From 9f3eec34fefb25ed5279777ae195b9a68a76381d Mon Sep 17 00:00:00 2001 From: Simon Baird Date: Wed, 9 Oct 2024 15:24:35 -0400 Subject: [PATCH] Mention cachi2 limitation in rpm repo id rule It's a small fixup for c9909c41188fc35e946ea84f53962dd58f40d07f from a few weeks ago. Ref: https://issues.redhat.com/browse/EC-901 --- antora/docs/modules/ROOT/pages/release_policy.adoc | 2 +- policy/release/rpm_repos.rego | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/antora/docs/modules/ROOT/pages/release_policy.adoc b/antora/docs/modules/ROOT/pages/release_policy.adoc index a653a283..1e3fd626 100644 --- a/antora/docs/modules/ROOT/pages/release_policy.adoc +++ b/antora/docs/modules/ROOT/pages/release_policy.adoc @@ -1034,7 +1034,7 @@ This package defines rules to confirm that all RPM packages listed in SBOMs spec [#rpm_repos__ids_known] === link:#rpm_repos__ids_known[All rpms have known repo ids] -Each RPM package listed in an SBOM must specify the repository id that it comes from, and that repository id must be present in the list of known and permitted repository ids. +Each RPM package listed in an SBOM must specify the repository id that it comes from, and that repository id must be present in the list of known and permitted repository ids. Currently this is rule enforced only for SBOM components created by cachi2. *Solution*: Ensure every rpm comes from a known and permitted repository, and that the data in the SBOM correctly records that. diff --git a/policy/release/rpm_repos.rego b/policy/release/rpm_repos.rego index b343670f..0338d11d 100644 --- a/policy/release/rpm_repos.rego +++ b/policy/release/rpm_repos.rego @@ -35,6 +35,7 @@ deny contains result if { # description: >- # Each RPM package listed in an SBOM must specify the repository id that it comes from, # and that repository id must be present in the list of known and permitted repository ids. +# Currently this is rule enforced only for SBOM components created by cachi2. # custom: # short_name: ids_known # failure_msg: 'RPM repo id check failed: %s'