pygorpmrustinfo 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pygorpmrustinfo-0.1.0/LICENSE +21 -0
- pygorpmrustinfo-0.1.0/MANIFEST.in +7 -0
- pygorpmrustinfo-0.1.0/PKG-INFO +169 -0
- pygorpmrustinfo-0.1.0/README.md +155 -0
- pygorpmrustinfo-0.1.0/get_go_info +7 -0
- pygorpmrustinfo-0.1.0/get_rpm_info +7 -0
- pygorpmrustinfo-0.1.0/get_rust_audit +7 -0
- pygorpmrustinfo-0.1.0/go.mod +24 -0
- pygorpmrustinfo-0.1.0/go.sum +41 -0
- pygorpmrustinfo-0.1.0/pyproject.toml +70 -0
- pygorpmrustinfo-0.1.0/setup.cfg +37 -0
- pygorpmrustinfo-0.1.0/setup.py +12 -0
- pygorpmrustinfo-0.1.0/src/pygobuildinfo/__init__.py +15 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo/__init__.py +96 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo/_pyinstaller/__init__.py +6 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo/cli.py +64 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo/pygorpmrustinfo.go +161 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo.egg-info/PKG-INFO +169 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo.egg-info/SOURCES.txt +26 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo.egg-info/dependency_links.txt +1 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo.egg-info/entry_points.txt +3 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo.egg-info/not-zip-safe +1 -0
- pygorpmrustinfo-0.1.0/src/pygorpmrustinfo.egg-info/top_level.txt +4 -0
- pygorpmrustinfo-0.1.0/src/pyrpmdb/__init__.py +15 -0
- pygorpmrustinfo-0.1.0/src/pyrustaudit/__init__.py +15 -0
- pygorpmrustinfo-0.1.0/tests/test_legacy_imports.py +28 -0
- pygorpmrustinfo-0.1.0/tests/test_unified_api.py +27 -0
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Mike Moore
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: pygorpmrustinfo
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Unified Go-backed helpers for rpmdb, rust audit, and Go build metadata
|
|
5
|
+
Home-page: https://github.com/MikeMoore63/pygorpmrustinfo
|
|
6
|
+
Author: Mike Moore
|
|
7
|
+
Author-email: z_z_zebra@yahoo.com
|
|
8
|
+
License: MIT
|
|
9
|
+
Classifier: Programming Language :: Python :: 3
|
|
10
|
+
Classifier: Operating System :: OS Independent
|
|
11
|
+
Description-Content-Type: text/markdown
|
|
12
|
+
License-File: LICENSE
|
|
13
|
+
Dynamic: license-file
|
|
14
|
+
|
|
15
|
+
# pygorpmrustinfo
|
|
16
|
+
|
|
17
|
+
pygorpmrustinfo is a unified Python package that exposes the former rpmdb, rust audit, and Go build-info helpers through a single Go-backed extension.
|
|
18
|
+
|
|
19
|
+
## Why this package exists
|
|
20
|
+
|
|
21
|
+
The older split packages each relied on their own Go runtime and native extension. That approach is fragile in Python environments because Go's `c-shared` mode can be unstable when multiple Go runtimes are loaded into the same process. This is the problem described in [Go issue #65050](https://go.dev/issue/65050): loading multiple `c-shared` Go libraries in one process can lead to panics, crashes, or other runtime failures.
|
|
22
|
+
|
|
23
|
+
This consolidation is meant to reduce that risk by keeping a single Go runtime in play, while also reducing memory usage compared with loading several separate native extensions.
|
|
24
|
+
|
|
25
|
+
## Deprecation notice for the old scripts
|
|
26
|
+
|
|
27
|
+
The legacy entry points and package names are being deprecated. The replacement package is pygorpmrustinfo, and the compatibility scripts remain available only for transition:
|
|
28
|
+
|
|
29
|
+
- `get_go_info`
|
|
30
|
+
- `get_rpm_info`
|
|
31
|
+
- `get_rust_audit`
|
|
32
|
+
- the older standalone package names for the previous split implementations
|
|
33
|
+
|
|
34
|
+
These legacy scripts remain available for compatibility, but new work should target `pygorpmrustinfo` instead.
|
|
35
|
+
|
|
36
|
+
## Installation
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
pip install pygorpmrustinfo
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Usage
|
|
43
|
+
|
|
44
|
+
The package provides the same high-level functionality as the older helpers, but through one unified interface. If you are coming from the old packages, the main change is that you install and import one package instead of three separate ones.
|
|
45
|
+
|
|
46
|
+
### CLI
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
get_go_info /path/to/go.mod
|
|
50
|
+
get_rpm_info /path/to/Packages
|
|
51
|
+
get_rust_audit /path/to/rust-binary
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
These scripts are preserved for compatibility, but the recommended path is to depend on `pygorpmrustinfo` directly.
|
|
55
|
+
|
|
56
|
+
### Python API
|
|
57
|
+
|
|
58
|
+
```python
|
|
59
|
+
import json
|
|
60
|
+
import pygorpmrustinfo
|
|
61
|
+
|
|
62
|
+
# Go build metadata
|
|
63
|
+
res = pygorpmrustinfo.get_go_build_info("/path/to/go.mod")
|
|
64
|
+
print(json.dumps(res, indent=4))
|
|
65
|
+
|
|
66
|
+
# RPM database metadata
|
|
67
|
+
res = pygorpmrustinfo.get_rpm_db_info("/path/to/Packages")
|
|
68
|
+
print(json.dumps(res, indent=4))
|
|
69
|
+
|
|
70
|
+
# Rust audit metadata
|
|
71
|
+
res = pygorpmrustinfo.get_rust_audit("/path/to/rust-binary")
|
|
72
|
+
print(json.dumps(res, indent=4))
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
### Example: Go build info
|
|
76
|
+
|
|
77
|
+
```python
|
|
78
|
+
import pygorpmrustinfo
|
|
79
|
+
|
|
80
|
+
info = pygorpmrustinfo.get_go_build_info("/path/to/go.mod")
