Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Replace distro type #742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jan 12, 2022
Merged

Replace distro type #742

merged 6 commits into from
Jan 12, 2022

Conversation

@wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Jan 10, 2022
edited
Loading

Removes the distro.Distro object in favor for a new linux.Release struct. The existing distro object takes part of the raw information that is found during analysis and attempts to identify the release relative to a hard-coded enumeration. The remaining raw information discovered is thrown away. There are problems with this:

  1. Syft is meant to raise up as much raw information as possible and attempt not to synthesize data or conclude about interpretations of the data. The distro object is in conflict with this.
  2. Throwing away the unused information from the underlying data source hinders downstream use of such data
  3. Grype is really in need of this distro.Type enumeration, which leads to unnecessary updates of syft to improve grype matches (e.g. adding a new supported distro).

The new linux.Release struct raises up information found in /*/os-release, which is extremely common across all distributions.

This makes a breaking change to the JSON schema, thus, it is being bumped in this PR from 2 to 3. The existing .distro.idLike field is a string. The underlying field is a space-separated list of distribution names which the current linux release is most close to. This field is being transformed into a list to eliminate the need for downstream consumers to split the field on space before use.

Closes #342

@wagoodman wagoodman self-assigned this Jan 10, 2022
@wagoodman wagoodman changed the title Remove distro type Replace distro type Jan 10, 2022
@spiffcs spiffcs self-requested a review January 10, 2022 21:34
@github-actions
Copy link

github-actions bot commented Jan 10, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.36ms ± 1%    1.66ms ± 8%  +22.32%  (p=0.016 n=4+5)
ImagePackageCatalogers/python-package-cataloger-2            3.10ms ± 1%    3.86ms ± 8%  +24.59%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     961µs ± 1%    1158µs ± 3%  +20.50%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         845µs ± 0%     983µs ± 3%  +16.36%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     963µs ± 1%    1173µs ± 5%  +21.86%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      878µs ± 1%    1029µs ± 4%  +17.28%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      13.4ms ± 0%    15.0ms ± 2%  +11.94%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.29ms ± 1%    1.48ms ± 3%  +14.52%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          1.94µs ± 2%    2.14µs ±10%  +10.27%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               252kB ± 0%     253kB ± 0%   +0.49%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            1.06MB ± 0%    1.07MB ± 0%   +0.31%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     230kB ± 0%     230kB ± 0%   +0.33%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         207kB ± 0%     208kB ± 0%   +0.61%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     252kB ± 0%     254kB ± 0%   +0.54%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      234kB ± 0%     235kB ± 0%   +0.45%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.62MB ± 0%    3.63MB ± 0%     ~     (p=0.056 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.30MB ± 0%    1.30MB ± 0%   +0.12%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            560B ± 0%      560B ± 0%     ~     (all equal)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               6.31k ± 0%     6.33k ± 0%   +0.35%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             21.3k ± 0%     21.4k ± 0%   +0.30%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     6.04k ± 0%     6.06k ± 0%   +0.36%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         5.32k ± 0%     5.34k ± 0%   +0.41%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     7.05k ± 0%     7.07k ± 0%   +0.31%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      6.78k ± 0%     6.80k ± 0%   +0.32%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                       69.5k ± 0%     69.7k ± 0%   +0.26%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      7.34k ± 0%     7.36k ± 0%   +0.30%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            13.0 ± 0%      13.0 ± 0%     ~     (all equal)

This was referenced Jan 10, 2022
Closed
Merged
@wagoodman wagoodman marked this pull request as ready for review January 10, 2022 23:06
@wagoodman wagoodman requested a review from a team January 10, 2022 23:06
spiffcs
spiffcs reviewed Jan 11, 2022
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment
edited by wagoodman
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - I'll wait like the notes said for the grype and grype-db branches so we can check it all together but no real notes on this one.

internal/anchore/import_package_sbom.go
}

// importSBOM mirrors all elements found on the syftjson model format object relative to the anchore engine import schema.
type importSBOM struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't see any notes about this in the PR description. Is this type/method needed for internal anchore purposes for when we're changing the schema with breaking changes 2 -> 3?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great point, let me update the PR description to reflect this change and why

syft/pkg/dpkg_metadata.go
pURL := packageurl.NewPackageURL(
// TODO: replace with `packageurl.TypeDebian` upon merge of https://github.com/package-url/packageurl-go/pull/21
// TODO: or, since we're now using an Anchore fork of this module, we could do this sooner.
"deb",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the new release struct do we have enough information to replace this field with information we've pulled from the os-information or do we want to keep this hardcoded for now?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

an upcoming PR is about to change this, I think in the way that you're describing (derive the value directly from the release ID)

@wagoodman wagoodman added the breaking-change Change is not backwards compatible label Jan 11, 2022
@wagoodman
Copy link
Contributor Author

I'm going to hold off on merging this until the sunsetting of grype-db is completed (since this changes the types shared between grype and grype-db)

