Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package melange for openSUSE:Factory checked in at 2025-08-02 00:43:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/melange (Old) and /work/SRC/openSUSE:Factory/.melange.new.1085 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "melange" Sat Aug 2 00:43:07 2025 rev:108 rq:1297054 version:0.30.3 Changes: -------- --- /work/SRC/openSUSE:Factory/melange/melange.changes 2025-07-28 14:59:12.384918010 +0200 +++ /work/SRC/openSUSE:Factory/.melange.new.1085/melange.changes 2025-08-02 00:44:33.857556236 +0200 @@ -1,0 +2,22 @@ +Fri Aug 01 11:57:50 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 0.30.3: + * Revert "SCA: Generate depends for shlibs ending in .so" and + related commits (#2116) + +------------------------------------------------------------------- +Fri Aug 01 11:49:58 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 0.30.2: + * Use https://mirrors.ocf.berkeley.edu whenever applicable for + GNU programs by @sergiodj in #2073 + * build(deps): bump github.com/docker/docker from + 28.3.2+incompatible to 28.3.3+incompatible in the go_modules + group by @dependabot[bot] in #2108 + * Don't --require-zero in CI scan by @jonjohnsonjr in #2112 + * Improve SCA handling of bogus shlib dependencies by @sergiodj + in #2109 + * Bump apko to v0.30.2 and handle field rename by @kevinmdavis in + #2111 + +------------------------------------------------------------------- Old: ---- melange-0.30.1.obscpio New: ---- melange-0.30.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ melange.spec ++++++ --- /var/tmp/diff_new_pack.Rsaiqb/_old 2025-08-02 00:44:34.817596137 +0200 +++ /var/tmp/diff_new_pack.Rsaiqb/_new 2025-08-02 00:44:34.817596137 +0200 @@ -17,7 +17,7 @@ Name: melange -Version: 0.30.1 +Version: 0.30.3 Release: 0 Summary: Build APKs from source code License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Rsaiqb/_old 2025-08-02 00:44:34.853597632 +0200 +++ /var/tmp/diff_new_pack.Rsaiqb/_new 2025-08-02 00:44:34.861597965 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/chainguard-dev/melange</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.30.1</param> + <param name="revision">v0.30.3</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Rsaiqb/_old 2025-08-02 00:44:34.881598796 +0200 +++ /var/tmp/diff_new_pack.Rsaiqb/_new 2025-08-02 00:44:34.881598796 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/chainguard-dev/melange</param> - <param name="changesrevision">a17bf700a4e4a35f230d1978e1861c807a4118dc</param></service></servicedata> + <param name="changesrevision">ace8048d3f2270454baed56842b7ab128fbf0fa6</param></service></servicedata> (No newline at EOF) ++++++ melange-0.30.1.obscpio -> melange-0.30.3.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/docs/BUILD-FILE.md new/melange-0.30.3/docs/BUILD-FILE.md --- old/melange-0.30.1/docs/BUILD-FILE.md 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/docs/BUILD-FILE.md 2025-07-31 13:39:10.000000000 +0200 @@ -218,16 +218,6 @@ no-versioned-shlib-deps: true ``` -`no-vendored-cross-package-deps` - When a subpackage `X` ships a -vendored shared library that's used by subpackage `Y`, melange won't -generate a `depends` from `Y -> X`. By default, melange will generate -a `depends` for `X=version`. - -``` -options: - no-vendored-cross-package-deps: true -``` - ### scriptlets List of executable scripts that run at various stages of the package lifecycle, triggered by configurable events. These are useful to handle tasks that only diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/examples/conditional.yaml new/melange-0.30.3/examples/conditional.yaml --- old/melange-0.30.1/examples/conditional.yaml 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/examples/conditional.yaml 2025-07-31 