From 47df66960f2984bf1a9a9e158ef32b760c4ddff3 Mon Sep 17 00:00:00 2001
From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Date: Tue, 5 Jul 2022 11:29:31 -0400
Subject: [PATCH] update AltRpmDbGlob with comment and context (#1085)

---
 syft/pkg/relationships_by_file_ownership.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/syft/pkg/relationships_by_file_ownership.go b/syft/pkg/relationships_by_file_ownership.go
index 20079a893..157c6bf6e 100644
--- a/syft/pkg/relationships_by_file_ownership.go
+++ b/syft/pkg/relationships_by_file_ownership.go
@@ -7,13 +7,17 @@ import (
 	"github.com/scylladb/go-set/strset"
 )
 
+// AltRpmDBGlob allows db matches against new locations introduced in fedora:{36,37}
+// See https://github.com/anchore/syft/issues/1077 for larger context
+const AltRpmDBGlob = "**/rpm/{Packages,Packages.db,rpmdb.sqlite}"
+
 var globsForbiddenFromBeingOwned = []string{
 	// any OS DBs should automatically be ignored to prevent cyclic issues (e.g. the "rpm" RPM owns the path to the
 	// RPM DB, so if not ignored that package would own all other packages on the system).
 	ApkDBGlob,
 	DpkgDBGlob,
 	RpmDBGlob,
-	"**/rpm/{Packages,Packages.db,rpmdb.sqlite}",
+	AltRpmDBGlob,
 	// DEB packages share common copyright info between, this does not mean that sharing these paths implies ownership.
 	"/usr/share/doc/**/copyright",
 }