|
|
81
|
+
print(info["GoVersion"])
|
|
82
|
+
print(info["Path"])
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Example result:
|
|
86
|
+
|
|
87
|
+
```python
|
|
88
|
+
{
|
|
89
|
+
"GoVersion": "go1.18.4",
|
|
90
|
+
"Path": "github.com/example/project",
|
|
91
|
+
"Main": {
|
|
92
|
+
"Path": "github.com/example/project",
|
|
93
|
+
"Version": "(devel)",
|
|
94
|
+
"Sum": "",
|
|
95
|
+
"Replace": null
|
|
96
|
+
},
|
|
97
|
+
"Deps": []
|
|
98
|
+
}
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Example: RPM database info
|
|
102
|
+
|
|
103
|
+
```python
|
|
104
|
+
import pygorpmrustinfo
|
|
105
|
+
|
|
106
|
+
packages = pygorpmrustinfo.get_rpm_db_info("/path/to/Packages")
|
|
107
|
+
for package in packages:
|
|
108
|
+
print(package.get("Name"), package.get("Version"))
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
Example result:
|
|
112
|
+
|
|
113
|
+
```python
|
|
114
|
+
[
|
|
115
|
+
{
|
|
116
|
+
"Name": "bash",
|
|
117
|
+
"Version": "5.1",
|
|
118
|
+
"Release": "1.el9"
|
|
119
|
+
}
|
|
120
|
+
]
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
### Example: Rust audit info
|
|
124
|
+
|
|
125
|
+
```python
|
|
126
|
+
import pygorpmrustinfo
|
|
127
|
+
|
|
128
|
+
packages = pygorpmrustinfo.get_rust_audit("/path/to/rust-binary")
|
|
129
|
+
for package in packages.get("packages", []):
|
|
130
|
+
print(package.get("name"), package.get("version"))
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
Example result:
|
|
134
|
+
|
|
135
|
+
```python
|
|
136
|
+
{
|
|
137
|
+
"packages": [
|
|
138
|
+
{
|
|
139
|
+
"name": "serde",
|
|
140
|
+
"version": "1.0.197",
|
|
141
|
+
"kind": "build"
|
|
142
|
+
}
|
|
143
|
+
]
|
|
144
|
+
}
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
The functions always return a dictionary. On error you may see a structure like:
|
|
148
|
+
|
|
149
|
+
```python
|
|
150
|
+
{
|
|
151
|
+
"error": "path error:/path/to/missing/file"
|
|
152
|
+
}
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
## Migration from the old packages
|
|
156
|
+
|
|
157
|
+
If you previously used one of the older packages, the migration is straightforward:
|
|
158
|
+
|
|
159
|
+
- replace `pyrpmdb` with `pygorpmrustinfo` and call `get_rpm_db_info(...)`
|
|
160
|
+
- replace `pyrustaudit` with `pygorpmrustinfo` and call `get_rust_audit(...)`
|
|
161
|
+
- replace `pygobuildinfo` with `pygorpmrustinfo` and call `get_go_build_info(...)`, `get_go_mod(...)`, or `get_go_sum(...)`
|
|
162
|
+
|
|
163
|
+
For dependency declarations, update requirements, `pyproject.toml`, `setup.cfg`, or `setup.py` to depend on `pygorpmrustinfo` instead of the old package names.
|
|
164
|
+
|
|
165
|
+
## Notes
|
|
166
|
+
|
|
167
|
+
- The consolidation is primarily a stability and resource-usage improvement.
|
|
168
|
+
- It is also a practical mitigation for the risks documented in [Go issue #65050](https://go.dev/issue/65050).
|
|
169
|
+
- If you are maintaining older automation, consider switching to the unified package now so you are not tied to the deprecated script-based workflow.
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
# pygorpmrustinfo
|
|
2
|
+
|
|
3
|
+
pygorpmrustinfo is a unified Python package that exposes the former rpmdb, rust audit, and Go build-info helpers through a single Go-backed extension.
|
|
4
|
+
|
|
5
|
+
## Why this package exists
|
|
6
|
+
|
|
7
|
+
The older split packages each relied on their own Go runtime and native extension. That approach is fragile in Python environments because Go's `c-shared` mode can be unstable when multiple Go runtimes are loaded into the same process. This is the problem described in [Go issue #65050](https://go.dev/issue/65050): loading multiple `c-shared` Go libraries in one process can lead to panics, crashes, or other runtime failures.
|
|
8
|
+
|
|
9
|
+
This consolidation is meant to reduce that risk by keeping a single Go runtime in play, while also reducing memory usage compared with loading several separate native extensions.
|
|
10
|
+
|
|
11
|
+
## Deprecation notice for the old scripts
|
|
12
|
+
|
|
13
|
+
The legacy entry points and package names are being deprecated. The replacement package is pygorpmrustinfo, and the compatibility scripts remain available only for transition:
|
|
14
|
+
|
|
15
|
+
- `get_go_info`
|
|
16
|
+
- `get_rpm_info`
|
|
17
|
+
- `get_rust_audit`
|
|
18
|
+
- the older standalone package names for the previous split implementations
|
|
19
|
+
|
|
20
|
+
These legacy scripts remain available for compatibility, but new work should target `pygorpmrustinfo` instead.
|
|
21
|
+
|
|
22
|
+
## Installation
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
pip install pygorpmrustinfo
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## Usage
|
|
29
|
+
|
|
30
|
+
The package provides the same high-level functionality as the older helpers, but through one unified interface. If you are coming from the old packages, the main change is that you install and import one package instead of three separate ones.
|
|
31
|
+
|
|
32
|
+
### CLI
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
get_go_info /path/to/go.mod
|
|
36
|
+
get_rpm_info /path/to/Packages
|
|
37
|
+
get_rust_audit /path/to/rust-binary
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
These scripts are preserved for compatibility, but the recommended path is to depend on `pygorpmrustinfo` directly.
