You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried using the package exclude function in vigiles but get the following error:
Traceback (most recent call last):
File "/home/jkeller/platform/vigiles-buildroot/scripts/vigiles-buildroot.py", line 197, in <module>
__main__()
File "/home/jkeller/platform/vigiles-buildroot/scripts/vigiles-buildroot.py", line 191, in __main__
write_manifest(vgls)
File "/home/jkeller/platform/vigiles-buildroot/scripts/manifest.py", line 120, in write_manifest
amend_manifest(vgls, final)
File "/home/jkeller/platform/vigiles-buildroot/scripts/amendments.py", line 178, in amend_manifest
_filter_excluded_packages(manifest['packages'], excld_pkgs)
File "/home/jkeller/platform/vigiles-buildroot/scripts/amendments.py", line 112, in _filter_excluded_packages
pkg_matches = list(set([
File "/home/jkeller/platform/vigiles-buildroot/scripts/amendments.py", line 115, in <listcomp>
if v['name'] in excld_pkgs
KeyError: 'name'
When inspecting the manifest generated by the tool, it looks like there is at least one member that doesn't have the 'name' key. For me, the udev virtual package doesn't have a name key, tripping up amendments.py
While the patch below keeps things moving, I couldn't find out why udev doesn't have a 'name' key.
I can repro this bug using pc_x86_64_efi_defconfig from buildroot 2022.05 and a package exclude file containing just zlib.
diff --git a/scripts/amendments.py b/scripts/amendments.py
index e6fb561..9a6b29d 100644
--- a/scripts/amendments.py+++ b/scripts/amendments.py@@ -111,7 +111,7 @@ def _filter_excluded_packages(vgls_pkgs, excld_pkgs):
pkg_matches = list(set([
k
for k, v in vgls_pkgs.items()
- if v['name'] in excld_pkgs+ if 'name' in v and v['name'] in excld_pkgs
]))
info("Vigiles: Excluding Packages: %s" % sorted(pkg_matches))
The text was updated successfully, but these errors were encountered:
Thanks for reporting this. Our team was able to reproduce this issue based on the information that you provided.
We are now working on a fix to improve the handling of virtual packages as our main interest is in capturing the provider of the virtual package(which should also be in the SBOM already), as the provider is the package that would be subject to vulnerabilities in this case. In its default configuration udev is provided by either eudev or systemd.
I tried using the package exclude function in vigiles but get the following error:
When inspecting the manifest generated by the tool, it looks like there is at least one member that doesn't have the 'name' key. For me, the
udev
virtual package doesn't have aname
key, tripping up amendments.pyWhile the patch below keeps things moving, I couldn't find out why udev doesn't have a 'name' key.
I can repro this bug using
pc_x86_64_efi_defconfig
from buildroot 2022.05 and a package exclude file containing justzlib
.The text was updated successfully, but these errors were encountered: