Skip to content

Commit

Permalink
Add a list of suppressed rpm repos
Browse files Browse the repository at this point in the history
  • Loading branch information
@ralphbean
ralphbean committed Jan 15, 2025
1 parent 1552908 commit cdad88f
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 15 deletions.
21 changes: 21 additions & 0 deletions hack/render-known-rpm-repositories.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/usr/bin/env bash

set -o errexit
set -o pipefail
set -o nounset

cd "$(git rev-parse --show-toplevel)"

BASE_URL='https://access.redhat.com/security/data/meta/v1/repository-to-cpe.json'

export COMMENT='
This file is automatically generated by hack/update-repository-to-cpe.sh. Do not update it directly.
'

curl -L "${BASE_URL}" | \
yq '.data |
[to_entries[].key] as $repos |
$repos + load("hack/extra_rpm_repositories.yml").extras | sort | unique as $repos |
$repos - load("hack/suppressed_rpm_repositories.yml").suppressed | sort | unique as $repos |
{"rule_data": {"known_rpm_repositories": $repos}} |
. head_comment=env(COMMENT)'
7 changes: 7 additions & 0 deletions hack/suppressed_rpm_repositories.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Update this list for any repos that we be removed from the list of known repositories.
#
# As of KONFLUX-6218, put repositories here that we don't want people to use even though they do appear in the cpe mapping file.

suppressed:
- ubi-9-appstream-rpms
- ubi-9-baseos-rpms
13 changes: 1 addition & 12 deletions hack/update-known-rpm-repositories.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,4 @@ set -o nounset

cd "$(git rev-parse --show-toplevel)"

BASE_URL='https://access.redhat.com/security/data/meta/v1/repository-to-cpe.json'

export COMMENT='
This file is automatically generated by hack/update-repository-to-cpe.sh. Do not update it directly.
'

curl -L "${BASE_URL}" | \
yq '.data |
[to_entries[].key] as $repos |
$repos + load("hack/extra_rpm_repositories.yml").extras | sort | unique as $repos |
{"rule_data": {"known_rpm_repositories": $repos}} |
. head_comment=env(COMMENT)' > data/known_rpm_repositories.yml
hack/render-known-rpm-repositories.sh > data/known_rpm_repositories.yml
4 changes: 1 addition & 3 deletions hack/verify-data.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,7 @@ set -o nounset
cd "$(git rev-parse --show-toplevel)"

# Verify known_rpm_repositories.yml has been updated with entries from extra_rpm_repositories.yml.
outdated="$(comm -13 \
<(yq .rule_data.known_rpm_repositories "data/known_rpm_repositories.yml" | sort -u) \
<(yq .extras "hack/extra_rpm_repositories.yml" | sort -u))"
outdated="$(./hack/render-known-rpm-repositories.sh | diff data/known_rpm_repositories.yml - || true)"
if [[ -n "${outdated}" && "${outdated}" != "[]" ]]; then
echo "Out of date items found:"
echo "${outdated}"
Expand Down

0 comments on commit cdad88f

Please sign in to comment.