|
|
41
|
+
|
|
42
|
+
### Python API
|
|
43
|
+
|
|
44
|
+
```python
|
|
45
|
+
import json
|
|
46
|
+
import pygorpmrustinfo
|
|
47
|
+
|
|
48
|
+
# Go build metadata
|
|
49
|
+
res = pygorpmrustinfo.get_go_build_info("/path/to/go.mod")
|
|
50
|
+
print(json.dumps(res, indent=4))
|
|
51
|
+
|
|
52
|
+
# RPM database metadata
|
|
53
|
+
res = pygorpmrustinfo.get_rpm_db_info("/path/to/Packages")
|
|
54
|
+
print(json.dumps(res, indent=4))
|
|
55
|
+
|
|
56
|
+
# Rust audit metadata
|
|
57
|
+
res = pygorpmrustinfo.get_rust_audit("/path/to/rust-binary")
|
|
58
|
+
print(json.dumps(res, indent=4))
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
### Example: Go build info
|
|
62
|
+
|
|
63
|
+
```python
|
|
64
|
+
import pygorpmrustinfo
|
|
65
|
+
|
|
66
|
+
info = pygorpmrustinfo.get_go_build_info("/path/to/go.mod")
|
|
67
|
+
print(info["GoVersion"])
|
|
68
|
+
print(info["Path"])
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
Example result:
|
|
72
|
+
|
|
73
|
+
```python
|
|
74
|
+
{
|
|
75
|
+
"GoVersion": "go1.18.4",
|
|
76
|
+
"Path": "github.com/example/project",
|
|
77
|
+
"Main": {
|
|
78
|
+
"Path": "github.com/example/project",
|
|
79
|
+
"Version": "(devel)",
|
|
80
|
+
"Sum": "",
|
|
81
|
+
"Replace": null
|
|
82
|
+
},
|
|
83
|
+
"Deps": []
|
|
84
|
+
}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
### Example: RPM database info
|
|
88
|
+
|
|
89
|
+
```python
|
|
90
|
+
import pygorpmrustinfo
|
|
91
|
+
|
|
92
|
+
packages = pygorpmrustinfo.get_rpm_db_info("/path/to/Packages")
|
|
93
|
+
for package in packages:
|
|
94
|
+
print(package.get("Name"), package.get("Version"))
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Example result:
|
|
98
|
+
|
|
99
|
+
```python
|
|
100
|
+
[
|
|
101
|
+
{
|
|
102
|
+
"Name": "bash",
|
|
103
|
+
"Version": "5.1",
|
|
104
|
+
"Release": "1.el9"
|
|
105
|
+
}
|
|
106
|
+
]
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
### Example: Rust audit info
|
|
110
|
+
|
|
111
|
+
```python
|
|
112
|
+
import pygorpmrustinfo
|
|
113
|
+
|
|
114
|
+
packages = pygorpmrustinfo.get_rust_audit("/path/to/rust-binary")
|
|
115
|
+
for package in packages.get("packages", []):
|
|
116
|
+
print(package.get("name"), package.get("version"))
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
Example result:
|
|
120
|
+
|
|
121
|
+
```python
|
|
122
|
+
{
|
|
123
|
+
"packages": [
|
|
124
|
+
{
|
|
125
|
+
"name": "serde",
|
|
126
|
+
"version": "1.0.197",
|
|
127
|
+
"kind": "build"
|
|
128
|
+
}
|
|
129
|
+
]
|
|
130
|
+
}
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
The functions always return a dictionary. On error you may see a structure like:
|
|
134
|
+
|
|
135
|
+
```python
|
|
136
|
+
{
|
|
137
|
+
"error": "path error:/path/to/missing/file"
|
|
138
|
+
}
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
## Migration from the old packages
|
|
142
|
+
|
|
143
|
+
If you previously used one of the older packages, the migration is straightforward:
|
|
144
|
+
|
|
145
|
+
- replace `pyrpmdb` with `pygorpmrustinfo` and call `get_rpm_db_info(...)`
|
|
146
|
+
- replace `pyrustaudit` with `pygorpmrustinfo` and call `get_rust_audit(...)`
|
|
147
|
+
- replace `pygobuildinfo` with `pygorpmrustinfo` and call `get_go_build_info(...)`, `get_go_mod(...)`, or `get_go_sum(...)`
|
|
148
|
+
|
|
149
|
+
For dependency declarations, update requirements, `pyproject.toml`, `setup.cfg`, or `setup.py` to depend on `pygorpmrustinfo` instead of the old package names.
|
|
150
|
+
|
|
151
|
+
## Notes
|
|
152
|
+
|
|
153
|
+
- The consolidation is primarily a stability and resource-usage improvement.
|
|
154
|
+
- It is also a practical mitigation for the risks documented in [Go issue #65050](https://go.dev/issue/65050).
|
|
155
|
+
- If you are maintaining older automation, consider switching to the unified package now so you are not tied to the deprecated script-based workflow.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
module github.com/MikeMoore63/pygorpmrustinfo
|
|
2
|
+
|
|
3
|
+
go 1.26
|
|
4
|
+
|
|
5
|
+
require (
|
|
6
|
+
github.com/glebarez/go-sqlite v1.22.0
|
|
7
|
+
github.com/jinzhu/copier v0.4.0
|
|
8
|
+
github.com/knqyf263/go-rpmdb v0.1.1
|
|
9
|
+
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c
|
|
10
|
+
golang.org/x/mod v0.37.0
|
|
11
|
+
)
|
|
12
|
+
|
|
13
|
+
require (
|
|
14
|
+
github.com/dustin/go-humanize v1.0.1 // indirect
|
|
15
|
+
github.com/google/uuid v1.5.0 // indirect
|
|
16
|
+
github.com/mattn/go-isatty v0.0.20 // indirect
|
|
17
|
+
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
|
|
18
|
+
golang.org/x/sys v0.15.0 // indirect
|
|
19
|
+
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
|
|
20
|
+
modernc.org/libc v1.37.6 // indirect
|
|
21
|
+
modernc.org/mathutil v1.6.0 // indirect
|
|
22
|
+
modernc.org/memory v1.7.2 // indirect
|
|
23
|
+
modernc.org/sqlite v1.28.0 // indirect
|
|
24
|
+
)
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
|
2
|
+
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
|
3
|
+
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
|
|
4
|
+
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
|
|
5
|
+
github.com/glebarez/go-sqlite v1.22.0 h1:uAcMJhaA6r3LHMTFgP0SifzgXg46yJkgxqyuyec+ruQ=
|
|
6
|
+
github.com/glebarez/go-sqlite v1.22.0/go.mod h1:PlBIdHe0+aUEFn+r2/uthrWq4FxbzugL0L8Li6yQJbc=
|
|
7
|
+
github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
|
|
8
|
+
github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
|
|
9
|
+
github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
|
|
10
|
+
github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
