From 3df75de65a5414866fa43133309c1fc67490a373 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Tue, 17 Sep 2024 17:53:12 +0200
Subject: [PATCH] Util/SBOM: add compatibility layer for old lib Hawkey
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

'_hawkey.Reldep' object has no attribute 'name' in the version shipped
on RHEL-8. Add code to handle this situation in case it happens.
Default to using named attributes if these are available.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 osbuild/util/sbom/dnf.py | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/osbuild/util/sbom/dnf.py b/osbuild/util/sbom/dnf.py
index d0c41af2..f0ac6aac 100644
--- a/osbuild/util/sbom/dnf.py
+++ b/osbuild/util/sbom/dnf.py
@@ -24,6 +24,20 @@ def bom_chksum_algorithm_from_hawkey(chksum_type: int) -> sbom_model.ChecksumAlg
     raise ValueError(f"Unknown Hawkey checksum type: {chksum_type}")
 
 
+def _hawkey_reldep_to_rpmdependency(reldep: hawkey.Reldep) -> sbom_model.RPMDependency:
+    """
+    Convert a hawkey.Reldep to an SBOM RPM dependency.
+    """
+    try:
+        return sbom_model.RPMDependency(reldep.name, reldep.relation, reldep.version)
+    except AttributeError:
+        # '_hawkey.Reldep' object has no attribute 'name' in the version shipped on RHEL-8
+        dep_parts = str(reldep).split()
+        while len(dep_parts) < 3:
+            dep_parts.append("")
+        return sbom_model.RPMDependency(dep_parts[0], dep_parts[1], dep_parts[2])
+
+
 # pylint: disable=too-many-branches
 def dnf_pkgset_to_sbom_pkgset(dnf_pkgset: List[dnf.package.Package]) -> List[sbom_model.BasePackage]:
     """
@@ -72,10 +86,10 @@ def dnf_pkgset_to_sbom_pkgset(dnf_pkgset: List[dnf.package.Package]) -> List[sbo
                 repo_url = dnf_pkg.repo.mirrorlist
             pkg.repository_url = repo_url
 
-        pkg.rpm_provides = [sbom_model.RPMDependency(r.name, r.relation, r.version) for r in dnf_pkg.provides]
-        pkg.rpm_requires = [sbom_model.RPMDependency(r.name, r.relation, r.version) for r in dnf_pkg.requires]
-        pkg.rpm_recommends = [sbom_model.RPMDependency(r.name, r.relation, r.version) for r in dnf_pkg.recommends]
-        pkg.rpm_suggests = [sbom_model.RPMDependency(r.name, r.relation, r.version) for r in dnf_pkg.suggests]
+        pkg.rpm_provides = [_hawkey_reldep_to_rpmdependency(r) for r in dnf_pkg.provides]
+        pkg.rpm_requires = [_hawkey_reldep_to_rpmdependency(r) for r in dnf_pkg.requires]
+        pkg.rpm_recommends = [_hawkey_reldep_to_rpmdependency(r) for r in dnf_pkg.recommends]
+        pkg.rpm_suggests = [_hawkey_reldep_to_rpmdependency(r) for r in dnf_pkg.suggests]
 
         # The dnf_pkgset is not sorted by package dependencies. We need to determine relationships in two steps:
         # 1. Collect all packages that provide a certain capability