commit chainguard-dfc for openSUSE:Factory

Thu, 22 May 2025 08:00:01 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package chainguard-dfc for openSUSE:Factory 
checked in at 2025-05-22 16:56:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/chainguard-dfc (Old)
 and      /work/SRC/openSUSE:Factory/.chainguard-dfc.new.2732 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "chainguard-dfc"

Thu May 22 16:56:46 2025 rev:2 rq:1279154 version:0.7.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/chainguard-dfc/chainguard-dfc.changes    
2025-05-12 16:52:24.021545513 +0200
+++ /work/SRC/openSUSE:Factory/.chainguard-dfc.new.2732/chainguard-dfc.changes  
2025-05-22 16:57:18.163025215 +0200
@@ -1,0 +2,15 @@
+Thu May 22 04:44:37 UTC 2025 - Johannes Kastl 
<[email protected]>
+
+- Update to version 0.7.2:
+  * fix linter issues
+  * remove comment
+  * add strict flag to force package mapping
+  * [StepSecurity] Apply security best practices
+
+-------------------------------------------------------------------
+Thu May 22 04:43:01 UTC 2025 - Johannes Kastl 
<[email protected]>
+
+- Update to version 0.7.1:
+  * Parse debian epoch version
+
+-------------------------------------------------------------------

Old:
----
  chainguard-dfc-0.7.0.obscpio

New:
----
  chainguard-dfc-0.7.2.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ chainguard-dfc.spec ++++++
--- /var/tmp/diff_new_pack.ycNsON/_old  2025-05-22 16:57:18.851054748 +0200
+++ /var/tmp/diff_new_pack.ycNsON/_new  2025-05-22 16:57:18.851054748 +0200
@@ -15,10 +15,11 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+
 %define executable_name dfc
 
 Name:           chainguard-dfc
-Version:        0.7.0
+Version:        0.7.2
 Release:        0
 Summary:        Chainguard Dockerfile Converter
 License:        Apache-2.0
@@ -27,8 +28,8 @@
 Source1:        vendor.tar.gz
 BuildRequires:  bash-completion
 BuildRequires:  fish
-BuildRequires:  golang(API) >= 1.24
 BuildRequires:  zsh
+BuildRequires:  golang(API) >= 1.24
 # there is already a package called dfc...
 Conflicts:      dfc
 
@@ -50,8 +51,8 @@
 %package -n %{name}-fish-completion
 Summary:        Fish Completion for %{name}
 Group:          System/Shells
-Requires:       fish
 Requires:       %{name} = %{version}
+Requires:       fish
 Supplements:    (%{name} and fish)
 BuildArch:      noarch
 
@@ -61,8 +62,8 @@
 %package -n %{name}-zsh-completion
 Summary:        Zsh Completion for %{name}
 Group:          System/Shells
-Requires:       zsh
 Requires:       %{name} = %{version}
+Requires:       zsh
 Supplements:    (%{name} and zsh)
 BuildArch:      noarch
 

++++++ _service ++++++
--- /var/tmp/diff_new_pack.ycNsON/_old  2025-05-22 16:57:18.883056122 +0200
+++ /var/tmp/diff_new_pack.ycNsON/_new  2025-05-22 16:57:18.887056293 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/chainguard-dev/dfc</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.7.0</param>
+    <param name="revision">v0.7.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.ycNsON/_old  2025-05-22 16:57:18.903056980 +0200
+++ /var/tmp/diff_new_pack.ycNsON/_new  2025-05-22 16:57:18.907057152 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/chainguard-dev/dfc</param>
-              <param 
name="changesrevision">0a9e56139682dad8f836d85d273fdbd28a24d51c</param></service></servicedata>
+              <param 
name="changesrevision">7651a9e5ce0b8ea97deb89d48cadfa1d3fe2b890</param></service></servicedata>
 (No newline at EOF)
 

++++++ chainguard-dfc-0.7.0.obscpio -> chainguard-dfc-0.7.2.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/chainguard-dfc-0.7.0/main.go 
new/chainguard-dfc-0.7.2/main.go
--- old/chainguard-dfc-0.7.0/main.go    2025-05-09 20:53:12.000000000 +0200
+++ new/chainguard-dfc-0.7.2/main.go    2025-05-20 17:36:37.000000000 +0200
@@ -53,6 +53,7 @@
        var mappingsFile string
        var updateFlag bool
        var noBuiltInFlag bool
+       var strictFlag bool
 
        // Default log level is info
        var level = slag.Level(slog.LevelInfo)
@@ -128,6 +129,7 @@
                                Registry:     registry,
                                Update:       updateFlag,
                                NoBuiltIn:    noBuiltInFlag,
+                               Strict:       strictFlag,
                        }
 