|
11
|
+
github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
|
|
12
|
+
github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
|
|
13
|
+
github.com/knqyf263/go-rpmdb v0.1.1 h1:oh68mTCvp1XzxdU7EfafcWzzfstUZAEa3MW0IJye584=
|
|
14
|
+
github.com/knqyf263/go-rpmdb v0.1.1/go.mod h1:9LQcoMCMQ9vrF7HcDtXfvqGO4+ddxFQ8+YF/0CVGDww=
|
|
15
|
+
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
|
|
16
|
+
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
|
17
|
+
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
|
18
|
+
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
|
19
|
+
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
|
|
20
|
+
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
|
|
21
|
+
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c h1:8gOLsYwaY2JwlTMT4brS5/9XJdrdIbmk2obvQ748CC0=
|
|
22
|
+
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c/go.mod h1:kwM/7r/rVluTE8qJbHAffduuqmSv4knVQT2IajGvSiA=
|
|
23
|
+
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
|
24
|
+
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
|
25
|
+
golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ=
|
|
26
|
+
golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0=
|
|
27
|
+
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
|
28
|
+
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
|
|
29
|
+
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
|
30
|
+
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
|
|
31
|
+
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
|
|
32
|
+
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
|
33
|
+
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
|
34
|
+
modernc.org/libc v1.37.6 h1:orZH3c5wmhIQFTXF+Nt+eeauyd+ZIt2BX6ARe+kD+aw=
|
|
35
|
+
modernc.org/libc v1.37.6/go.mod h1:YAXkAZ8ktnkCKaN9sw/UDeUVkGYJ/YquGO4FTi5nmHE=
|
|
36
|
+
modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
|
|
37
|
+
modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
|
|
38
|
+
modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E=
|
|
39
|
+
modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E=
|
|
40
|
+
modernc.org/sqlite v1.28.0 h1:Zx+LyDDmXczNnEQdvPuEfcFVA2ZPyaD7UCZDjef3BHQ=
|
|
41
|
+
modernc.org/sqlite v1.28.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0=
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["setuptools>=61", "wheel", "setuptools-golang"]
|
|
3
|
+
build-backend = "setuptools.build_meta"
|
|
4
|
+
|
|
5
|
+
[tool.cibuildwheel]
|
|
6
|
+
enable = ["all"]
|
|
7
|
+
|
|
8
|
+
[tool.cibuildwheel.windows]
|
|
9
|
+
archs=["AMD64"]
|
|
10
|
+
before-all = "powershell -ExecutionPolicy Bypass -File {project}\\installGo.ps1"
|
|
11
|
+
skip = "pp*-win*"
|
|
12
|
+
environment= """
|
|
13
|
+
PATH="C:\\Go\\bin;C:\\Program Files\\Go\\bin;$PATH"
|
|
14
|
+
GOPATH="C:\\Go"
|
|
15
|
+
"""
|
|
16
|
+
|
|
17
|
+
[tool.cibuildwheel.linux]
|
|
18
|
+
archs=["auto64","aarch64"]
|
|
19
|
+
before-all = '''
|
|
20
|
+
switch_eol_centos_repos()
|
|
21
|
+
{
|
|
22
|
+
if [ "${AUDITWHEEL_POLICY}" == "manylinux2014" ] && [ "${AUDITWHEEL_ARCH}" != "s390x" ]; then
|
|
23
|
+
# Centos 7 is EOL and is no longer available from the usual mirrors, so switch
|
|
24
|
+
# to https://vault.centos.org
|
|
25
|
+
sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf
|
|
26
|
+
sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*.repo
|
|
27
|
+
sed -i 's;^.*baseurl=http://mirror;baseurl=https://vault;g' /etc/yum.repos.d/*.repo
|
|
28
|
+
if [ "${AUDITWHEEL_ARCH}" == "aarch64" ] || [ "${AUDITWHEEL_ARCH}" == "ppc64le" ]; then
|
|
29
|
+
sed -i 's;/centos/7/;/altarch/7/;g' /etc/yum.repos.d/*.repo
|
|
30
|
+
fi
|
|
31
|
+
fi
|
|
32
|
+
}
|
|
33
|
+
switch_eol_centos_repos
|
|
34
|
+
if [ "${AUDITWHEEL_ARCH}" == "x86_64" ]
|
|
35
|
+
then
|
|
36
|
+
mkdir -p /usr/local
|
|
37
|
+
curl https://dl.google.com/go/go1.26.1.linux-amd64.tar.gz | tar -C /usr/local -xzf -
|
|
38
|
+
fi
|
|
39
|
+
if [ "${AUDITWHEEL_ARCH}" == "aarch64" ]
|
|
40
|
+
then
|
|
41
|
+
mkdir -p /usr/local
|
|
42
|
+
curl https://dl.google.com/go/go1.26.1.linux-arm64.tar.gz | tar -C /usr/local -xzf -
|
|
43
|
+
fi
|
|
44
|
+
'''
|
|
45
|
+
environment = """
|
|
46
|
+
PATH=$PATH:/usr/local/go/bin
|
|
47
|
+
"""
|
|
48
|
+
|
|
49
|
+
[tool.cibuildwheel.macos]
|
|
50
|
+
before-all = '''
|
|
51
|
+
brew install go@1.26
|
|
52
|
+
'''
|
|
53
|
+
environment = "PATH=/usr/local/opt/go@1.26/bin:/opt/homebrew/opt/go@1.26/bin:$PATH"
|
|
54
|
+
|
|
55
|
+
[[tool.cibuildwheel.overrides]]
|
|
56
|
+
select = "*-musllinux*"
|
|
57
|
+
before-all = '''
|
|
58
|
+
if [ "${AUDITWHEEL_ARCH}" == "x86_64" ]
|
|
59
|
+
then
|
|
60
|
+
wget https://golang.org/dl/go1.26.1.linux-amd64.tar.gz;tar -C /usr/local -xzf go1.26.1.linux-amd64.tar.gz
|
|
61
|
+
fi
|
|
62
|
+
if [ "${AUDITWHEEL_ARCH}" == "aarch64" ]
|
|
63
|
+
then
|
|
64
|
+
wget https://golang.org/dl/go1.26.1.linux-arm64.tar.gz;tar -C /usr/local -xzf go1.26.1.linux-arm64.tar.gz
|
|
65
|
+
fi
|
|
66
|
+
'''
|
|
67
|
+
|
|
68
|
+
environment = """
|
|
69
|
+
PATH=$PATH:/usr/local/go/bin
|
|
70
|
+
"""
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
[metadata]
|
|
2
|
+
name = pygorpmrustinfo
|
|
3
|
+
version = 0.1.0
|
|
4
|
+
author = Mike Moore
|
|
5
|
+
author_email = z_z_zebra@yahoo.com
|
|
6
|
+
license = MIT
|
|
7
|
+
description = Unified Go-backed helpers for rpmdb, rust audit, and Go build metadata
|
|
8
|
+
url = https://github.com/MikeMoore63/pygorpmrustinfo
|
|
9
|
+
long_description = file: README.md
|
|
10
|
+
long_description_content_type = text/markdown
|
|
11
|
+
classifiers =
|
|
12
|
+
