diff --git a/.github/actions/action.yaml b/.github/actions/action.yaml index 8ba21813b..1e2524e81 100644 --- a/.github/actions/action.yaml +++ b/.github/actions/action.yaml @@ -8,7 +8,7 @@ runs: repository: wolfi-dev/wolfictl path: wolfictl-setup-gha - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: '1.21' check-latest: true diff --git a/docs/cmd/wolfictl.md b/docs/cmd/wolfictl.md index 5aca83bce..b5ae0f29e 100644 --- a/docs/cmd/wolfictl.md +++ b/docs/cmd/wolfictl.md @@ -9,7 +9,9 @@ A CLI helper for developing Wolfi ### Options ``` - -h, --help help for wolfictl + -h, --help help for wolfictl + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) ``` ### SEE ALSO @@ -18,13 +20,15 @@ A CLI helper for developing Wolfi * [wolfictl apk](wolfictl_apk.md) - * [wolfictl build](wolfictl_build.md) - * [wolfictl bump](wolfictl_bump.md) - Bumps the epoch field in melange configuration files +* [wolfictl bundle](wolfictl_bundle.md) - * [wolfictl check](wolfictl_check.md) - Subcommands used for CI checks in Wolfi * [wolfictl dot](wolfictl_dot.md) - Generate graphviz .dot output * [wolfictl gh](wolfictl_gh.md) - Commands used to interact with GitHub * [wolfictl image](wolfictl_image.md) - (Experimental) Commands for working with container images that use Wolfi -* [wolfictl index](wolfictl_index.md) - * [wolfictl lint](wolfictl_lint.md) - Lint the code +* [wolfictl ruby](wolfictl_ruby.md) - Work with ruby packages * [wolfictl scan](wolfictl_scan.md) - Scan a package for vulnerabilities +* [wolfictl test](wolfictl_test.md) - * [wolfictl text](wolfictl_text.md) - Print a sorted list of downstream dependent packages * [wolfictl update](wolfictl_update.md) - Proposes melange package update(s) via a pull request * [wolfictl version](wolfictl_version.md) - Prints the version diff --git a/docs/cmd/wolfictl_advisory.md b/docs/cmd/wolfictl_advisory.md index e3fe62f81..1c1140c8b 100644 --- a/docs/cmd/wolfictl_advisory.md +++ b/docs/cmd/wolfictl_advisory.md @@ -14,14 +14,24 @@ Commands for consuming and maintaining security advisory data -h, --help help for advisory ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi * [wolfictl advisory alias](wolfictl_advisory_alias.md) - Commands for discovering vulnerability aliases +* [wolfictl advisory copy](wolfictl_advisory_copy.md) - Copy a package's advisories into a new package. * [wolfictl advisory create](wolfictl_advisory_create.md) - Create a new advisory * [wolfictl advisory diff](wolfictl_advisory_diff.md) - See the advisory data differences introduced by your local changes * [wolfictl advisory discover](wolfictl_advisory_discover.md) - Automatically create advisories by matching distro packages to vulnerabilities in NVD +* [wolfictl advisory guide](wolfictl_advisory_guide.md) - Launch an interactive guide to help you enter advisory data for a package * [wolfictl advisory list](wolfictl_advisory_list.md) - List advisories for specific packages, vulnerabilities, or the entire data set +* [wolfictl advisory osv](wolfictl_advisory_osv.md) - Build an OSV dataset from Chainguard advisory data * [wolfictl advisory secdb](wolfictl_advisory_secdb.md) - Build an Alpine-style security database from advisory data * [wolfictl advisory update](wolfictl_advisory_update.md) - Update an existing advisory with a new event * [wolfictl advisory validate](wolfictl_advisory_validate.md) - Validate the state of advisory data diff --git a/docs/cmd/wolfictl_advisory_alias.md b/docs/cmd/wolfictl_advisory_alias.md index 5f938c5d1..119275ef8 100644 --- a/docs/cmd/wolfictl_advisory_alias.md +++ b/docs/cmd/wolfictl_advisory_alias.md @@ -12,6 +12,13 @@ Commands for discovering vulnerability aliases -h, --help help for alias ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_alias_discover.md b/docs/cmd/wolfictl_advisory_alias_discover.md index 7547156a8..87e4d3c73 100644 --- a/docs/cmd/wolfictl_advisory_alias_discover.md +++ b/docs/cmd/wolfictl_advisory_alias_discover.md @@ -48,6 +48,13 @@ than attempting any kind of merge of the separate advisories. -p, --package strings packages to operate on ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory alias](wolfictl_advisory_alias.md) - Commands for discovering vulnerability aliases diff --git a/docs/cmd/wolfictl_advisory_alias_find.md b/docs/cmd/wolfictl_advisory_alias_find.md index 19baeed29..5b1062635 100644 --- a/docs/cmd/wolfictl_advisory_alias_find.md +++ b/docs/cmd/wolfictl_advisory_alias_find.md @@ -44,6 +44,13 @@ hyperlinked to the relevant webpage from the upstream data source. -h, --help help for find ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory alias](wolfictl_advisory_alias.md) - Commands for discovering vulnerability aliases diff --git a/docs/cmd/wolfictl_advisory_create.md b/docs/cmd/wolfictl_advisory_create.md index 9efe9aaa7..f92272747 100644 --- a/docs/cmd/wolfictl_advisory_create.md +++ b/docs/cmd/wolfictl_advisory_create.md @@ -51,6 +51,13 @@ newly created advisory and any other advisories for the same package. -V, --vuln string vulnerability ID for