Skip to content

elbepack: cyclonedx-sbom: add support for flat repository layouts #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
d4nuu8 wants to merge 3 commits into from
+49 −18
Closed

elbepack: cyclonedx-sbom: add support for flat repository layouts #463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3b05c45
elbepack: main: mark import_cmd_module() as tree-wide usable
d4nuu8 Jun 26, 2026
3f8755c
elbepack: cyclonedx-sbom: add tests for repository URL parsing
d4nuu8 Jun 11, 2026
4241006
elbepack: cyclonedx-sbom: add support for flat repository layouts
d4nuu8 Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 17 additions & 14 deletions elbepack/commands/cyclonedx-sbom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,20 +49,23 @@ def _remove_empty_fields(dict):


def _repository_url(uri):
uri_parts = uri.split('/')
if len(uri_parts) < 6:
raise ValueError('URI needs to be in pool layout')
if uri_parts[-4] == 'pool':
# http://deb.debian.org/debian/pool/a/adduser/adduser_3.134_all.deb
return '/'.join(uri_parts[:-4])
elif uri_parts[-5] == 'pool':
# http://deb.debian.org/debian/pool/main/a/adduser/adduser_3.134_all.deb
return '/'.join(uri_parts[:-5])
elif uri_parts[-6] == 'pool':
# http://deb.debian.org/debian-security/pool/updates/main/u/util-linux/bsdutils_2.38.1-5%2bdeb12u1_amd64.deb
return '/'.join(uri_parts[:-6])
else:
raise ValueError('URI needs to be in pool layout')
parsed = urllib.parse.urlsplit(uri)
path_parts = parsed.path.split('/')

if path_parts[-1].endswith('.deb'):
# Standard Debian layout: repository root is everything before /pool/.
if 'pool' in path_parts:
repo_path = '/'.join(path_parts[:path_parts.index('pool')])
else:
# Flat repository: repo URL is everything before the filename.
repo_path = '/'.join(path_parts[:-1])

if not repo_path:
repo_path = '/'

return urllib.parse.urlunsplit((parsed.scheme, parsed.netloc, repo_path, '', ''))

raise ValueError(f'Unexpected URI format: {uri}')


def _purl_from_pkg(pkg):
Expand Down
6 changes: 3 additions & 3 deletions elbepack/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def get_cmdlist():
return [x for _, x, _ in pkgutil.iter_modules(elbepack.commands.__path__)]


def _import_cmd_module(cmd):
def import_cmd_module(cmd):
return importlib.import_module('.' + cmd, elbepack.commands.__name__)


Expand All @@ -37,7 +37,7 @@ def main(argv=sys.argv):
logging.basicConfig()
logging.getLogger('suds').setLevel(logging.WARNING)

cmdmod = _import_cmd_module(args.cmd)
cmdmod = import_cmd_module(args.cmd)

try:
cmdmod.run_command(cmd_argv)
Expand All @@ -48,5 +48,5 @@ def main(argv=sys.argv):


def run_elbe_subcommand(argv):
cmdmod = _import_cmd_module(argv[0])
cmdmod = import_cmd_module(argv[0])
return cmdmod.run_command([os.fspath(arg) for arg in argv[1:]])
29 changes: 28 additions & 1 deletion elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@

import jsonschema

import pytest

try:
import jsonschema._validators

Expand All @@ -33,7 +35,7 @@ def _extras_msg(extras):
from jsonschema.validators import RefResolver


from elbepack.main import run_elbe_subcommand
from elbepack.main import import_cmd_module, run_elbe_subcommand

here = pathlib.Path(__file__).parent

Expand Down Expand Up @@ -76,3 +78,28 @@ def test_reference_data():

reference_errors = here.joinpath('cyclonedx_reference.json.errors').read_text()
assert error_report == reference_errors


@pytest.mark.parametrize('uri, expected_repository_url', [
(
'http://deb.debian.org/debian/pool/a/adduser/adduser_3.134_all.deb',
'http://deb.debian.org/debian',
),
(
'http://deb.debian.org/debian/pool/main/a/adduser/adduser_3.134_all.deb',
'http://deb.debian.org/debian',
),
(
'http://deb.debian.org/debian-security/pool/updates/main/u/util-linux/'
'bsdutils_2.38.1-5%2bdeb12u1_amd64.deb',
'http://deb.debian.org/debian-security',
),
(
'https://deb.corporate.com/corp/foo/ethtool_6.14.2-1%7edeb13u1_arm64.deb',
'https://deb.corporate.com/corp/foo',
),
])
def test_repository_url_examples(uri, expected_repository_url):
cyclonedx_sbom = import_cmd_module('cyclonedx-sbom')

assert cyclonedx_sbom._repository_url(uri) == expected_repository_url
1 change: 1 addition & 0 deletions newsfragments/+scyclonedx-sbom-flat-repos.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Extend cyclonedx-sbom command to support flat repositories (e.g. minidinst).
Loading