Programming Language :: Python :: 3
|
|
13
|
+
Operating System :: OS Independent
|
|
14
|
+
|
|
15
|
+
[options]
|
|
16
|
+
zip_safe = False
|
|
17
|
+
setup_requires = setuptools-golang
|
|
18
|
+
scripts =
|
|
19
|
+
get_go_info
|
|
20
|
+
get_rpm_info
|
|
21
|
+
get_rust_audit
|
|
22
|
+
package_dir =
|
|
23
|
+
=src
|
|
24
|
+
packages = find:
|
|
25
|
+
|
|
26
|
+
[options.packages.find]
|
|
27
|
+
where = src
|
|
28
|
+
|
|
29
|
+
[options.entry_points]
|
|
30
|
+
pyinstaller40 =
|
|
31
|
+
hook-dirs = pygorpmrustinfo._pyinstaller:get_hook_dirs
|
|
32
|
+
tests = pygorpmrustinfo._pyinstaller:get_PyInstaller_tests
|
|
33
|
+
|
|
34
|
+
[egg_info]
|
|
35
|
+
tag_build =
|
|
36
|
+
tag_date = 0
|
|
37
|
+
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
from setuptools import Extension, setup
|
|
2
|
+
|
|
3
|
+
if __name__ == "__main__":
|
|
4
|
+
setup(
|
|
5
|
+
build_golang={"root": "github.com/MikeMoore63/pygorpmrustinfo"},
|
|
6
|
+
ext_modules=[
|
|
7
|
+
Extension(
|
|
8
|
+
"pygorpmrustinfo._pygorpmrustinfo",
|
|
9
|
+
["src/pygorpmrustinfo/pygorpmrustinfo.go"],
|
|
10
|
+
)
|
|
11
|
+
],
|
|
12
|
+
)
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from ._pyinstaller import get_hook_dirs, get_PyInstaller_tests
|
|
4
|
+
|
|
5
|
+
__all__ = [
|
|
6
|
+
"get_hook_dirs",
|
|
7
|
+
"get_PyInstaller_tests",
|
|
8
|
+
"get_rpm_db_info",
|
|
9
|
+
"get_rust_audit",
|
|
10
|
+
"get_go_build_info",
|
|
11
|
+
"get_go_mod",
|
|
12
|
+
"get_go_sum",
|
|
13
|
+
]
|
|
14
|
+
|
|
15
|
+
import ctypes
|
|
16
|
+
import json
|
|
17
|
+
import os
|
|
18
|
+
from pathlib import Path
|
|
19
|
+
from sysconfig import get_config_var
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
here = Path(__file__).absolute().parent
|
|
23
|
+
ext_suffix = get_config_var("EXT_SUFFIX")
|
|
24
|
+
so_file = os.path.join(here, ("_pygorpmrustinfo" + ext_suffix))
|
|
25
|
+
|
|
26
|
+
so = ctypes.cdll.LoadLibrary(so_file)
|
|
27
|
+
|
|
28
|
+
rpmdb_info_so = so.getrpmdbInfo
|
|
29
|
+
rpmdb_info_so.argtypes = [ctypes.c_char_p]
|
|
30
|
+
rpmdb_info_so.restype = ctypes.c_void_p
|
|
31
|
+
|
|
32
|
+
rust_audit_so = so.getrustAudit
|
|
33
|
+
rust_audit_so.argtypes = [ctypes.c_char_p]
|
|
34
|
+
rust_audit_so.restype = ctypes.c_void_p
|
|
35
|
+
|
|
36
|
+
go_build_info_so = so.getgobuildinfo
|
|
37
|
+
go_build_info_so.argtypes = [ctypes.c_char_p]
|
|
38
|
+
go_build_info_so.restype = ctypes.c_void_p
|
|
39
|
+
|
|
40
|
+
go_mod_so = so.getgomod
|
|
41
|
+
go_mod_so.argtypes = [ctypes.c_char_p]
|
|
42
|
+
go_mod_so.restype = ctypes.c_void_p
|
|
43
|
+
|
|
44
|
+
free = so.free
|
|
45
|
+
free.argtypes = [ctypes.c_void_p]
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
def _call_go_function(func, file_name):
|
|
49
|
+
res = func(file_name.encode("utf-8"))
|
|
50
|
+
if res is None:
|
|
51
|
+
return {"error": "empty response"}
|
|
52
|
+
try:
|
|
53
|
+
return json.loads(ctypes.string_at(res).decode("utf-8"))
|
|
54
|
+
except (UnicodeDecodeError, json.JSONDecodeError):
|
|
55
|
+
return {"error": "Error converting result to json"}
|
|
56
|
+
finally:
|
|
57
|
+
free(res)
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
def get_rpm_db_info(file_name):
|
|
61
|
+
return _call_go_function(rpmdb_info_so, file_name)
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
def get_rust_audit(file_name):
|
|
65
|
+
return _call_go_function(rust_audit_so, file_name)
|
|
66
|
+
|
|
67
|
+
|
|
68
|
+
def get_go_build_info(file_name):
|
|
69
|
+
return _call_go_function(go_build_info_so, file_name)
|
|
70
|
+
|
|
71
|
+
|
|
72
|
+
def get_go_mod(file_name):
|
|
73
|
+
return _call_go_function(go_mod_so, file_name)
|
|
74
|
+
|
|
75
|
+
|
|
76
|
+
def get_go_sum(file_name):
|
|
77
|
+
result = {"error": "not a valid go sum file"}
|
|
78
|
+
if not os.path.isfile(file_name):
|
|
79
|
+
return result
|
|
80
|
+
with open(file_name, mode="rt", encoding="utf-8") as handle:
|
|
81
|
+
data = {}
|
|
82
|
+
for line in handle.readlines():
|
|
83
|
+
sumfields = line.strip().split()
|
|
84
|
+
if len(sumfields) < 3:
|
|
85
|
+
continue
|
|
86
|
+
if sumfields[1].endswith("/go.mod"):
|
|
87
|
+
sumfields[1] = sumfields[1][:-7]
|
|
88
|
+
data[sumfields[0]] = {"Version": sumfields[1], "Sum": sumfields[2]}
|
|
89
|
+
if data:
|
|
90
|
+
return {
|
|
91
|
+
"Deps": [
|
|
92
|
+
{"Path": k, "Version": data[k]["Version"], "Sum": data[k]["Sum"]}
|
|
93
|
+
for k in data
|
|
94
|
+
]
|
|
95
|
+
}
|
|
96
|
+
return result
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import glob
|
|
2
|
+
import json
|
|
3
|
+
import os
|
|
4
|
+
import sys
|
|
5
|
+
|
|
6
|
+
from . import get_go_build_info, get_go_mod, get_go_sum, get_rpm_db_info, get_rust_audit
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
def _default_mode_for_script(script_name):
|
|
10
|
+
name = os.path.basename(script_name or "")
|
|
11
|
+
if name == "get_rpm_info":
|
|
12
|
+
return "rpm"
|
|
13
|
+
if name == "get_rust_audit":
|
|
14
|
+
return "rust"
|
|
15
|
+
return "go-build"
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
def _dispatch(path, mode):
|
|
19
|
+
if mode == "rpm":
|
|
20
|
+
return get_rpm_db_info(path)
|
|
21
|
+
if mode == "rust":
|
|
22
|
+
return get_rust_audit(path)
|
|
23
|
+
if mode == "go-mod":
|
|
24
|
+
return get_go_mod(path)
|
|
25
|
+
if mode == "go-sum":
|
|
26
|
+
return get_go_sum(path)
|
|
27
|
+
return get_go_build_info(path)
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
def main(argv=None):
|
|
31
|
+
if argv is None:
|
|
32
|
+
argv = sys.argv
|
|
33
|
+
else:
|
|
34
|
+
argv = list(argv)
|
|
35
|
+
|
|
36
|
+