                        // If custom mappings file is provided, load it as 
ExtraMappings
@@ -215,6 +217,9 @@
        cmd.Flags().BoolVar(&updateFlag, "update", false, "check for and apply 
available updates")
        cmd.Flags().BoolVar(&noBuiltInFlag, "no-builtin", false, "skip built-in 
package/image mappings, still apply default conversion logic")
        cmd.Flags().Var(&level, "log-level", "log level (e.g. debug, info, 
warn, error)")
+       cmd.Flags().BoolVar(&strictFlag, "strict", false, "when true, fail if 
any package is unknown")
+       // nolint:errcheck
+       cmd.Flags().MarkHidden("strict")
 
        return cmd
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/chainguard-dfc-0.7.0/pkg/dfc/dfc.go 
new/chainguard-dfc-0.7.2/pkg/dfc/dfc.go
--- old/chainguard-dfc-0.7.0/pkg/dfc/dfc.go     2025-05-09 20:53:12.000000000 
+0200
+++ new/chainguard-dfc-0.7.2/pkg/dfc/dfc.go     2025-05-20 17:36:37.000000000 
+0200
@@ -107,6 +107,7 @@
        VersionMatcher string
        Version        string
        Release        string
+       Epoch          string
 }
 
 // DockerfileLine represents a single line in a Dockerfile
@@ -473,6 +474,7 @@
        NoBuiltIn         bool              // When true, don't use built-in 
mappings, only ExtraMappings
        FromLineConverter FromLineConverter // Optional custom converter for 
FROM lines
        RunLineConverter  RunLineConverter  // Optional custom converter for 
RUN lines
+       Strict            bool              // When true, fail if any package 
is unknown
 }
 
 // MappingsConfig represents the structure of builtin-mappings.yaml
@@ -587,7 +589,7 @@
 
                // Process RUN commands
                if line.Run != nil && line.Run.Shell != nil && 
line.Run.Shell.Before != nil {
-                       err := processRunLineWithConverter(newLine, line, 
stagePackages, mappings.Packages, opts.RunLineConverter)
+                       err := processRunLineWithConverter(newLine, line, 
stagePackages, mappings.Packages, opts.RunLineConverter, opts.Strict)
                        if err != nil {
                                return nil, err
                        }
@@ -955,7 +957,7 @@
 }
 
 // processRunLineWithConverter handles the conversion of RUN lines but 
supports a RunLineConverter.
-func processRunLineWithConverter(newLine *DockerfileLine, line 
*DockerfileLine, stagePackages map[int][]string, packageMap PackageMap, 
runLineConverter RunLineConverter) error {
+func processRunLineWithConverter(newLine *DockerfileLine, line 
*DockerfileLine, stagePackages map[int][]string, packageMap PackageMap, 
runLineConverter RunLineConverter, strict bool) error {
        beforeShell := line.Run.Shell.Before
 
        // Initialize RunDetails with Before shell
@@ -966,8 +968,11 @@
        }
 
        // First check for package manager commands
-       modifiedPMCommands, distro, manager, packages, mappedPackages, 
afterShell :=
-               convertPackageManagerCommands(beforeShell, packageMap)
+       modifiedPMCommands, distro, manager, packages, mappedPackages, 
afterShell, err :=
+               convertPackageManagerCommands(beforeShell, packageMap, strict)
+       if err != nil {
+               return err
+       }
        newLine.Run.Distro = distro
        newLine.Run.Manager = manager
        newLine.Run.Packages = packages
@@ -1125,9 +1130,9 @@
 
 // convertPackageManagerCommands converts package manager commands in a shell 
command
 // to the Alpine equivalent (apk add)
-func convertPackageManagerCommands(shell *ShellCommand, packageMap PackageMap) 
(bool, Distro, Manager, []string, []string, *ShellCommand) {
+func convertPackageManagerCommands(shell *ShellCommand, packageMap PackageMap, 
strict bool) (bool, Distro, Manager, []string, []string, *ShellCommand, error) {
        if shell == nil {
-               return false, "", "", nil, nil, nil
+               return false, "", "", nil, nil, nil, nil
        }
 
        // Determine which distro/package manager we're going to focus on
@@ -1176,7 +1181,10 @@
                                                if !strings.HasPrefix(arg, "-") 
{
                                                        packagesDetected = 
append(packagesDetected, arg)
                                                        packageSpec := 
parsePackageSpec(firstPM, arg)
-                                                       packages := 
convertPackage(packageSpec, distro, packageMap)
+                                                       packages, err := 
convertPackage(packageSpec, distro, packageMap, strict)
+                                                       if err != nil {
+                                                               return false, 
"", "", nil, nil, nil, err
+                                                       }
                                                        packagesToInstall = 
append(packagesToInstall, packages...)
                                                }
                                        }
@@ -1190,7 +1198,7 @@
 