@wagoodman wagoodman merged commit 706f291 into main Jan 12, 2022
@wagoodman wagoodman deleted the remove-strong-distro-type branch January 12, 2022 17:13
spiffcs added a commit that referenced this pull request Jan 19, 2022
@spiffcs
Merge branch 'hectorj2f/add_dependencies_to_cyclonedx' of https://git…
1a1e9f7 
…hub.com/hectorj2f/syft into hectorj2f/add_dependencies_to_cyclonedx

* 'hectorj2f/add_dependencies_to_cyclonedx' of https://github.com/hectorj2f/syft: (29 commits)
  Improve CycloneDX format output (#710)
  Add additional PHP metadata (#753)
  Update Syft formats for SyftJson (#752)
  Add support for "file" source type in syftjson unmarshaling (#750)
  remove contains file from spdx dependency generation
  support .sar for java ecosystem (#748)
  Start developer documentation (#746)
  Align SPDX export more with SPDX 2.2 specification (#743)
  Replace distro type (#742)
  update goreleaser with windows checksums (#740)
  bump stereoscope version to remove old containerd (#741)
  Add support for multiple output files in different formats (#732)
  Add support for searching for jars within archives (#734)
  683 windows filepath (#735)
  Fix CPE encode/decode when it contains special chars (#714)
  support .par for java ecosystems (#727)
  Add arm64 support to install script (#729)
  Revert "bump goreleaser to v1.2 (#720)" (#731)
  Add a version flag (#722)
  Add lpkg as java package format (#694)
  ...
fengshunli pushed a commit to fengshunli/syft that referenced this pull request Jan 24, 2022
@wagoodman @fengshunli
Replace distro type (anchore#742)
c06a27d 
* remove strong distro type

Signed-off-by: Alex Goodman <[email protected]>

* bump json schema to v3 (breaking distro shape)

Signed-off-by: Alex Goodman <[email protected]>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

* allow for v2 decoding of distro idLikes field in v3 json decoder

Signed-off-by: Alex Goodman <[email protected]>

* fix casing in simple linux release name

Signed-off-by: Alex Goodman <[email protected]>

* use discovered name as pretty name in simple linux release

Signed-off-by: Alex Goodman <[email protected]>
Signed-off-by: fsl <[email protected]>
spiffcs pushed a commit that referenced this pull request Jan 24, 2022
@wagoodman @spiffcs
Replace distro type (#742)
570d123 
* remove strong distro type

Signed-off-by: Alex Goodman <[email protected]>

* bump json schema to v3 (breaking distro shape)

Signed-off-by: Alex Goodman <[email protected]>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

* allow for v2 decoding of distro idLikes field in v3 json decoder

Signed-off-by: Alex Goodman <[email protected]>

* fix casing in simple linux release name

Signed-off-by: Alex Goodman <[email protected]>

* use discovered name as pretty name in simple linux release

Signed-off-by: Alex Goodman <[email protected]>
Signed-off-by: Christopher Phillips <[email protected]>
spiffcs pushed a commit that referenced this pull request Jan 25, 2022
@wagoodman @spiffcs
Replace distro type (#742)
0ce277a 
* remove strong distro type

Signed-off-by: Alex Goodman <[email protected]>

* bump json schema to v3 (breaking distro shape)

Signed-off-by: Alex Goodman <[email protected]>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

* allow for v2 decoding of distro idLikes field in v3 json decoder

Signed-off-by: Alex Goodman <[email protected]>

* fix casing in simple linux release name

Signed-off-by: Alex Goodman <[email protected]>

* use discovered name as pretty name in simple linux release

Signed-off-by: Alex Goodman <[email protected]>
jonasagx pushed a commit to jonasagx/syft that referenced this pull request Jan 28, 2022
@wagoodman @jonasagx
Replace distro type (anchore#742)
5ea300d 
* remove strong distro type

Signed-off-by: Alex Goodman <[email protected]>

* bump json schema to v3 (breaking distro shape)

Signed-off-by: Alex Goodman <[email protected]>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

* allow for v2 decoding of distro idLikes field in v3 json decoder

Signed-off-by: Alex Goodman <[email protected]>

* fix casing in simple linux release name

Signed-off-by: Alex Goodman <[email protected]>

* use discovered name as pretty name in simple linux release

Signed-off-by: Alex Goodman <[email protected]>
@wagoodman wagoodman mentioned this pull request Feb 24, 2022
Merged
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@wagoodman
Replace distro type (anchore#742)
a0f22f8 
* remove strong distro type

Signed-off-by: Alex Goodman <[email protected]>

* bump json schema to v3 (breaking distro shape)

Signed-off-by: Alex Goodman <[email protected]>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

* allow for v2 decoding of distro idLikes field in v3 json decoder

Signed-off-by: Alex Goodman <[email protected]>

* fix casing in simple linux release name

Signed-off-by: Alex Goodman <[email protected]>

* use discovered name as pretty name in simple linux release

Signed-off-by: Alex Goodman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees

@wagoodman wagoodman

Labels

breaking-change Change is not backwards compatible

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove strong distro type

3 participants

@wagoodman @spiffcs