script_name = argv[0] if argv else sys.argv[0]
|
|
37
|
+
default_mode = _default_mode_for_script(script_name)
|
|
38
|
+
mode = default_mode
|
|
39
|
+
patterns = []
|
|
40
|
+
args = argv[1:] if len(argv) > 1 else []
|
|
41
|
+
index = 0
|
|
42
|
+
while index < len(args):
|
|
43
|
+
arg = args[index]
|
|
44
|
+
if arg.startswith("--mode="):
|
|
45
|
+
mode = arg.split("=", 1)[1]
|
|
46
|
+
elif arg == "--mode":
|
|
47
|
+
if index + 1 < len(args):
|
|
48
|
+
mode = args[index + 1]
|
|
49
|
+
index += 1
|
|
50
|
+
else:
|
|
51
|
+
patterns.append(arg)
|
|
52
|
+
index += 1
|
|
53
|
+
|
|
54
|
+
if not patterns:
|
|
55
|
+
patterns = ["*"]
|
|
56
|
+
|
|
57
|
+
for pattern in patterns:
|
|
58
|
+
for file in glob.glob(pattern):
|
|
59
|
+
result = _dispatch(file, mode)
|
|
60
|
+
print(json.dumps(result, indent=4))
|
|
61
|
+
|
|
62
|
+
|
|
63
|
+
if __name__ == "__main__":
|
|
64
|
+
main()
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
package main
|
|
2
|
+
|
|
3
|
+
import "C"
|
|
4
|
+
|
|
5
|
+
import (
|
|
6
|
+
"debug/buildinfo"
|
|
7
|
+
"encoding/json"
|
|
8
|
+
"errors"
|
|
9
|
+
"fmt"
|
|
10
|
+
"io"
|
|
11
|
+
"os"
|
|
12
|
+
"path/filepath"
|
|
13
|
+
|
|
14
|
+
"golang.org/x/mod/modfile"
|
|
15
|
+
|
|
16
|
+
"github.com/glebarez/go-sqlite"
|
|
17
|
+
"github.com/jinzhu/copier"
|
|
18
|
+
rpmdb "github.com/knqyf263/go-rpmdb/pkg"
|
|
19
|
+
rustaudit "github.com/rust-secure-code/go-rustaudit"
|
|
20
|
+
)
|
|
21
|
+
|
|
22
|
+
type packageInfo struct {
|
|
23
|
+
Epoch *int
|
|
24
|
+
Name string
|
|
25
|
+
Version string
|
|
26
|
+
Release string
|
|
27
|
+
Arch string
|
|
28
|
+
SourceRpm string
|
|
29
|
+
Size int
|
|
30
|
+
License string
|
|
31
|
+
Vendor string
|
|
32
|
+
Modularitylabel string
|
|
33
|
+
Summary string
|
|
34
|
+
PGP string
|
|
35
|
+
SigMD5 string
|
|
36
|
+
RSAHeader string
|
|
37
|
+
InstallTime int
|
|
38
|
+
BaseNames []string
|
|
39
|
+
DirIndexes []int32
|
|
40
|
+
DirNames []string
|
|
41
|
+
FileSizes []int32
|
|
42
|
+
FileDigests []string
|
|
43
|
+
FileModes []uint16
|
|
44
|
+
FileFlags []int32
|
|
45
|
+
UserNames []string
|
|
46
|
+
GroupNames []string
|
|
47
|
+
Provides []string
|
|
48
|
+
Requires []string
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
//export getrpmdbInfo
|
|
52
|
+
func getrpmdbInfo(fileNameIn *C.char) *C.char {
|
|
53
|
+
return C.CString(getrpmdbInfoInternal(C.GoString(fileNameIn)))
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
//export getrustAudit
|
|
57
|
+
func getrustAudit(fileNameIn *C.char) *C.char {
|
|
58
|
+
return C.CString(getrustAuditInternal(C.GoString(fileNameIn)))
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
//export getgobuildinfo
|
|
62
|
+
func getgobuildinfo(fileNameIn *C.char) *C.char {
|
|
63
|
+
return C.CString(getGoBuildInfoInternal(C.GoString(fileNameIn)))
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
//export getgomod
|
|
67
|
+
func getgomod(fileNameIn *C.char) *C.char {
|
|
68
|
+
return C.CString(getGoMod(C.GoString(fileNameIn)))
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
func main() {}
|
|
72
|
+
|
|
73
|
+
func getrpmdbInfoInternal(fileName string) string {
|
|
74
|
+
returnValue := `{ "error" : "Unknown" }`
|
|
75
|
+
db, err := rpmdb.Open(fileName)
|
|
76
|
+
if err != nil {
|
|
77
|
+
if pathErr := (*os.PathError)(nil); errors.As(err, &pathErr) && filepath.Clean(pathErr.Path) == filepath.Clean(fileName) {
|
|
78
|
+
returnValue = fmt.Sprintf(`{ "error": "path error:%v" }`, fileName)
|
|
79
|
+
} else {
|
|
80
|
+
returnValue = fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
81
|
+
}
|
|
82
|
+
return returnValue
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
pkgList, err := db.ListPackages()
|
|
86
|
+
if err != nil {
|
|
87
|
+
return fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
mySlice := []packageInfo{}
|
|
91
|
+
for _, pkg := range pkgList {
|
|
92
|
+
rpmdbPkg := new(packageInfo)
|
|
93
|
+
copier.Copy(rpmdbPkg, *pkg)
|
|
94
|
+
mySlice = append(mySlice, *rpmdbPkg)
|
|
95
|
+
}
|
|
96
|
+
data, _ := json.Marshal(mySlice)
|
|
97
|
+
return string(data)
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
func getrustAuditInternal(fileName string) string {
|
|
101
|
+
returnValue := `{ "error" : "Unknown" }`
|
|
102
|
+
r, err := os.Open(fileName)
|
|
103
|
+
if err != nil {
|
|
104
|
+
if pathErr := (*os.PathError)(nil); errors.As(err, &pathErr) && filepath.Clean(pathErr.Path) == filepath.Clean(fileName) {
|
|
105
|
+
returnValue = fmt.Sprintf(`{ "error": "path error:%v" }`, fileName)
|
|
106
|
+
} else {
|
|
107
|
+
returnValue = fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
108
|
+
}
|
|
109
|
+
return returnValue
|
|
110
|
+
}
|
|
111
|
+
defer r.Close()
|
|
112
|
+
|
|
113
|
+
pkgList, err := rustaudit.GetDependencyInfo(r)
|
|
114
|
+
if err != nil {
|
|
115
|
+
return fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
116
|
+
}
|
|
117
|
+
data, _ := json.Marshal(pkgList)
|
|
118
|
+
return string(data)
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
func getGoBuildInfoInternal(fileName string) string {
|
|
122
|
+
returnValue := `{ "error" : "Unknown" }`
|
|
123
|
+
bi, err := buildinfo.ReadFile(fileName)
|
|
124
|
+
if err != nil {
|
|
125
|
+
if pathErr := (*os.PathError)(nil); errors.As(err, &pathErr) && filepath.Clean(pathErr.Path) == filepath.Clean(fileName) {
|
|
126
|
+
returnValue = fmt.Sprintf(`{ "error": "path error:%v" }`, fileName)
|
|
127
|
+
} else {
|
|
128
|
+
returnValue = fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
129
|
+
}
|
|
130
|
+
return returnValue
|
|
131
|
+
}
|
|
132
|
+
