

The following issues have been partially fixed.
 - AlmaLinux#42
 - AlmaLinux#44

And the following issues have been fixed.
 - AlmaLinux#26
@KAWAHARA-souta KAWAHARA-souta mentioned this issue Aug 27, 2024
Draft
KAWAHARA-souta added a commit to KAWAHARA-souta/alma-sbom that referenced this issue Sep 17, 2024
@KAWAHARA-souta
Fix some incomplete metadata issue partially
9401918 
When data cannot be retrieved from immudb, or when data for package is
missing, if the --rpm-package option was used to specify an rpm package,
I made it so that the rpm package is used to supplement the information.

The following issues have been partially fixed.
 - AlmaLinux#42
 - AlmaLinux#44

And the following issues have been fixed.
 - AlmaLinux#26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KAWAHARA-souta