Skip to content

Package from development are referenced in target images

Background

The SBOM for build-deps check is reporting that some develpment packages are being referenced from target image:

  • tpm2-tss => consumed by systemd package
  • libfido2 => consumed by systemd package

This issue has been reported by @Tino.Lippold-ext

Reproducibility

How often the issue is hit when repeating the steps to reproduce and changing nothing?

Put the in the most appropriate entry:

  1. always
  2. often, but not always
  3. rarely

Impact of bug

The impact of this references seems to be low as the binaries are not used, however this should be properly addressed by:

  • Avoid the reference
  • Move required packages to target
  • Whitelist the reference if they are not valid

Outcomes

TBD

Management data

This section is for management only, it should be the last one in the description.

/cc @em @raju.balasubramanian-ext @sudarshan.chikkapuraputtalingaiah-ext @wlozano

Phabricator link: https://phabricator.apertis.org/T11174

Edited by Apertis CI robot
Apertis Website Terms of Use Privacy Policy