data, _ := json.Marshal(bi)
|
|
133
|
+
return string(data)
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
func getGoMod(fileName string) string {
|
|
137
|
+
returnValue := `{ "error" : "Unknown" }`
|
|
138
|
+
f, err := os.Open(fileName)
|
|
139
|
+
if err != nil {
|
|
140
|
+
if pathErr := (*os.PathError)(nil); errors.As(err, &pathErr) && filepath.Clean(pathErr.Path) == filepath.Clean(fileName) {
|
|
141
|
+
returnValue = fmt.Sprintf(`{ "error": "path error:%v" }`, fileName)
|
|
142
|
+
} else {
|
|
143
|
+
returnValue = fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
144
|
+
}
|
|
145
|
+
return returnValue
|
|
146
|
+
}
|
|
147
|
+
defer f.Close()
|
|
148
|
+
|
|
149
|
+
goModData, err := io.ReadAll(f)
|
|
150
|
+
if err != nil {
|
|
151
|
+
return fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
152
|
+
}
|
|
153
|
+
modFileParsed, err := modfile.Parse("go.mod", goModData, nil)
|
|
154
|
+
if err != nil {
|
|
155
|
+
return fmt.Sprintf(`{ "error": "%s: %v"}`, fileName, err)
|
|
156
|
+
}
|
|
157
|
+
data, _ := json.Marshal(modFileParsed)
|
|
158
|
+
return string(data)
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
var _ = sqlite.Driver{}
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: pygorpmrustinfo
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Unified Go-backed helpers for rpmdb, rust audit, and Go build metadata
|
|
5
|
+
Home-page: https://github.com/MikeMoore63/pygorpmrustinfo
|
|
6
|
+
Author: Mike Moore
|
|
7
|
+
Author-email: z_z_zebra@yahoo.com
|
|
8
|
+
License: MIT
|
|
9
|
+
Classifier: Programming Language :: Python :: 3
|
|
10
|
+
Classifier: Operating System :: OS Independent
|
|
11
|
+
Description-Content-Type: text/markdown
|
|
12
|
+
License-File: LICENSE
|
|
13
|
+
Dynamic: license-file
|
|
14
|
+
|
|
15
|
+
# pygorpmrustinfo
|
|
16
|
+
|
|
17
|
+
pygorpmrustinfo is a unified Python package that exposes the former rpmdb, rust audit, and Go build-info helpers through a single Go-backed extension.
|
|
18
|
+
|
|
19
|
+
## Why this package exists
|
|
20
|
+
|
|
21
|
+
The older split packages each relied on their own Go runtime and native extension. That approach is fragile in Python environments because Go's `c-shared` mode can be unstable when multiple Go runtimes are loaded into the same process. This is the problem described in [Go issue #65050](https://go.dev/issue/65050): loading multiple `c-shared` Go libraries in one process can lead to panics, crashes, or other runtime failures.
|
|
22
|
+
|
|
23
|
+
This consolidation is meant to reduce that risk by keeping a single Go runtime in play, while also reducing memory usage compared with loading several separate native extensions.
|
|
24
|
+
|
|
25
|
+
## Deprecation notice for the old scripts
|
|
26
|
+
|
|
27
|
+
The legacy entry points and package names are being deprecated. The replacement package is pygorpmrustinfo, and the compatibility scripts remain available only for transition:
|
|
28
|
+
|
|
29
|
+
- `get_go_info`
|
|
30
|
+
- `get_rpm_info`
|
|
31
|
+
- `get_rust_audit`
|
|
32
|
+
- the older standalone package names for the previous split implementations
|
|
33
|
+
|
|
34
|
+
These legacy scripts remain available for compatibility, but new work should target `pygorpmrustinfo` instead.
|
|
35
|
+
|
|
36
|
+
## Installation
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
pip install pygorpmrustinfo
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Usage
|
|
43
|
+
|
|
44
|
+
The package provides the same high-level functionality as the older helpers, but through one unified interface. If you are coming from the old packages, the main change is that you install and import one package instead of three separate ones.
|
|
45
|
+
|
|
46
|
+
### CLI
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
get_go_info /path/to/go.mod
|
|
50
|
+
get_rpm_info /path/to/Packages
|
|
51
|
+
get_rust_audit /path/to/rust-binary
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
These scripts are preserved for compatibility, but the recommended path is to depend on `pygorpmrustinfo` directly.
|
|
55
|
+
|
|
56
|
+
### Python API
|
|
57
|
+
|
|
58
|
+
```python
|
|
59
|
+
import json
|
|
60
|
+
import pygorpmrustinfo
|
|
61
|
+
|
|
62
|
+
# Go build metadata
|
|
63
|
+
res = pygorpmrustinfo.get_go_build_info("/path/to/go.mod")
|
|
64
|
+
print(json.dumps(res, indent=4))
|
|
65
|
+
|
|
66
|
+
# RPM database metadata
|
|
67
|
+
res = pygorpmrustinfo.get_rpm_db_info("/path/to/Packages")
|
|
68
|
+
print(json.dumps(res, indent=4))
|
|
69
|
+
|
|
70
|
+
# Rust audit metadata
|
|
71
|
+
res = pygorpmrustinfo.get_rust_audit("/path/to/rust-binary")
|
|
72
|
+
print(json.dumps(res, indent=4))
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
### Example: Go build info
|
|
76
|
+
|
|
77
|
+
```python
|
|
78
|
+
import pygorpmrustinfo
|
|
79
|
+
|
|
80
|
+
info = pygorpmrustinfo.get_go_build_info("/path/to/go.mod")
|
|
81
|
+
print(info["GoVersion"])
|
|
82
|
+
print(info["Path"])
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Example result:
|
|
86
|
+
|
|
87
|
+
```python
|
|
88
|
+
{
|
|
89
|
+
"GoVersion": "go1.18.4",
|
|
90
|
+
"Path": "github.com/example/project",
|
|
91
|
+
"Main": {
|
|
92
|
+
"Path": "github.com/example/project",
|
|
93
|
+
"Version": "(devel)",
|
|
94
|
+
"Sum": "",
|
|
95
|
+
"Replace": null
|
|
96
|
+
},
|
|
97
|
+
"Deps": []
|
|
98
|
+
}
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Example: RPM database info
|
|
102
|
+
|
|
103
|
+
```python
|
|
104
|
+
import pygorpmrustinfo
|
|
105
|
+
|
|
106
|
+
packages = pygorpmrustinfo.get_rpm_db_info("/path/to/Packages")
|
