Skip to content

fix(apt-cache): also parse unsigned apt cache release files#173

Merged
Urist-McGit merged 3 commits intomainfrom
fm/apt-unsigned-release
Jan 21, 2026
Merged

fix(apt-cache): also parse unsigned apt cache release files#173
Urist-McGit merged 3 commits intomainfrom
fm/apt-unsigned-release

Conversation

@fmoessbauer
Copy link
Member

@fmoessbauer fmoessbauer commented Jan 21, 2026

We anyways don't check the signature as we are not apt. But we need to parse the unsigned release files (ending in _Release) as well, as otherwise local apt sources are not processed.

fmoessbauer
fmoessbauer commented Jan 21, 2026
View reviewed changes
@fmoessbauer fmoessbauer force-pushed the fm/apt-unsigned-release branch from c2e7c07 to fb3f748 Compare January 21, 2026 11:41
@fmoessbauer
Copy link
Member Author

fmoessbauer commented Jan 21, 2026

@Urist-McGit Please check why black fails in completely unrelated parts.

@Urist-McGit
Copy link
Collaborator

Urist-McGit commented Jan 21, 2026

@Urist-McGit Please check why black fails in completely unrelated parts.

The 26.1.0 black relase introduced a new rule always_one_newline_after_import which I think causes these formatting errors. I dont think we can turn off specific formatting rules in black, so we should just apply it once in a formatting patch

@fmoessbauer
Copy link
Member Author

fmoessbauer commented Jan 21, 2026

The 26.1.0 black relase introduced a new rule always_one_newline_after_import which I think causes these formatting errors. I dont think we can turn off specific formatting rules in black, so we should just apply it once in a formatting patch

Oh dear... That's why I hate mandatory code formatters. Doesn't black support turning on / off options?

@fmoessbauer
fix(apt-cache): also parse unsigned apt cache release files
2824e38 
We anyways don't check the signature as we are not apt. But we need to
parse the unsigned release files (ending in _Release) as well, as
otherwise local apt sources are not processed.

Fixes: 658b08a ("feat: add apt cache repository parsing")
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
@fmoessbauer
test: check if unsigned apt repos are imported as well
fe5f614 
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
@fmoessbauer
feat(packages): enhance incomplete source packages with apt binary data
4fb637b 
In case we have ingress via --from-pkglist, we only have partial
information about source packages. After loading the apt cache data, we
have complete information, but potentially only for binary packages (in
case we only have binary apt data). The binary apt data is sufficient to
add the maintainer to the source package, which is highly important for
the SBOM.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
@fmoessbauer fmoessbauer force-pushed the fm/apt-unsigned-release branch from f324289 to 4fb637b Compare January 21, 2026 14:11
@Urist-McGit Urist-McGit merged commit 66d8dbb into main Jan 21, 2026
14 checks passed
@Urist-McGit Urist-McGit deleted the fm/apt-unsigned-release branch January 21, 2026 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Urist-McGit Urist-McGit Urist-McGit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fmoessbauer @Urist-McGit