Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: bump github.com/sylabs/squashfs to v1.0.0 #265

Merged
merged 2 commits into from
Jul 11, 2024
Merged

deps: bump github.com/sylabs/squashfs to v1.0.0 #265

merged 2 commits into from
Jul 11, 2024

Conversation

tri-adam
Copy link
Contributor

@tri-adam tri-adam commented Jul 8, 2024

#261 pulls in an updated github.com/sylabs/squashfs dependency, but unfortunately the v1.0.0 of that has some breaking API changes! I've attempted to address those here, and made some other improvements to the code that backs the singularity source. In particular:

  • I've added an error to the file.Opener, to be able to explicitly pass an error back when encountered reading a SquashFS file. Let me know if this looks OK... I had to make minor mods in other sources to satisfy that interface, but seems more consistent with how things like go-containerregistry return io.ReadClosers.
  • I've generalized what was uncompressedTarCache to be uncompressedCache, and used that on the SquashFS side of things to make sure the code closes file handles everywhere it should.

One last note on testing, not sure the best way to do this? I built syft with this version like so:

$ go mod edit -replace github.com/anchore/stereoscope=../stereoscope

And then pulled a SIF image and scanned it:

$ singularity pull docker://alpine
...
$ go run ./cmd/syft scan singularity:alpine_latest.sif
 ✔ Parsed image                                                                                                                                                   sha256:bd640a41460ae7bfae0d608ad063c84cf5b61ef1b9647531bd59cbf57e519dde
 ✔ Cataloged contents                                                                                                                                                    ff77047d9cb035df6be6800b79aea4df63d2fb3e46c59125b2fc2d5235062496
   ├── ✔ Packages                        [14 packages]  
   ├── ✔ File digests                    [77 files]  
   ├── ✔ File metadata                   [77 locations]  
   └── ✔ Executables                     [17 executables]  
NAME                    VERSION      TYPE   
alpine-baselayout       3.6.5-r0     apk     
alpine-baselayout-data  3.6.5-r0     apk     
alpine-keys             2.4-r1       apk     
apk-tools               2.14.4-r0    apk     
busybox                 1.36.1-r29   apk     
busybox-binsh           1.36.1-r29   apk     
ca-certificates-bundle  20240226-r0  apk     
libcrypto3              3.3.1-r0     apk     
libssl3                 3.3.1-r0     apk     
musl                    1.2.5-r0     apk     
musl-utils              1.2.5-r0     apk     
scanelf                 1.3.7-r2     apk     
ssl_client              1.36.1-r29   apk     
zlib                    1.3.1-r1     apk

Let me know if that looks alright, or if there are any other improvements I can make. Thanks!

@tri-adam tri-adam marked this pull request as ready for review July 8, 2024 20:55
@wagoodman
Copy link
Contributor

wagoodman commented Jul 11, 2024
edited
Loading

Thanks for making the bump @tri-adam ! I can rebase and merge this later today.

One last note on testing, not sure the best way to do this? I built syft with this version like so:
$ go mod edit -replace github.com/anchore/stereoscope=../stereoscope

indeed, that way works well for local testing. Another way is to use go.work:

# from the syft dir...
go work init

# use "current" dir and "../stereoscope" within the workspace
go work use . ../stereoscope

This has the added benefit of not changing the go.mod and go.sum files directly, so is a little easier for local development.

@wagoodman wagoodman mentioned this pull request Jul 11, 2024
Closed
tri-adam added 2 commits July 11, 2024 09:24
@tri-adam @wagoodman
deps: bump github.com/sylabs/squashfs to v1.0.0
10995b5 
Signed-off-by: Adam Hughes <[email protected]>
@tri-adam @wagoodman
refactor: add error from Opener
0af5f19 
This allows the squashfsVisitor to return errors when they are
encountered. Previously, there was not a way to return an error opening
the file, so an error could go unnoticed.

Signed-off-by: Adam Hughes <[email protected]>
@wagoodman wagoodman added the dependencies Pull requests that update a dependency file label Jul 11, 2024
@wagoodman wagoodman enabled auto-merge (squash) July 11, 2024 13:25
@wagoodman wagoodman merged commit 41c9674 into anchore:main Jul 11, 2024
7 checks passed
@tri-adam tri-adam deleted the squashfs-v1 branch July 15, 2024 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tri-adam @wagoodman