        // If we don't have any package manager commands, return the original 
shell
        if !hasPackageManager {
-               return false, distro, firstPM, nil, nil, shell
+               return false, distro, firstPM, nil, nil, shell, nil
        }
 
        // Sort and deduplicate packages
@@ -1224,7 +1232,7 @@
                                        Args:    append([]string{SubcommandAdd, 
ApkNoCacheFlag}, packagesToInstall...),
                                },
                        },
-               }
+               }, nil
        }
 
        // If we only have package manager commands but no packages to install,
@@ -1236,7 +1244,7 @@
                                        Command: "true",
                                },
                        },
-               }
+               }, nil
        }
 
        // Create a new shell command with parts
@@ -1304,7 +1312,7 @@
                })
        }
 
-       return true, distro, firstPM, packagesDetected, packagesToInstall, 
&ShellCommand{Parts: newParts}
+       return true, distro, firstPM, packagesDetected, packagesToInstall, 
&ShellCommand{Parts: newParts}, nil
 }
 
 // Helper function to clone a shell part
@@ -1494,6 +1502,7 @@
        switch manager {
        case ManagerApk:
                // 
https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper#Add_a_Package
+               // name{@tag}{[<>~=]version}
                spec.Name, spec.Tag, _ = strings.Cut(packageArg, "@")
                if spec.Tag == "" {
                        spec.Name, spec.Version, spec.VersionMatcher = 
parseApkVersion(spec.Name)
@@ -1502,10 +1511,20 @@
                }
                spec.Version, spec.Release, _ = strings.Cut(spec.Version, "-")
        case ManagerApt, ManagerAptGet:
+               // 
https://www.debian.org/doc/debian-policy/ch-controlfields.html#version
+               // name=[epoch:]upstream_version[-debian_revision]
                spec.Name, spec.Version, _ = strings.Cut(packageArg, "=")
-               spec.Version, spec.Release, _ = strings.Cut(spec.Version, "-")
                if spec.Version != "" {
                        spec.VersionMatcher = "="
+                       if strings.Contains(spec.Version, ":") {
+                               spec.Epoch, spec.Version, _ = 
strings.Cut(spec.Version, ":")
+                       }
+
+                       // hyphens only allowed in version if there is a 
revision
+                       if lastHyphenIndex := strings.LastIndex(spec.Version, 
"-"); lastHyphenIndex != -1 {
+                               spec.Release = spec.Version[lastHyphenIndex+1:]
+                               spec.Version = spec.Version[:lastHyphenIndex]
+                       }
                }
        case ManagerDnf, ManagerMicrodnf, ManagerYum:
                // Format is name-version-release
@@ -1520,16 +1539,18 @@
 }
 
 // convertPackage performs a lookup of a given package in the package map and 
returns a valid apk package parameter.
-func convertPackage(spec PackageSpec, distro Distro, packageMap PackageMap) 
[]string {
+func convertPackage(spec PackageSpec, distro Distro, packageMap PackageMap, 
strict bool) ([]string, error) {
        var packages []string
        if distroMap, exists := packageMap[distro]; exists && 
distroMap[spec.Name] != nil {
                for _, pkg := range distroMap[spec.Name] {
                        packages = append(packages, createApkPackageSpec(pkg, 
spec))
                }
+       } else if strict {
+               return nil, fmt.Errorf("%s has no mapping", spec.Name)
        } else {
                packages = append(packages, createApkPackageSpec(spec.Name, 
spec))
        }
-       return packages
+       return packages, nil
 }
 
 // createApkPackageSpec formats an apk package parameter. The following 
adjustments will be made to align with
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/chainguard-dfc-0.7.0/pkg/dfc/dfc_test.go 
new/chainguard-dfc-0.7.2/pkg/dfc/dfc_test.go
--- old/chainguard-dfc-0.7.0/pkg/dfc/dfc_test.go        2025-05-09 
20:53:12.000000000 +0200
+++ new/chainguard-dfc-0.7.2/pkg/dfc/dfc_test.go        2025-05-20 
17:36:37.000000000 +0200
@@ -1933,6 +1933,41 @@
                t.Errorf("Expected error from RunLineConverter to be 
propagated, got: %v", err)
        }
 }
+func TestStrictMode(t *testing.T) {
+       convertTests := []struct {
+               name    string
+               raw     string
+               wantErr bool
+       }{
+               {
+                       name:    "does not have mapping",
+                       raw:     "RUN apt-get install -y saesidon",
+                       wantErr: true,
+               },
+               {
+                       name:    "has mapping",
+                       raw:     "RUN apt-get install -y awscli",
+                       wantErr: false,
+               },
+       }
+       for _, tt := range convertTests {
+               t.Run(tt.name, func(t *testing.T) {
+                       ctx := context.Background()
+                       parsed, err := ParseDockerfile(ctx, []byte(tt.raw))
+                       if err != nil {
+                               t.Fatalf("Failed to parse Dockerfile: %v", err)
+                       }
+
+                       _, convertErr := parsed.Convert(ctx, Options{
+                               Strict: true,
+                       })
+                       gotErr := convertErr != nil
+                       if gotErr != tt.wantErr {
+                               t.Errorf("%s: wanted %t got %t", tt.name, 
tt.wantErr, gotErr)
+                       }
+               })
+       }
+}
 
