diff --git a/carton/buildmodule_dependency.go b/carton/buildmodule_dependency.go index 16321c0..3688229 100644 --- a/carton/buildmodule_dependency.go +++ b/carton/buildmodule_dependency.go @@ -36,6 +36,7 @@ const ( type BuildModuleDependency struct { BuildModulePath string ID string + Arch string SHA256 string URI string Version string @@ -59,11 +60,12 @@ func (b BuildModuleDependency) Update(options ...Option) { logger := log.NewPaketoLogger(os.Stdout) _, _ = fmt.Fprintf(logger.TitleWriter(), "\n%s\n", log.FormatIdentity(b.ID, b.VersionPattern)) - logger.Headerf("Version: %s", b.Version) - logger.Headerf("PURL: %s", b.PURL) - logger.Headerf("CPEs: %s", b.CPE) - logger.Headerf("URI: %s", b.URI) - logger.Headerf("SHA256: %s", b.SHA256) + logger.Headerf("Arch: %s", b.Arch) + logger.Headerf("Version: %s", b.Version) + logger.Headerf("PURL: %s", b.PURL) + logger.Headerf("CPEs: %s", b.CPE) + logger.Headerf("URI: %s", b.URI) + logger.Headerf("SHA256: %s", b.SHA256) logger.Headerf("Source: %s", b.Source) logger.Headerf("SourceSHA256: %s", b.SourceSHA256) @@ -142,7 +144,27 @@ func (b BuildModuleDependency) Update(options ...Option) { continue } - if depID == b.ID { + // extract the arch from the PURL, it's the only place it lives consistently at the moment + var depArch string + purlUnwrapped, found := dep["purl"] + if found { + purl, ok := purlUnwrapped.(string) + if ok { + purlArchExp := regexp.MustCompile(`arch=(.*)`) + purlArchMatches := purlArchExp.FindStringSubmatch(purl) + if len(purlArchMatches) == 2 { + depArch = purlArchMatches[1] + } + } + } + + // if not set, we presently need to default to amd64 because a lot of deps do not specify arch + // in the future when we add the arch field to our deps, then we can remove this because empty should then mean noarch + if depArch == "" { + depArch = "amd64" + } + + if depID == b.ID && depArch == b.Arch { depVersionUnwrapped, found := dep["version"] if !found { continue @@ -152,6 +174,7 @@ func (b BuildModuleDependency) Update(options ...Option) { if !ok { continue } + if versionExp.MatchString(depVersion) { dep["version"] = b.Version dep["uri"] = b.URI diff --git a/carton/buildmodule_dependency_test.go b/carton/buildmodule_dependency_test.go index 94ba12f..14004c1 100644 --- a/carton/buildmodule_dependency_test.go +++ b/carton/buildmodule_dependency_test.go @@ -75,6 +75,7 @@ source-sha256 = "test-source-sha256-1" d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -124,6 +125,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -174,6 +176,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -243,6 +246,7 @@ source-sha256 = "test-source-sha256-2" d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-3", URI: "test-uri-3", Version: "test-version-3", @@ -309,6 +313,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -359,6 +364,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -410,6 +416,7 @@ cpes = 1234 d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -463,6 +470,7 @@ version = "1.2.3" d := carton.BuildModuleDependency{ BuildModulePath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", diff --git a/commands/dependency_update_build_module.go b/commands/dependency_update_build_module.go index 34c1551..83d3fdb 100644 --- a/commands/dependency_update_build_module.go +++ b/commands/dependency_update_build_module.go @@ -39,6 +39,10 @@ func DependencyUpdateBuildModuleCommand() *cobra.Command { log.Fatal("id must be set") } + if b.Arch == "" { + b.Arch = "amd64" + } + if b.SHA256 == "" { log.Fatal("sha256 must be set") } @@ -77,6 +81,7 @@ func DependencyUpdateBuildModuleCommand() *cobra.Command { dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.BuildModulePath, "buildmodule-toml", "", "path to buildpack.toml or extension.toml") dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.ID, "id", "", "the id of the dependency") + dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.Arch, "arch", "", "the arch of the dependency") dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.SHA256, "sha256", "", "the new sha256 of the dependency") dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.URI, "uri", "", "the new uri of the dependency") dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.Version, "version", "", "the new version of the dependency")