13:39:10.000000000 +0200 @@ -44,7 +44,7 @@ - uses: fetch if: ${{package.name}} != 'hello' with: - uri: https://ftp.gnu.org/gnu/hello/hello-${{package.version}}.tar.gz + uri: https://mirrors.ocf.berkeley.edu/gnu/hello/hello-${{package.version}}.tar.gz expected-sha256: cf04af86dc085268c5f4470fbae49b18afbc221b78096aab842d934a76bad0ab - runs: | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/examples/gnu-hello.yaml new/melange-0.30.3/examples/gnu-hello.yaml --- old/melange-0.30.1/examples/gnu-hello.yaml 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/examples/gnu-hello.yaml 2025-07-31 13:39:10.000000000 +0200 @@ -25,7 +25,7 @@ pipeline: - uses: fetch with: - uri: https://ftp.gnu.org/gnu/hello/hello-${{package.version}}.tar.gz + uri: https://mirrors.ocf.berkeley.edu/gnu/hello/hello-${{package.version}}.tar.gz expected-sha256: cf04af86dc085268c5f4470fbae49b18afbc221b78096aab842d934a76bad0ab - uses: autoconf/configure diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/go.mod new/melange-0.30.3/go.mod --- old/melange-0.30.1/go.mod 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/go.mod 2025-07-31 13:39:10.000000000 +0200 @@ -3,13 +3,13 @@ go 1.24.5 require ( - chainguard.dev/apko v0.29.7 + chainguard.dev/apko v0.30.2 github.com/chainguard-dev/clog v1.7.0 github.com/chainguard-dev/go-pkgconfig v0.0.0-20240404163941-6351b37b2a10 github.com/chainguard-dev/yam v0.2.24 github.com/charmbracelet/log v0.4.2 github.com/docker/cli v28.3.2+incompatible - github.com/docker/docker v28.3.2+incompatible + github.com/docker/docker v28.3.3+incompatible github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4 github.com/github/go-spdx/v2 v2.3.3 github.com/go-git/go-git/v5 v5.16.2 @@ -71,8 +71,8 @@ require ( chainguard.dev/go-grpc-kit v0.17.11 // indirect - chainguard.dev/sdk v0.1.36 // indirect - cloud.google.com/go/auth v0.16.2 // indirect + chainguard.dev/sdk v0.1.37 // indirect + cloud.google.com/go/auth v0.16.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.7.0 // indirect filippo.io/edwards25519 v1.1.0 // indirect @@ -170,9 +170,9 @@ golang.org/x/mod v0.26.0 // indirect golang.org/x/net v0.42.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect - google.golang.org/api v0.242.0 // indirect + google.golang.org/api v0.243.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250715232539-7130f93afb79 // indirect google.golang.org/grpc v1.73.0 // indirect google.golang.org/protobuf v1.36.6 gopkg.in/warnings.v0 v0.1.2 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/go.sum new/melange-0.30.3/go.sum --- old/melange-0.30.1/go.sum 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/go.sum 2025-07-31 13:39:10.000000000 +0200 @@ -1,12 +1,12 @@ -chainguard.dev/apko v0.29.7 h1:ms7nvwXTpCIHxa9f1RMBKPziwihmka0EMgqSQ9FTLCo= -chainguard.dev/apko v0.29.7/go.mod h1:8MTY5N3RVNPUl6QBQVcl67GhMoB8aJN7nLZveDyYnpA= +chainguard.dev/apko v0.30.2 h1:hPNa0EPVly0RToBwNaoaomE3eaB29VWoLp6r/w2Voco= +chainguard.dev/apko v0.30.2/go.mod h1:BbRxG4kPa78w8AcSBZNKX8gbKwS6dQo1gZuqdwd078Q= chainguard.dev/go-grpc-kit v0.17.11 h1:m4ZL2yg6sSrdPA593qVh9KHTZ+XOmLwqv3Jt5vT0FuU= chainguard.dev/go-grpc-kit v0.17.11/go.mod h1:aYlrvAscMZBtVIA7bykUWfbjhL2fDoUCECHvopC2xWY= -chainguard.dev/sdk v0.1.36 h1:YzxE7ZccR32spQ3i8boN6eDEYlvhV17r8fdpI9vdOgE= -chainguard.dev/sdk v0.1.36/go.mod h1:4HOnG9fVNC9ruzkJLMWWUNM1iVxxBL+bKqj0STERbcs= +chainguard.dev/sdk v0.1.37 h1:4hZ2enarpA/FZ1JMXE3EOlpzd18LmdWZ7UScwdSlrSs= +chainguard.dev/sdk v0.1.37/go.mod h1:4HOnG9fVNC9ruzkJLMWWUNM1iVxxBL+bKqj0STERbcs= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go/auth v0.16.2 h1:QvBAGFPLrDeoiNjyfVunhQ10HKNYuOwZ5noee0M5df4= -cloud.google.com/go/auth v0.16.2/go.mod h1:sRBas2Y1fB1vZTdurouM0AzuYQBMZinrUYL8EufhtEA= +cloud.google.com/go/auth v0.16.3 h1:kabzoQ9/bobUmnseYnBO6qQG7q4a/CffFRlJSxv2wCc= +cloud.google.com/go/auth v0.16.3/go.mod h1:NucRGjaXfzP1ltpcQ7On/VTZ0H4kWB5Jy+Y9Dnm76fA= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU= @@ -98,8 +98,8 @@ github.com/docker/cli v28.3.