From b963be219b2be4bad98ce4f38098eedc8e7024be Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Sun, 21 Feb 2021 01:45:10 +0000 Subject: [PATCH] allow ability to catalog packages from /var/lib/dpkg/status.d/ Some debian-based variants (such as Google's Distroless images) don't write a single file to `/var/lib/dpkg/status`, but rather write a file per package to `/var/lib/dpkg/status.d/` related to #44 Signed-off-by: Weston Steimel --- syft/cataloger/deb/cataloger.go | 5 ++++- syft/pkg/dpkg_metadata.go | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/syft/cataloger/deb/cataloger.go b/syft/cataloger/deb/cataloger.go index a8d9422c4..49694fb38 100644 --- a/syft/cataloger/deb/cataloger.go +++ b/syft/cataloger/deb/cataloger.go @@ -38,6 +38,7 @@ func (c *Cataloger) Catalog(resolver source.Resolver) ([]pkg.Package, error) { return nil, fmt.Errorf("failed to find dpkg status files's by glob: %w", err) } + var results []pkg.Package var pkgs []pkg.Package for _, dbLocation := range dbFileMatches { dbContents, err := resolver.FileContentsByLocation(dbLocation) @@ -94,8 +95,10 @@ func (c *Cataloger) Catalog(resolver source.Resolver) ([]pkg.Package, error) { } } } + + results = append(results, pkgs...) } - return pkgs, nil + return results, nil } func fetchMd5Contents(resolver source.Resolver, dbLocation source.Location, pkgs []pkg.Package) (map[string]io.Reader, map[string]source.Location, error) { diff --git a/syft/pkg/dpkg_metadata.go b/syft/pkg/dpkg_metadata.go index 3f91c4879..b50ac49aa 100644 --- a/syft/pkg/dpkg_metadata.go +++ b/syft/pkg/dpkg_metadata.go @@ -8,7 +8,7 @@ import ( "github.com/scylladb/go-set/strset" ) -const DpkgDbGlob = "**/var/lib/dpkg/status" +const DpkgDbGlob = "**/var/lib/dpkg/{status,status.d/**}" var _ fileOwner = (*DpkgMetadata)(nil)