 func TestParsePackageSpec(t *testing.T) {
        type args struct {
@@ -2021,8 +2056,23 @@
                },
                {
                        name:     "apt with version release",
-                       args:     args{manager: ManagerApt, packageArg: 
"foo-3=1.0.0-r0"},
-                       wantSpec: PackageSpec{Manager: ManagerApt, Name: 
"foo-3", Version: "1.0.0", VersionMatcher: "=", Release: "r0"},
+                       args:     args{manager: ManagerApt, packageArg: 
"foo-3=1.5-1~deb10u1"},
+                       wantSpec: PackageSpec{Manager: ManagerApt, Name: 
"foo-3", Version: "1.5", VersionMatcher: "=", Release: "1~deb10u1"},
+               },
+               {
+                       name:     "apt with version include hyphen and release",
+                       args:     args{manager: ManagerApt, packageArg: 
"foo-3=1.0.0-1-r0"},
+                       wantSpec: PackageSpec{Manager: ManagerApt, Name: 
"foo-3", Version: "1.0.0-1", VersionMatcher: "=", Release: "r0"},
+               },
+               {
+                       name:     "apt with version epoch",
+                       args:     args{manager: ManagerApt, packageArg: 
"foo-3=1:1.0.0"},
+                       wantSpec: PackageSpec{Manager: ManagerApt, Name: 
"foo-3", Epoch: "1", Version: "1.0.0", VersionMatcher: "="},
+               },
+               {
+                       name:     "apt with version epoch and release",
+                       args:     args{manager: ManagerApt, packageArg: 
"foo-3=1:1.0.0-r0"},
+                       wantSpec: PackageSpec{Manager: ManagerApt, Name: 
"foo-3", Epoch: "1", Version: "1.0.0", VersionMatcher: "=", Release: "r0"},
                },
                {
                        name:     "yum name only",
@@ -2122,7 +2172,11 @@
        }
        for _, tt := range tests {
                t.Run(tt.name, func(t *testing.T) {
-                       if got := convertPackage(tt.args.spec, tt.args.distro, 
pm); !reflect.DeepEqual(got, tt.want) {
+                       got, err := convertPackage(tt.args.spec, 
tt.args.distro, pm, false)
+                       if err != nil {
+                               t.Fatal(err)
+                       }
+                       if !reflect.DeepEqual(got, tt.want) {
                                t.Errorf("convertPackage() = %v, want %v", got, 
tt.want)
                        }
                })
@@ -2155,6 +2209,11 @@
                        want: "bar=~1.0.0",
                },
                {
+                       name: "apt with version epoch",
+                       args: args{name: "bar", spec: PackageSpec{Manager: 
ManagerAptGet, Name: "foo", Epoch: "1", Version: "1.0.0", VersionMatcher: "="}},
+                       want: "bar=~1.0.0",
+               },
+               {
                        name: "apk with version >",
                        args: args{name: "bar", spec: PackageSpec{Manager: 
ManagerApk, Name: "foo", Version: "1.0.0", VersionMatcher: ">"}},
                        want: "bar>1.0.0",

++++++ chainguard-dfc.obsinfo ++++++
--- /var/tmp/diff_new_pack.ycNsON/_old  2025-05-22 16:57:19.071064192 +0200
+++ /var/tmp/diff_new_pack.ycNsON/_new  2025-05-22 16:57:19.075064363 +0200
@@ -1,5 +1,5 @@
 name: chainguard-dfc
-version: 0.7.0
-mtime: 1746816792
-commit: 0a9e56139682dad8f836d85d273fdbd28a24d51c
+version: 0.7.2
+mtime: 1747755397
+commit: 7651a9e5ce0b8ea97deb89d48cadfa1d3fe2b890
 

++++++ vendor.tar.gz ++++++

Reply via email to