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA= -github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -532,8 +532,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.242.0 h1:7Lnb1nfnpvbkCiZek6IXKdJ0MFuAZNAJKQfA1ws62xg= -google.golang.org/api v0.242.0/go.mod h1:cOVEm2TpdAGHL2z+UwyS+kmlGr3bVWQQ6sYEqkKje50= +google.golang.org/api v0.243.0 h1:sw+ESIJ4BVnlJcWu9S+p2Z6Qq1PjG77T8IJ1xtp4jZQ= +google.golang.org/api v0.243.0/go.mod h1:GE4QtYfaybx1KmeHMdBnNnyLzBZCVihGBXAmJu/uUr8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -542,8 +542,8 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 h1:oWVWY3NzT7KJppx2UKhKmzPq4SRe0LdCijVRwvGeikY= google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250715232539-7130f93afb79 h1:1ZwqphdOdWYXsUHgMpU/101nCtf/kSp9hOrcvFsnl10= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250715232539-7130f93afb79/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/pkg/config/config.go new/melange-0.30.3/pkg/config/config.go --- old/melange-0.30.1/pkg/config/config.go 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/pkg/config/config.go 2025-07-31 13:39:10.000000000 +0200 @@ -1241,7 +1241,7 @@ func replaceImageContents(r *strings.Replacer, in apko_types.ImageContents) apko_types.ImageContents { return apko_types.ImageContents{ BuildRepositories: replaceAll(r, in.BuildRepositories), - RuntimeRepositories: replaceAll(r, in.RuntimeRepositories), + Repositories: replaceAll(r, in.Repositories), Keyring: replaceAll(r, in.Keyring), Packages: replaceAll(r, in.Packages), BaseImage: in.BaseImage, // TODO diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/pkg/sca/e2e_test.go new/melange-0.30.3/pkg/sca/e2e_test.go --- old/melange-0.30.1/pkg/sca/e2e_test.go 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/pkg/sca/e2e_test.go 2025-07-31 13:39:10.000000000 +0200 @@ -73,7 +73,6 @@ "so:liblcms2-e69eef39.so.2.0.16", "so:liblzma-13fa198c.so.5.4.5", "so:libm.so.6", - "so:libopenblas64_p-r0-0cf96a72.3.23.dev.so", "so:libopenjp2-eca49203.so.2.5.0", "so:libpng16-78d422d5.so.16.40.0", "so:libpthread.so.0", @@ -150,17 +149,6 @@ "so:libm.so.6", "so:libmount.so.1", "so:libssl.so.3", - // libsystemd-core-256.so and - // libsystemd-shared-256.so are - // false-positives that get added to - // runtime deps because systemd links - // against these vendored libraries, - // but melange doesn't have enough - // context to determine that they are - // vendored because they're shipped by - // another subpackage. - "so:libsystemd-core-256.so", - "so:libsystemd-shared-256.so", "so:libudev.so.1", }, Provides: []string{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.30.1/pkg/sca/sca.go new/melange-0.30.3/pkg/sca/sca.go --- old/melange-0.30.1/pkg/sca/sca.go 2025-07-26 22:48:33.000000000 +0200 +++ new/melange-0.30.3/pkg/sca/sca.go 2025-07-31 13:39:10.000000000 +0200 @@ -84,20 +84,10 @@ PkgResolver() *apk.PkgResolver } -type GeneratorArgs struct { - // Extra directories where libraries can be found. This is - // filled by getLdSoConfDLibPaths. - extraLibDirs []string - - // A map of vendored shlib -> package name. This is filled by - // getAllVendoredShlibs. - allVendoredShlibs map[string]string -} - // DependencyGenerator takes an SCAHandle, config.Dependencies pointer -// and a GeneratorArgs struct with extra arguments and returns findings +// and a list of paths to be appended to libDirs and returns findings // based on analysis. -type DependencyGenerator func(context.Context, SCAHandle, *config.Dependencies, *GeneratorArgs) error +type DependencyGenerator func(context.Context, SCAHandle, *config.Dependencies, []string) error