Allow Syft to read deb files appropriately instead of misclassifying as binary (#17)

* Update run.Dockerfile

Updated dpkg-deb command to use `--control` instead of `-e` to be more specific of its function
Changed folder to `CONTROL` instead of `MD5SUMS` to explain its use more
Moved md5sums file to `/tiny/var/lib/dpkg/status.d/$pkg.md5sums` to follow what is done with Distroless images and to allow Syft to function correctly.

* Update metadata_tiny_stack_test.go

Modified test to read the md5sums file from status.d directory instead of info.

Author: miller79

metadata_tiny_stack_test.go

@@ -122,7 +122,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/base-files.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/base-files.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/ca-certificates", SatisfyAll(
 				ContainSubstring("Package: ca-certificates"),
@@ -134,7 +134,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/ca-certificates.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/ca-certificates.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/libc6", SatisfyAll(
 				ContainSubstring("Package: libc6"),
@@ -148,7 +148,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/libc6.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/libc6.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/libssl3t64", SatisfyAll(
 				ContainSubstring("Package: libssl3t64"),
@@ -162,7 +162,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/libssl3t64.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/libssl3t64.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/netbase", SatisfyAll(
 				ContainSubstring("Package: netbase"),
@@ -174,7 +174,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/netbase.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/netbase.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/openssl", SatisfyAll(
 				ContainSubstring("Package: openssl"),
@@ -188,7 +188,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/openssl.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/openssl.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/tzdata", SatisfyAll(
 				ContainSubstring("Package: tzdata"),
@@ -200,7 +200,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/tzdata.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/tzdata.md5sums"))
 
 			Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/zlib1g", SatisfyAll(
 				ContainSubstring("Package: zlib1g"),
@@ -214,7 +214,7 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
 				ContainSubstring("/."),
 			)))
 
-			Expect(image).To(HaveFile("/var/lib/dpkg/info/zlib1g.md5sums"))
+			Expect(image).To(HaveFile("/var/lib/dpkg/status.d/zlib1g.md5sums"))
 
 			Expect(image).NotTo(HaveFile("/usr/share/ca-certificates"))
 

stacks/noble-tiny-stack/run/run.Dockerfile

@@ -27,9 +27,9 @@ RUN apt download $packages \
       && dpkg-deb -c $pkg*.deb | awk '{print substr($6, 2)}' > /tiny/var/lib/dpkg/info/$pkg.list \
       && sed -i '1s|.*|/.|' /tiny/var/lib/dpkg/info/$pkg.list \
       && sed -i '/\/$/s|/$||' /tiny/var/lib/dpkg/info/$pkg.list \
-      && dpkg-deb -e $pkg*.deb MD5SUMS \
-      && cp MD5SUMS/md5sums /tiny/var/lib/dpkg/info/$pkg.md5sums \
-      && rm -rf MD5SUMS; \
+      && dpkg-deb --control $pkg*.deb CONTROL \
+      && cp CONTROL/md5sums /tiny/var/lib/dpkg/status.d/$pkg.md5sums \
+      && rm -rf CONTROL; \
     done
 
 RUN ./install-certs.sh