feat: add blacklisted paths to implicit dependencies processing

It has been found that in some cases additional packages have been added as dependencies, like usr/share/applications, usr/lib/cmake, etc This commit adds an ability to blacklist specific paths from processing
2025-07-14 22:45:47 +00:00 · 2024-08-20 16:41:24 +03:00
parent 4169851eaa
commit 10aa91a033
13 changed files with 191 additions and 11 deletions
--- a/src/ahriman/core/configuration/schema.py
+++ b/src/ahriman/core/configuration/schema.py
@ -169,6 +169,14 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
    "build": {
        "type": "dict",
        "schema": {
+            "allowed_scan_paths": {
+                "type": "list",
+                "coerce": "list",
+                "schema": {
+                    "type": "path",
+                    "coerce": "absolute_path",
+                },
+            },
            "archbuild_flags": {
                "type": "list",
                "coerce": "list",
@ -177,6 +185,14 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                    "empty": False,
                },
            },
+            "blacklisted_scan_paths": {
+                "type": "list",
+                "coerce": "list",
+                "schema": {
+                    "type": "path",
+                    "coerce": "absolute_path",
+                },
+            },
            "build_command": {
                "type": "string",
                "required": True,
--- a/src/ahriman/core/repository/executor.py
+++ b/src/ahriman/core/repository/executor.py
@ -80,7 +80,8 @@ class Executor(PackageInfo, Cleaner):
                    # clear changes and update commit hash
                    self.reporter.package_changes_update(single.base, Changes(last_commit_sha))
                    # update dependencies list
-                    dependencies = PackageArchive(self.paths.build_directory, single, self.pacman).depends_on()
+                    package_archive = PackageArchive(self.paths.build_directory, single, self.pacman, self.scan_paths)
+                    dependencies = package_archive.depends_on()
                    self.reporter.package_dependencies_update(single.base, dependencies)
                    # update result set
                    result.add_updated(single)
--- a/src/ahriman/core/repository/repository_properties.py
+++ b/src/ahriman/core/repository/repository_properties.py
@ -29,6 +29,7 @@ from ahriman.models.packagers import Packagers
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.repository_paths import RepositoryPaths
+from ahriman.models.scan_paths import ScanPaths
 from ahriman.models.user import User
 from ahriman.models.user_access import UserAccess

@ -46,6 +47,7 @@ class RepositoryProperties(LazyLogging):
        repo(Repo): repo commands wrapper instance
        reporter(Client): build status reporter instance
        repository_id(RepositoryId): repository unique identifier
+        scan_paths(ScanPaths): scan paths for the implicit dependencies
        sign(GPG): GPG wrapper instance
        triggers(TriggerLoader): triggers holder
        vcs_allowed_age(int): maximal age of the VCS packages before they will be checked
@ -78,6 +80,11 @@ class RepositoryProperties(LazyLogging):
        self.reporter = Client.load(repository_id, configuration, database, report=report)
        self.triggers = TriggerLoader.load(repository_id, configuration)

+        self.scan_paths = ScanPaths(
+            allowed_paths=configuration.getpathlist("build", "allowed_scan_paths", fallback=[]),
+            blacklisted_paths=configuration.getpathlist("build", "blacklisted_scan_paths", fallback=[]),
+        )
+
    @property
    def architecture(self) -> str:
        """
--- a/src/ahriman/models/package_archive.py
+++ b/src/ahriman/models/package_archive.py
@ -30,6 +30,7 @@ from ahriman.core.utils import walk
 from ahriman.models.dependencies import Dependencies
 from ahriman.models.filesystem_package import FilesystemPackage
 from ahriman.models.package import Package
+from ahriman.models.scan_paths import ScanPaths


@dataclass
@ -39,13 +40,15 @@ class PackageArchive:

    Attributes:
        package(Package): package descriptor
-        root(Path): path to root filesystem
        pacman(Pacman): alpm wrapper instance
+        root(Path): path to root filesystem
+        scan_paths(ScanPaths): scan paths holder
    """

    root: Path
    package: Package
    pacman: Pacman
+    scan_paths: ScanPaths

    @staticmethod
    def dynamic_needed(binary_path: Path) -> list[str]:
@ -165,6 +168,10 @@ class PackageArchive:
            if any(package.package_name in base_packages for package in packages):
                continue

+            # check path against the black/white listed
+            if not self.scan_paths.is_allowed(path):
+                continue
+
            # remove explicit dependencies
            packages = [package for package in packages if package.is_root_package(packages, include_optional=False)]
            # remove optional dependencies
--- a/src/ahriman/models/scan_paths.py
+++ b/src/ahriman/models/scan_paths.py
@ -0,0 +1,58 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from dataclasses import dataclass
+from pathlib import Path
+
+
+@dataclass(frozen=True, kw_only=True)
+class ScanPaths:
+    """
+    paths used for scan filesystem
+
+    Attributes:
+        allowed_paths(list[Path]): list of whitelisted paths
+        blacklisted_paths(list[Path]): list of paths to be skipped from scan
+    """
+
+    allowed_paths: list[Path]
+    blacklisted_paths: list[Path]
+
+    def __post_init__(self) -> None:
+        """
+        compute relative to / paths
+        """
+        object.__setattr__(self, "allowed_paths", [path.relative_to("/") for path in self.allowed_paths])
+        object.__setattr__(self, "blacklisted_paths", [path.relative_to("/") for path in self.blacklisted_paths])
+
+    def is_allowed(self, path: Path) -> bool:
+        """
+        check whether path is allowed to scan or not
+
+        Args:
+            path(Path): path to be checked
+
+        Returns:
+            bool: ``True`` in case if :attr:`allowed_paths` contains element which is parent for the path and
+            :attr:`blacklisted_paths` doesn't and ``False`` otherwise
+        """
+        if any(path.is_relative_to(blacklisted) for blacklisted in self.blacklisted_paths):
+            return False  # path is blacklisted
+        # check if we actually have to check this path
+        return any(path.is_relative_to(allowed) for allowed in self.allowed_paths)