func isInDir(path string, dirs []string) bool { mydir := filepath.Dir(path) @@ -227,7 +217,7 @@ return extraLibPaths, nil } -func generateCmdProviders(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generateCmdProviders(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Info("scanning for commands...") @@ -290,7 +280,7 @@ // dereferenceCrossPackageSymlink attempts to dereference a symlink across multiple package // directories. -func dereferenceCrossPackageSymlink(hdl SCAHandle, path string, args *GeneratorArgs) (string, string, error) { +func dereferenceCrossPackageSymlink(hdl SCAHandle, path string, extraLibDirs []string) (string, string, error) { targetPackageNames := hdl.RelativeNames() pkgFS, err := hdl.Filesystem() @@ -305,7 +295,7 @@ realPath = filepath.Base(realPath) - expandedLibDirs := append(libDirs, args.extraLibDirs...) + expandedLibDirs := append(libDirs, extraLibDirs...) for _, pkgName := range targetPackageNames { baseFS, err := hdl.FilesystemForRelative(pkgName) @@ -500,13 +490,13 @@ return "", nil } -func processSymlinkSo(ctx context.Context, hdl SCAHandle, path string, generated *config.Dependencies, args *GeneratorArgs) error { +func processSymlinkSo(ctx context.Context, hdl SCAHandle, path string, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) if !strings.Contains(path, ".so") { return nil } - targetPkg, realPath, err := dereferenceCrossPackageSymlink(hdl, path, args) + targetPkg, realPath, err := dereferenceCrossPackageSymlink(hdl, path, extraLibDirs) if err != nil { return nil } @@ -559,62 +549,7 @@ return nil } -func getAllVendoredShlibs(ctx context.Context, hdl SCAHandle, extraLibDirs []string) (map[string]string, error) { - log := clog.FromContext(ctx) - - log.Info("gathering list of vendored shlibs...") - - targetPackageNames := hdl.RelativeNames() - - expandedLibDirs := append(libDirs, extraLibDirs...) - - allVendoredShlibs := make(map[string]string) - - for _, pkgName := range targetPackageNames { - fsys, err := hdl.FilesystemForRelative(pkgName) - if err != nil { - return nil, err - } - - if err := fs.WalkDir(fsys, "/", func(path string, d fs.DirEntry, err error) error { - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return fs.SkipAll - } - return err - } - - if !strings.Contains(path, ".so.") && !strings.HasSuffix(path, ".so") { - return nil - } - - fi, err := d.Info() - if err != nil { - return err - } - - mode := fi.Mode() - if !mode.IsRegular() && mode & os.ModeSymlink != os.ModeSymlink { - return nil - } - - dirPath := filepath.Dir(path) - if !isInDir(dirPath, expandedLibDirs) { - libName := filepath.Base(path) - log.Infof(" found vendored lib %s for package %s", libName, pkgName) - allVendoredShlibs[libName] = pkgName - } - - return nil - }); err != nil { - return nil, err - } - } - - return allVendoredShlibs, nil -} - -func generateSharedObjectNameDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generateSharedObjectNameDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Infof("scanning for shared object dependencies...") @@ -623,7 +558,7 @@ return err } - expandedLibDirs := append(libDirs, args.extraLibDirs...) + expandedLibDirs := append(libDirs, extraLibDirs...) if err := fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err error) error { if err != nil { @@ -641,7 +576,7 @@ isLink := mode.Type()&fs.ModeSymlink == fs.ModeSymlink if isLink { - if err := processSymlinkSo(ctx, hdl, path, generated, args); err != nil { + if err := processSymlinkSo(ctx, hdl, path, generated, extraLibDirs); err != nil { return err } } @@ -697,36 +632,9 @@ if isHostProvidedLibrary(lib) { continue } - if strings.Contains(lib, ".so.") || strings.HasSuffix(lib, ".so") { - pkgName, isVendoredDep := args.allVendoredShlibs[lib] - - // There are corner cases when