Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when metadata is incomplete #26

Open
m10k opened this issue Dec 9, 2023 · 0 comments
Open

Error when metadata is incomplete #26

m10k opened this issue Dec 9, 2023 · 0 comments

Comments

@m10k
Copy link
Member

m10k commented Dec 9, 2023

When generating SBOMs for some packages, alma-sbom fails with the following error.

Traceback (most recent call last):
  File "/root/alma-sbom/./alma_sbom.py", line 612, in <module>
    cli_main()
  File "/root/alma-sbom/./alma_sbom.py", line 594, in cli_main
    sbom = get_info_about_package(
  File "/root/alma-sbom/./alma_sbom.py", line 300, in get_info_about_package
    'value': immudb_metadata['build_host'],
KeyError: 'build_host'

Steps to reproduce:

$ dnf download bc-1.07.1-14.el9.x86_64
$ hash=$(sha256sum bc-1.07.1-14.el9.x86_64.rpm | cut -d ' ' -f 1)
$ ./alma_sbom.py --file-format spdx-json --rpm-package-hash "$hash"

This is what immudb_metadata looks like:

{
  "arch": "x86_64",
  "epoch": "0",
  "git_commit": "36ba399613061e6190966c2e97f23fdf7e061cce",
  "git_ref": "imports/c9/bc-1.07.1-14.el9",
  "git_url": "https://git.almalinux.org/rpms/bc.git",
  "name": "bc",
  "release": "14.el9",
  "sbom_api": "0.2",
  "source_type": "git",
  "sourcerpm": "bc-1.07.1-14.el9.src.rpm",
  "version": "1.07.1"
}

I imagine that the metadata for some packages is incomplete because they were built with older versions of ALBS. Maybe we should omit missing data from SBOM generation and only fail if NTIA Minimum Elements are missing?
kawaharasouta added a commit to kawaharasouta/alma-sbom that referenced this issue May 27, 2024
@kawaharasouta
fix AlmaLinux#26 and mini refactor
8fd8a27
kawaharasouta added a commit to kawaharasouta/alma-sbom that referenced this issue Jun 3, 2024
@kawaharasouta
fix AlmaLinux#26 and mini refactor
1b1403a
KAWAHARA-souta added a commit to KAWAHARA-souta/alma-sbom that referenced this issue Jun 3, 2024
@KAWAHARA-souta
Fix AlmaLinux#26
738e66d 
Store 'None' if build-related data is empty
@KAWAHARA-souta KAWAHARA-souta mentioned this issue Jun 3, 2024
Closed
KAWAHARA-souta pushed a commit to KAWAHARA-souta/alma-sbom that referenced this issue Aug 27, 2024
@kawaharasouta @KAWAHARA-souta
Fix some incomplete metadata issue partially
e9310e0 
When data cannot be retrieved from immudb, or when data for package is
missing, if the --rpm-package option was used to specify an rpm package,
I made it so that the rpm package is used to supplement the information.

The following issues have been partially fixed.
 - AlmaLinux#42
 - AlmaLinux#44

And the following issues have been fixed.
 - AlmaLinux#26
@KAWAHARA-souta KAWAHARA-souta mentioned this issue Aug 27, 2024
Draft
@KAWAHARA-souta KAWAHARA-souta mentioned this issue Sep 12, 2024
Open
KAWAHARA-souta added a commit to KAWAHARA-souta/alma-sbom that referenced this issue Sep 17, 2024
@KAWAHARA-souta
Fix some incomplete metadata issue partially
9401918 
When data cannot be retrieved from immudb, or when data for package is
missing, if the --rpm-package option was used to specify an rpm package,
I made it so that the rpm package is used to supplement the information.

The following issues have been partially fixed.
 - AlmaLinux#42
 - AlmaLinux#44

And the following issues have been fixed.
 - AlmaLinux#26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix error when metadata is incomplete KAWAHARA-souta/alma-sbom
1 participant
@m10k