github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/dpkg.go (about) 1 package pkg 2 3 import ( 4 "sort" 5 6 "github.com/scylladb/go-set/strset" 7 8 "github.com/anchore/syft/syft/file" 9 ) 10 11 const DpkgDBGlob = "**/var/lib/dpkg/{status,status.d/**}" 12 13 var _ FileOwner = (*DpkgDBEntry)(nil) 14 15 // DpkgDBEntry represents all captured data for a Debian package DB entry; available fields are described 16 // at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section. 17 // Additional information about how these fields are used can be found at 18 // - https://www.debian.org/doc/debian-policy/ch-controlfields.html 19 // - https://www.debian.org/doc/debian-policy/ch-relationships.html 20 // - https://www.debian.org/doc/debian-policy/ch-binary.html#s-virtual-pkg 21 // - https://www.debian.org/doc/debian-policy/ch-relationships.html#s-virtual 22 type DpkgDBEntry struct { 23 Package string `json:"package"` 24 Source string `json:"source" cyclonedx:"source"` 25 Version string `json:"version"` 26 SourceVersion string `json:"sourceVersion" cyclonedx:"sourceVersion"` 27 28 // Architecture can include the following sets of values depending on context and the control file used: 29 // - a unique single word identifying a Debian machine architecture as described in Architecture specification string (https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-arch-spec) . 30 // - an architecture wildcard identifying a set of Debian machine architectures, see Architecture wildcards (https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-arch-wildcard-spec). any matches all Debian machine architectures and is the most frequently used. 31 // - "all", which indicates an architecture-independent package. 32 // - "source", which indicates a source package. 33 Architecture string `json:"architecture"` 34 35 // Maintainer is the package maintainer’s name and email address. The name must come first, then the email 36 // address inside angle brackets <> (in RFC822 format). 37 Maintainer string `json:"maintainer"` 38 39 InstalledSize int `json:"installedSize" cyclonedx:"installedSize"` 40 41 // Description contains a description of the binary package, consisting of two parts, the synopsis or the short 42 // description, and the long description (in a multiline format). 43 Description string `hash:"ignore" json:"-"` 44 45 // Provides is a virtual package that is provided by one or more packages. A virtual package is one which appears 46 // in the Provides control field of another package. The effect is as if the package(s) which provide a particular 47 // virtual package name had been listed by name everywhere the virtual package name appears. (See also Virtual packages) 48 Provides []string `json:"provides,omitempty"` 49 50 // Depends This declares an absolute dependency. A package will not be configured unless all of the packages listed in 51 // its Depends field have been correctly configured (unless there is a circular dependency). 52 Depends []string `json:"depends,omitempty"` 53 54 // PreDepends is like Depends, except that it also forces dpkg to complete installation of the packages named 55 // before even starting the installation of the package which declares the pre-dependency. 56 PreDepends []string `json:"preDepends,omitempty"` 57 58 Files []DpkgFileRecord `json:"files"` 59 } 60 61 // DpkgFileRecord represents a single file attributed to a debian package. 62 type DpkgFileRecord struct { 63 Path string `json:"path"` 64 Digest *file.Digest `json:"digest,omitempty"` 65 IsConfigFile bool `json:"isConfigFile"` 66 } 67 68 func (m DpkgDBEntry) OwnedFiles() (result []string) { 69 s := strset.New() 70 for _, f := range m.Files { 71 if f.Path != "" { 72 s.Add(f.Path) 73 } 74 } 75 result = s.List() 76 sort.Strings(result) 77 return 78 }