we have - // a vendored shared library in a - // subpackage X and a binary linked - // against it in another subpackage Y - // (e.g. see postfix and - // postfix-stone). In this case, we - // want to generate a depends - // relationship from Y -> X. - if isVendoredDep { - // Vendored dependency. - if pkgName == hdl.PackageName() { - log.Infof(" found vendored lib %s", lib) - continue - } - - if !hdl.Options().NoVendoredCrossPackageDeps { - log.Infof(" found vendored lib %s from package %s; depending on %s=%s", lib, pkgName, pkgName, hdl.Version()) - generated.Runtime = append(generated.Runtime, fmt.Sprintf("%s=%s", pkgName, hdl.Version())) - } else { - log.Infof(" found vendored lib %s; not generating any depends", lib) - continue - } - } else { - // Regular library dependency. - log.Infof(" found lib %s for %s", lib, path) - generated.Runtime = append(generated.Runtime, fmt.Sprintf("so:%s", lib)) - } + if strings.Contains(lib, ".so.") { + log.Infof(" found lib %s for %s", lib, path) + generated.Runtime = append(generated.Runtime, fmt.Sprintf("so:%s", lib)) shlibVer, err := determineShlibVersion(ctx, hdl, lib) if err != nil { @@ -817,7 +725,7 @@ // generatePkgConfigDeps generates a list of provided pkg-config package names and versions, // as well as dependency relationships. -func generatePkgConfigDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generatePkgConfigDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Infof("scanning for pkg-config data...") @@ -907,7 +815,7 @@ // generatePythonDeps generates a python-3.X-base dependency for packages which ship // Python modules. -func generatePythonDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generatePythonDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Infof("scanning for python modules...") @@ -971,7 +879,7 @@ // generateRubyDeps generates a ruby-X.Y dependency for packages which ship // Ruby gems. -func generateRubyDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generateRubyDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Infof("scanning for ruby gems...") @@ -1018,7 +926,7 @@ } // For a documentation package add a dependency on man-db and / or texinfo as appropriate -func generateDocDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generateDocDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Infof("scanning for -doc package...") if !strings.HasSuffix(hdl.PackageName(), "-doc") { @@ -1141,7 +1049,7 @@ return bin, nil } -func generateShbangDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, args *GeneratorArgs) error { +func generateShbangDeps(ctx context.Context, hdl SCAHandle, generated *config.Dependencies, extraLibDirs []string) error { log := clog.FromContext(ctx) log.Infof("scanning for shbang deps...") @@ -1202,16 +1110,6 @@ return err } - allVendoredShlibs, err := getAllVendoredShlibs(ctx, hdl, extraLibDirs) - if err != nil { - return err - } - - args := GeneratorArgs{ - extraLibDirs, - allVendoredShlibs, - } - generators := []DependencyGenerator{ generateSharedObjectNameDeps, generateCmdProviders, @@ -1223,7 +1121,7 @@ } for _, gen := range generators { - if err := gen(ctx, hdl, generated, &args); err != nil { + if err := gen(ctx, hdl, generated, extraLibDirs); err != nil { return err } } ++++++ melange.obsinfo ++++++ --- /var/tmp/diff_new_pack.Rsaiqb/_old 2025-08-02 00:44:35.129609104 +0200 +++ /var/tmp/diff_new_pack.Rsaiqb/_new 2025-08-02 00:44:35.133609270 +0200 @@ -1,5 +1,5 @@ name: melange -version: 0.30.1 -mtime: 1753562913 -commit: a17bf700a4e4a35f230d1978e1861c807a4118dc +version: 0.30.3 +mtime: 1753961950 +commit: ace8048d3f2270454baed56842b7ab128fbf0fa6 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/melange/vendor.tar.gz /work/SRC/openSUSE:Factory/.melange.new.1085/vendor.tar.gz differ: char 132, line 1