advisory ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_diff.md b/docs/cmd/wolfictl_advisory_diff.md index 32b321d34..635cd3a94 100644 --- a/docs/cmd/wolfictl_advisory_diff.md +++ b/docs/cmd/wolfictl_advisory_diff.md @@ -18,6 +18,13 @@ See the advisory data differences introduced by your local changes -h, --help help for diff ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_discover.md b/docs/cmd/wolfictl_advisory_discover.md index 0e4f044f5..229c5c312 100644 --- a/docs/cmd/wolfictl_advisory_discover.md +++ b/docs/cmd/wolfictl_advisory_discover.md @@ -24,6 +24,13 @@ Automatically create advisories by matching distro packages to vulnerabilities i -r, --package-repo-url string URL of the APK package repository ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_list.md b/docs/cmd/wolfictl_advisory_list.md index bf7f6cfaa..05343aa2b 100644 --- a/docs/cmd/wolfictl_advisory_list.md +++ b/docs/cmd/wolfictl_advisory_list.md @@ -14,7 +14,7 @@ wolfictl advisory list List advisories for specific packages, vulnerabilities, or the entire data set. -The 'list' (or 'ls') command prints a list of advisories based on the given +The 'list' (or 'ls') command prints a table of advisories based on the given selection criteria. By default, all advisories in the current advisory data set will be listed. @@ -28,6 +28,21 @@ You can list all advisories for a given vulnerability ID across all packages: wolfictl adv ls -V CVE-2023-38545 +You can filter advisories by the type of the latest event: + + wolfictl adv ls -t detection + +You can filter advisories by the detected component type: + + wolfictl adv ls -c python + +You can filter advisories by the date they were created or last updated: + + wolfictl adv ls --created-since 2024-01-01 + wolfictl adv ls --created-before 2023-12-31 + wolfictl adv ls --updated-since 2024-06-01 + wolfictl adv ls --updated-before 2024-06-01 + You can show only advisories that are considered not to be "resolved": wolfictl adv ls --unresolved @@ -40,19 +55,41 @@ Using the --history flag, you can list advisory events instead of just advisories' latest states. This is useful for viewing a summary of an investigation over time for a given package/vulnerability match.' +COUNT + +You get a count of the advisories that match the criteria by using the --count +flag. This will report just the count, not the full list of advisories. + + wolfictl adv ls --count + + ### Options ``` -a, --advisories-repo-dir string directory containing the advisories repository + --aliases show other known vulnerability IDs for each advisory (default true) + -c, --component-type string filter advisories by detected component type + --count show only the count of advisories that match the criteria + --created-before string filter advisories created before a given date + --created-since string filter advisories created since a given date -h, --help help for list --history show full history for advisories - --no-distro-detection do not attempt to auto-detect the distro -p, --package string package name + -t, --type string filter advisories by event type --unresolved only show advisories considered to be unresolved + --updated-before string filter advisories updated before a given date + --updated-since string filter advisories updated since a given date -V, --vuln string vulnerability ID for advisory ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_secdb.md b/docs/cmd/wolfictl_advisory_secdb.md index 0413618ea..0b4473792 100644 --- a/docs/cmd/wolfictl_advisory_secdb.md +++ b/docs/cmd/wolfictl_advisory_secdb.md @@ -26,6 +26,13 @@ Build an Alpine-style security database from advisory data --url-prefix string URL scheme and hostname for the package repository (default "https://packages.wolfi.dev") ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_update.md b/docs/cmd/wolfictl_advisory_update.md index eee2976ef..679553eb1 100644 --- a/docs/cmd/wolfictl_advisory_update.md +++ b/docs/cmd/wolfictl_advisory_update.md @@ -48,6 +48,13 @@ required fields are missing. -V, --vuln string vulnerability ID for advisory ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data diff --git a/docs/cmd/wolfictl_advisory_validate.md b/docs/cmd/wolfictl_advisory_validate.md index 457442dd7..70a6d991b 100644 --- a/docs/cmd/wolfictl_advisory_validate.md +++ b/docs/cmd/wolfictl_advisory_validate.md @@ -57,13 +57,21 @@ print an error message that specifies where and how the data is invalid. --no-distro-detection do not attempt to auto-detect the distro -p, --package strings packages to validate -r, --package-repo-url string URL of the APK package repository - --skip-alias skip alias completeness validation + --skip-alias skip alias completeness validation (default true) --skip-diff skip diff-based validations --skip-existence skip package configuration existence validation -v, --verbose count logging verbosity (v = info, vv = debug, default is none) ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl advisory](wolfictl_advisory.md) - Commands for consuming and maintaining