root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6217 from nalind/sbom-user 

Builder.sbomScan(): don't break non-root scanners
This commit is contained in:
openshift-merge-bot[bot] 2025-06-10 18:15:44 +00:00 committed by GitHub
parent d14b4f8dc7 9f35e8a2ac
commit f46d15d721
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
scan.go
View File

@ -52,6 +52,13 @@ func (b *Builder) sbomScan(ctx context.Context, options CommitOptions) (imageFil
}
}
}()
scansSubdir := filepath.Join(scansDir, "scans")
if err = os.Mkdir(scansSubdir, 0o700); err != nil {
return nil, nil, "", err
}
if err = os.Chmod(scansSubdir, 0o777); err != nil {
return nil, nil, "", err
}
// We may be producing sets of outputs using temporary containers, and
// there's no need to create more than one container for any one
@ -127,7 +134,7 @@ func (b *Builder) sbomScan(ctx context.Context, options CommitOptions) (imageFil
// Our temporary directory, read-write.
{
Type: define.TypeBind,
Source: scansDir,
Source: scansSubdir,
Destination: scansTargetDir,
Options: []string{"rw", "z"},
},
@ -212,19 +219,19 @@ func (b *Builder) sbomScan(ctx context.Context, options CommitOptions) (imageFil
var sbomResult, purlResult string
switch {
case scanSpec.ImageSBOMOutput != "":
sbomResult = filepath.Join(scansDir, filepath.Base(scanSpec.ImageSBOMOutput))
sbomResult = filepath.Join(scansSubdir, filepath.Base(scanSpec.ImageSBOMOutput))
case scanSpec.SBOMOutput != "":
sbomResult = filepath.Join(scansDir, filepath.Base(scanSpec.SBOMOutput))
sbomResult = filepath.Join(scansSubdir, filepath.Base(scanSpec.SBOMOutput))
default:
sbomResult = filepath.Join(scansDir, "sbom-result")
sbomResult = filepath.Join(scansSubdir, "sbom-result")
}
switch {
case scanSpec.ImagePURLOutput != "":
purlResult = filepath.Join(scansDir, filepath.Base(scanSpec.ImagePURLOutput))
purlResult = filepath.Join(scansSubdir, filepath.Base(scanSpec.ImagePURLOutput))
case scanSpec.PURLOutput != "":
purlResult = filepath.Join(scansDir, filepath.Base(scanSpec.PURLOutput))
purlResult = filepath.Join(scansSubdir, filepath.Base(scanSpec.PURLOutput))
default:
purlResult = filepath.Join(scansDir, "purl-result")
purlResult = filepath.Join(scansSubdir, "purl-result")
}
copyFile := func(destination, source string) error {
dst, err := os.Create(destination)
@ -244,7 +251,7 @@ func (b *Builder) sbomScan(ctx context.Context, options CommitOptions) (imageFil
}
err = func() error {
for i := range resultFiles {
thisResultFile := filepath.Join(scansDir, filepath.Base(resultFiles[i]))
thisResultFile := filepath.Join(scansSubdir, filepath.Base(resultFiles[i]))
switch i {
case 0:
// Straight-up copy to create the first version of the final output.