[8.15](backport #5215) refactor: update go-rpm library (#5257)

mergify[bot] · kruskall · web-flow · commit 15b8b799fe0d · 2024-08-27T06:32:07.000Z
* refactor: update go-rpm library (#5215) Bump go-rpm to new version and update path go-rpm library was moved to github.com/cavaliergopher/rpm. The checksum assertion has been removed as the method doesn't actually return the checksum but it's hardcoded to return the string sha256. (cherry picked from commit 8e6af84) # Conflicts: # NOTICE.txt # go.sum * fix: regenerate notice and run go mod tidy --------- Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>
diff --git a/NOTICE.txt b/NOTICE.txt
@@ -355,12 +355,12 @@ THE SOFTWARE.
 
 
 --------------------------------------------------------------------------------
-Dependency : github.com/cavaliercoder/go-rpm
-Version: v0.0.0-20190131055624-7a9c54e3d83e
+Dependency : github.com/cavaliergopher/rpm
+Version: v1.2.0
 Licence type (autodetected): BSD-3-Clause
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/cavaliercoder/go-rpm@v0.0.0-20190131055624-7a9c54e3d83e/LICENSE:
+Contents of probable licence file $GOMODCACHE/github.com/cavaliergopher/rpm@v1.2.0/LICENSE:
 
 Copyright (c) 2017 Ryan Armstrong. All rights reserved.
 
@@ -20240,34 +20240,6 @@ SOFTWARE.
 
 
 
---------------------------------------------------------------------------------
-Dependency : github.com/cavaliercoder/badio
-Version: v0.0.0-20160213150051-ce5280129e9e
-Licence type (autodetected): MIT
---------------------------------------------------------------------------------
-
-Contents of probable licence file $GOMODCACHE/github.com/cavaliercoder/badio@v0.0.0-20160213150051-ce5280129e9e/LICENSE:
-
-Copyright (c) 2015 Ryan Armstrong
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
 --------------------------------------------------------------------------------
 Dependency : github.com/cespare/xxhash/v2
 Version: v2.3.0
diff --git a/dev-tools/packaging/package_test.go b/dev-tools/packaging/package_test.go
@@ -30,7 +30,7 @@ import (
 	"testing"
 
 	"github.com/blakesmith/ar"
-	"github.com/cavaliercoder/go-rpm"
+	"github.com/cavaliergopher/rpm"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/yaml.v3"
@@ -112,7 +112,7 @@ func TestDocker(t *testing.T) {
 // Sub-tests
 
 func checkRPM(t *testing.T, file string) {
-	p, rpmPkg, err := readRPM(file)
+	p, _, err := readRPM(file)
 	if err != nil {
 		t.Error(err)
 		return
@@ -130,7 +130,6 @@ func checkRPM(t *testing.T, file string) {
 	checkLicensesPresent(t, "/usr/share", p)
 	checkSystemdUnitPermissions(t, p)
 	ensureNoBuildIDLinks(t, p)
-	checkRPMDigestTypeSHA256(t, rpmPkg)
 }
 
 func checkDeb(t *testing.T, file string, buf *bytes.Buffer) {
@@ -580,16 +579,6 @@ func ensureNoBuildIDLinks(t *testing.T, p *packageFile) {
 	})
 }
 
-// checkRPMDigestTypeSHA256 verifies that the RPM contains sha256 digests.
-// https://github.com/elastic/beats/issues/23670
-func checkRPMDigestTypeSHA256(t *testing.T, rpmPkg *rpm.PackageFile) {
-	t.Run("rpm_digest_type_is_sha256", func(t *testing.T) {
-		if rpmPkg.ChecksumType() != "sha256" {
-			t.Errorf("expected SHA256 digest type but got %v", rpmPkg.ChecksumType())
-		}
-	})
-}
-
 // Helpers
 
 type packageFile struct {
@@ -619,8 +608,8 @@ func getFiles(t *testing.T, pattern *regexp.Regexp) []string {
 	return files
 }
 
-func readRPM(rpmFile string) (*packageFile, *rpm.PackageFile, error) {
-	p, err := rpm.OpenPackageFile(rpmFile)
+func readRPM(rpmFile string) (*packageFile, *rpm.Package, error) {
+	p, err := rpm.Open(rpmFile)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/go.mod b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/antlr4-go/antlr/v4 v4.13.0
 	github.com/billgraziano/dpapi v0.4.0
 	github.com/blakesmith/ar v0.0.0-20150311145944-8bd4349a67f2
-	github.com/cavaliercoder/go-rpm v0.0.0-20190131055624-7a9c54e3d83e
+	github.com/cavaliergopher/rpm v1.2.0
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/docker/go-units v0.5.0
 	github.com/dolmen-go/contextio v0.0.0-20200217195037-68fc5150bcd5
@@ -91,7 +91,6 @@ require (
 )
 
 require (
-	github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/open-telemetry/opentelemetry-collector-contrib/connector/spanmetricsconnector v0.106.1
 	github.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter v0.106.1
diff --git a/go.sum b/go.sum
@@ -134,10 +134,8 @@ github.com/blakesmith/ar v0.0.0-20150311145944-8bd4349a67f2 h1:oMCHnXa6CCCafdPDb
 github.com/blakesmith/ar v0.0.0-20150311145944-8bd4349a67f2/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
 github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I=
 github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
-github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e h1:YYUjy5BRwO5zPtfk+aa2gw255FIIoi93zMmuy19o0bc=
-github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e/go.mod h1:V284PjgVwSk4ETmz84rpu9ehpGg7swlIH8npP9k2bGw=
-github.com/cavaliercoder/go-rpm v0.0.0-20190131055624-7a9c54e3d83e h1:Gbx+iVCXG/1m5WSnidDGuHgN+vbIwl+6fR092ANU+Y8=
-github.com/cavaliercoder/go-rpm v0.0.0-20190131055624-7a9c54e3d83e/go.mod h1:AZIh1CCnMrcVm6afFf96PBvE2MRpWFco91z8ObJtgDY=
+github.com/cavaliergopher/rpm v1.2.0 h1:s0h+QeVK252QFTolkhGiMeQ1f+tMeIMhGl8B1HUmGUc=
+github.com/cavaliergopher/rpm v1.2.0/go.mod h1:R0q3vTqa7RUvPofAZYrnjJ63hh2vngjFfphuXiExVos=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
