Guard against os-release panic #1488
Conversation
jonjohnsonjr
force-pushed
the
gen-sbom
branch
from
5842e74 to
d518c43
Compare
pkg/build/sbom.go
Outdated
| for _, line := range strings.Split(releaseStr, "\n") { | ||
| if line != "" { | ||
| if len(strings.Split(line, "=")) < 2 { | ||
| return nil, fmt.Errorf("invalid os-release line: %q", line) |
There was a problem hiding this comment.
The format of this file is described at https://www.freedesktop.org/software/systemd/man/latest/os-release.html
Lines beginning with "#" are treated as comments. Blank lines are permitted and ignored.
does above handle this requirement?
There was a problem hiding this comment.
Depending on needs it can be a broken symlink to unmounted /usr partition too.
The file /etc/os-release takes precedence over /usr/lib/os-release. Applications should check for the former, and exclusively use its data if it exists, and only fall back to /usr/lib/os-release if that is missing.
There was a problem hiding this comment.
No - this seems like a likely culprit though. It might be worth making our own parser?
There was a problem hiding this comment.
That's interesting. The osr.Parse code doesn't seem to handle comments, that's probably our root cause.
jonjohnsonjr
force-pushed
the
gen-sbom
branch
from
d518c43 to
3636186
Compare
| continue | ||
| } | ||
|
|
||
| if strings.HasPrefix(line, "#") { |
There was a problem hiding this comment.
Let's add a comment into the good test just to be safe.
Signed-off-by: Jon Johnson <[email protected]>
jonjohnsonjr
force-pushed
the
gen-sbom
branch
from
3636186 to
3a8c332
Compare
No description provided.