From 2225a24ac7532302616fc8fad3c2241b66545d5a Mon Sep 17 00:00:00 2001 From: ashnamehrotra Date: Fri, 22 Sep 2023 15:23:48 -0700 Subject: [PATCH] chore: cherry pick #295 into 0.4 (#314) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- pkg/pkgmgr/rpm.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkg/pkgmgr/rpm.go b/pkg/pkgmgr/rpm.go index cf033451..b9350950 100644 --- a/pkg/pkgmgr/rpm.go +++ b/pkg/pkgmgr/rpm.go @@ -35,7 +35,7 @@ const ( rpmManifest2 = "container-manifest-2" rpmManifestWildcard = "container-manifest-*" - installToolsCmd = "yum install busybox -y" + installToolsCmd = "yum install busybox cpio -y" resultQueryFormat = "%{NAME}\t%{VERSION}-%{RELEASE}\t%{ARCH}\n" ) @@ -359,17 +359,16 @@ func (rm *rpmManager) unpackAndMergeUpdates(ctx context.Context, updates types.U // - Reports being slightly out of date, where a newer security revision has displaced the one specified leading to not found errors. // - Reports not specifying version epochs correct (e.g. bsdutils=2.36.1-8+deb11u1 instead of with epoch as 1:2.36.1-8+dev11u1) // - Reports specifying remediation packages for cbl-mariner v1 instead of v2 (e.g. *.cm1.aarch64 instead of *.cm2.aarch64) - const aptDownloadTemplate = "yum reinstall --downloadonly --downloaddir=. --best -y %s" + const rpmDownloadTemplate = `yum reinstall --downloadonly --downloaddir=. --best -y %s` pkgStrings := []string{} for _, u := range updates { pkgStrings = append(pkgStrings, u.Name) } - downloadCmd := fmt.Sprintf(aptDownloadTemplate, strings.Join(pkgStrings, " ")) + downloadCmd := fmt.Sprintf(rpmDownloadTemplate, strings.Join(pkgStrings, " ")) downloaded := busyboxCopied.Run(llb.Shlex(downloadCmd), llb.WithProxy(utils.GetProxy())).Root() // Scripted enumeration and rpm install of all downloaded packages under the download folder as root - // `rpm -i` doesn't support installing to a target directory, so chroot into the download folder to install the packages. - const extractTemplate = `chroot %s ./busybox find . -name '*.rpm' -exec ./busybox rpm -i '{}' \;` + const extractTemplate = `sh -c 'for f in %[1]s/*.rpm ; do rpm2cpio "$f" | cpio -idmv -D %[1]s ; done'` extractCmd := fmt.Sprintf(extractTemplate, downloadPath) unpacked := downloaded.Run(llb.Shlex(extractCmd)).Root()