|
107
|
+
for package in packages:
|
|
108
|
+
print(package.get("Name"), package.get("Version"))
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
Example result:
|
|
112
|
+
|
|
113
|
+
```python
|
|
114
|
+
[
|
|
115
|
+
{
|
|
116
|
+
"Name": "bash",
|
|
117
|
+
"Version": "5.1",
|
|
118
|
+
"Release": "1.el9"
|
|
119
|
+
}
|
|
120
|
+
]
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
### Example: Rust audit info
|
|
124
|
+
|
|
125
|
+
```python
|
|
126
|
+
import pygorpmrustinfo
|
|
127
|
+
|
|
128
|
+
packages = pygorpmrustinfo.get_rust_audit("/path/to/rust-binary")
|
|
129
|
+
for package in packages.get("packages", []):
|
|
130
|
+
print(package.get("name"), package.get("version"))
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
Example result:
|
|
134
|
+
|
|
135
|
+
```python
|
|
136
|
+
{
|
|
137
|
+
"packages": [
|
|
138
|
+
{
|
|
139
|
+
"name": "serde",
|
|
140
|
+
"version": "1.0.197",
|
|
141
|
+
"kind": "build"
|
|
142
|
+
}
|
|
143
|
+
]
|
|
144
|
+
}
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
The functions always return a dictionary. On error you may see a structure like:
|
|
148
|
+
|
|
149
|
+
```python
|
|
150
|
+
{
|
|
151
|
+
"error": "path error:/path/to/missing/file"
|
|
152
|
+
}
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
## Migration from the old packages
|
|
156
|
+
|
|
157
|
+
If you previously used one of the older packages, the migration is straightforward:
|
|
158
|
+
|
|
159
|
+
- replace `pyrpmdb` with `pygorpmrustinfo` and call `get_rpm_db_info(...)`
|
|
160
|
+
- replace `pyrustaudit` with `pygorpmrustinfo` and call `get_rust_audit(...)`
|
|
161
|
+
- replace `pygobuildinfo` with `pygorpmrustinfo` and call `get_go_build_info(...)`, `get_go_mod(...)`, or `get_go_sum(...)`
|
|
162
|
+
|
|
163
|
+
For dependency declarations, update requirements, `pyproject.toml`, `setup.cfg`, or `setup.py` to depend on `pygorpmrustinfo` instead of the old package names.
|
|
164
|
+
|
|
165
|
+
## Notes
|
|
166
|
+
|
|
167
|
+
- The consolidation is primarily a stability and resource-usage improvement.
|
|
168
|
+
- It is also a practical mitigation for the risks documented in [Go issue #65050](https://go.dev/issue/65050).
|
|
169
|
+
- If you are maintaining older automation, consider switching to the unified package now so you are not tied to the deprecated script-based workflow.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
LICENSE
|
|
2
|
+
MANIFEST.in
|
|
3
|
+
README.md
|
|
4
|
+
get_go_info
|
|
5
|
+
get_rpm_info
|
|
6
|
+
get_rust_audit
|
|
7
|
+
go.mod
|
|
8
|
+
go.sum
|
|
9
|
+
pyproject.toml
|
|
10
|
+
setup.cfg
|
|
11
|
+
setup.py
|
|
12
|
+
src/pygobuildinfo/__init__.py
|
|
13
|
+
src/pygorpmrustinfo/__init__.py
|
|
14
|
+
src/pygorpmrustinfo/cli.py
|
|
15
|
+
src/pygorpmrustinfo/pygorpmrustinfo.go
|
|
16
|
+
src/pygorpmrustinfo.egg-info/PKG-INFO
|
|
17
|
+
src/pygorpmrustinfo.egg-info/SOURCES.txt
|
|
18
|
+
src/pygorpmrustinfo.egg-info/dependency_links.txt
|
|
19
|
+
src/pygorpmrustinfo.egg-info/entry_points.txt
|
|
20
|
+
src/pygorpmrustinfo.egg-info/not-zip-safe
|
|
21
|
+
src/pygorpmrustinfo.egg-info/top_level.txt
|
|
22
|
+
src/pygorpmrustinfo/_pyinstaller/__init__.py
|
|
23
|
+
src/pyrpmdb/__init__.py
|
|
24
|
+
src/pyrustaudit/__init__.py
|
|
25
|
+
tests/test_legacy_imports.py
|
|
26
|
+
tests/test_unified_api.py
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import importlib
|
|
2
|
+
|
|
3
|
+
import pygorpmrustinfo.cli as cli
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
def test_legacy_package_imports_resolve():
|
|
7
|
+
for module_name in ["pyrpmdb", "pyrustaudit", "pygobuildinfo"]:
|
|
8
|
+
module = importlib.import_module(module_name)
|
|
9
|
+
assert module is not None
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
def test_cli_defaults_to_legacy_script_modes(monkeypatch, tmp_path):
|
|
13
|
+
calls = []
|
|
14
|
+
|
|
15
|
+
def fake_dispatch(path, mode):
|
|
16
|
+
calls.append((path, mode))
|
|
17
|
+
return {"ok": True}
|
|
18
|
+
|
|
19
|
+
monkeypatch.setattr(cli, "_dispatch", fake_dispatch)
|
|
20
|
+
example = tmp_path / "example"
|
|
21
|
+
example.write_text("hello", encoding="utf-8")
|
|
22
|
+
|
|
23
|
+
cli.main(["/tmp/get_rpm_info", str(example)])
|
|
24
|
+
assert calls == [(str(example), "rpm")]
|
|
25
|
+
|
|
26
|
+
calls.clear()
|
|
27
|
+
cli.main(["/tmp/get_rust_audit", str(example)])
|
|
28
|
+
assert calls == [(str(example), "rust")]
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import json
|
|
2
|
+
|
|
3
|
+
from pygorpmrustinfo import (
|
|
4
|
+
get_go_build_info,
|
|
5
|
+
get_go_mod,
|
|
6
|
+
get_go_sum,
|
|
7
|
+
get_rpm_db_info,
|
|
8
|
+
get_rust_audit,
|
|
9
|
+
)
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
def test_unified_api_returns_error_dicts_for_missing_inputs():
|
|
13
|
+
assert isinstance(get_rpm_db_info("/tmp/does-not-exist"), dict)
|
|
14
|
+
assert isinstance(get_rust_audit("/tmp/does-not-exist"), dict)
|
|
15
|
+
assert isinstance(get_go_build_info("/tmp/does-not-exist"), dict)
|
|
16
|
+
assert isinstance(get_go_mod("/tmp/does-not-exist"), dict)
|
|
17
|
+
assert isinstance(get_go_sum("/tmp/does-not-exist"), dict)
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
def test_go_sum_handles_invalid_go_sum_file():
|
|
21
|
+
result = get_go_sum("/tmp/does-not-exist")
|
|
22
|
+
assert result["error"] == "not a valid go sum file"
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
def test_go_mod_returns_json_serializable_output():
|
|
26
|
+
payload = json.dumps(get_go_mod("/tmp/does-not-exist"))
|
|
27
|
+
assert isinstance(payload, str)
|