Skip to content

feat(package): track if binary packages are essential #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
fmoessbauer wants to merge 6 commits into
base: main
Choose a base branch
from
+45 −4
Open

feat(package): track if binary packages are essential #182

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2b2c5d7
test: generalize dpkg-minimal tests assume less about file
fmoessbauer Mar 2, 2026
3d32ee0
feat(package): track if binary packages are essential
fmoessbauer Mar 2, 2026
9a07ce8
feat(cdx): denote if a package is essential
fmoessbauer Mar 2, 2026
6de828e
test: check if essential field of bin packages is extracted
fmoessbauer Mar 2, 2026
43eb3d1
feat(exporter): add essential information to graph
fmoessbauer Mar 2, 2026
d52e085
test(exporter): check if CycloneDX graph has essential property
fmoessbauer Mar 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/debsbom/dpkg/package.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -569,6 +569,7 @@ class BinaryPackage(Package):
provides: list[VirtualPackage]
built_using: list[Dependency]
description: str | None
essential: bool
manually_installed: bool
status: DpkgStatus
_locator: str | None = None
Expand All @@ -585,6 +586,7 @@ def __init__(
provides: list[VirtualPackage] = [],
built_using: list[Dependency] = [],
description: str | None = None,
essential: bool = False,
homepage: str | None = None,
checksums: dict[ChecksumAlgo, str] | None = None,
manually_installed: bool = True,
Expand All @@ -600,6 +602,7 @@ def __init__(
self.provides = provides
self.built_using = built_using
self.description = description
self.essential = essential
self.homepage = homepage
self.checksums = checksums or {}
self.manually_installed = manually_installed
Expand Down Expand Up @@ -654,6 +657,7 @@ def merge_with(self, other: "BinaryPackage"):
self.source = other.source
if not self.description:
self.description = other.description
self.essential |= other.essential
self.manually_installed |= other.manually_installed
# we cannot merge the status, but if the other package is
# marked as installed, consider all as installed.
Expand Down Expand Up @@ -759,6 +763,7 @@ def from_deb822(cls, package) -> "BinaryPackage":
provides=provides,
built_using=sdepends,
description=cls._cleanup_description(package.get("Description")),
essential=package.get("Essential") == "yes",
homepage=package.get("Homepage"),
checksums=checksums_from_package(package),
status=status,
Expand Down
3 changes: 3 additions & 0 deletions src/debsbom/generate/cdx.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@ def cdx_package_repr(
if package.is_binary():
entry.description = package.description
entry.properties.add(cdx_model.Property(name="section", value=package.section))
entry.properties.add(
cdx_model.Property(name="essential", value="yes" if package.essential else "no")
Copy link
Collaborator

@Urist-McGit Urist-McGit Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we not use a simple True or False here? It should translate directly to the JSON boolean type

)
logger.debug(f"Created binary component: {entry}")
elif package.is_source():
if package.vcs:
Expand Down
6 changes: 3 additions & 3 deletions tests/test_download.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,12 +143,12 @@ def test_package_resolver_resolve_spdx(spdx_bomfile, tmpdir, sdl):
rs_cache = PersistentResolverCache(cachedir)
urs = UpstreamResolver(sdl, rs_cache)

files = list(urs.resolve(next(prs)))
files = list(urs.resolve(next(filter(lambda p: p.name == "binutils", prs))))
assert "binutils" in files[0].filename

# resolve with cache
prs = PackageResolver.create(spdx_bomfile)
files = list(urs.resolve(next(prs)))
files = list(urs.resolve(next(filter(lambda p: p.name == "binutils", prs))))
assert "binutils" in files[0].filename


Expand Down Expand Up @@ -210,7 +210,7 @@ def test_repack(tmpdir, spdx_bomfile, cdx_bomfile, http_session, sdl):

# download a single package
dl = PackageDownloader(dl_dir, session=http_session)
for p in filter_sources(pkgs):
for p in filter(lambda p: p.name == "binutils", filter_sources(pkgs)):
dl.register(urs.resolve(p), p)
files = list(dl.download())
assert len(files) == 3
Expand Down