security advisory data +* [wolfictl advisory validate fixes](wolfictl_advisory_validate_fixes.md) - Validate fixes recorded in advisories diff --git a/docs/cmd/wolfictl_apk.md b/docs/cmd/wolfictl_apk.md index 60ad66389..1b1919ada 100644 --- a/docs/cmd/wolfictl_apk.md +++ b/docs/cmd/wolfictl_apk.md @@ -2,12 +2,6 @@ -### Usage - -``` -wolfictl apk -``` - ### Synopsis @@ -15,12 +9,19 @@ wolfictl apk ### Options ``` - --arch string arch of package to get (default "x86_64") - -h, --help help for apk - --repo string repo to get packages from (default "wolfi") + -h, --help help for apk +``` + +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) ``` ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi +* [wolfictl apk cp](wolfictl_apk_cp.md) - +* [wolfictl apk ls](wolfictl_apk_ls.md) - diff --git a/docs/cmd/wolfictl_build.md b/docs/cmd/wolfictl_build.md index b9218a79a..5efce7443 100644 --- a/docs/cmd/wolfictl_build.md +++ b/docs/cmd/wolfictl_build.md @@ -15,16 +15,38 @@ wolfictl build ### Options ``` - --arch strings arch of package to build (default [x86_64,aarch64]) - -d, --dir string directory to search for melange configs (default ".") - --dry-run print commands instead of executing them - -h, --help help for build - -j, --jobs int number of jobs to run concurrently (default is GOMAXPROCS) - -k, --keyring-append strings path to extra keys to include in the build environment keyring (default [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub]) - --log-dir string subdirectory where buildlogs will be written when specified (packages/$arch/buildlogs/$apk.log) (default "buildlogs") - --pipeline-dir string directory used to extend defined built-in pipelines - -r, --repository-append strings path to extra repositories to include in the build environment (default [https://packages.wolfi.dev/os]) - --runner string which runner to use to enable running commands, default is based on your platform. (default "docker") + -a, --annotations strings key=value pairs to add to the pod spec annotations. The keys will be prefixed with 'melange.chainguard.dev/' on the pod. + --arch strings arch of package to build (default [x86_64,aarch64]) + --bucket string gcs bucket to upload results (experimental) + --bundle string bundle of work to do (experimental) + --cache-dir string directory used for cached inputs (default "./melange-cache/") + --cache-source string directory or bucket used for preloading the cache + --destination-bucket string bucket where packages are uploaded (experimental) + --destination-repository string repo where packages will eventually be uploaded, used to skip existing packages (currently only supports http) + -d, --dir string directory to search for melange configs (default ".") + --dry-run print commands instead of executing them + --generate-index whether to generate APKINDEX.tar.gz (default true) + -h, --help help for build + -j, --jobs int number of jobs to run concurrently (default is GOMAXPROCS) + --k8s-namespace string namespace to deploy pods into for builds. (default "default") + -k, --keyring-append strings path to extra keys to include in the build environment keyring (default [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub]) + --machine-family string machine family for amd64 builds + --namespace string namespace to use in package URLs in SBOM (eg wolfi, alpine) (default "wolfi") + --out-dir string directory where packages will be output + --pipeline-dir string directory used to extend defined built-in pipelines + -r, --repository-append strings path to extra repositories to include in the build environment (default [https://packages.wolfi.dev/os]) + --runner string which runner to use to enable running commands, default is based on your platform. (default "docker") + --service-account string service-account to run pods as. (default "default") + --signing-key string key to use for signing + --summary string file to write build summary + --trace string where to write trace output +``` + +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) ``` ### SEE ALSO diff --git a/docs/cmd/wolfictl_bump.md b/docs/cmd/wolfictl_bump.md index c679b8929..764f4de5d 100644 --- a/docs/cmd/wolfictl_bump.md +++ b/docs/cmd/wolfictl_bump.md @@ -5,7 +5,7 @@ Bumps the epoch field in melange configuration files ### Usage ``` -wolfictl bump [flags] config[.yaml] [config[.yaml]...] +wolfictl bump config[.yaml] [config[.yaml]...] ``` ### Synopsis @@ -43,6 +43,13 @@ wolfictl bump openssh.yaml perl lib*.yaml --repo string path to the wolfi/os repository (default ".") ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_check.md b/docs/cmd/wolfictl_check.md index e4d2e71d1..f14fec92d 100644 --- a/docs/cmd/wolfictl_check.md +++ b/docs/cmd/wolfictl_check.md @@ -14,6 +14,13 @@ Subcommands used for CI checks in Wolfi -h, --help help for check ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_check_diff.md b/docs/cmd/wolfictl_check_diff.md index 141de57a1..960e3fd8a 100644 --- a/docs/cmd/wolfictl_check_diff.md +++ b/docs/cmd/wolfictl_check_diff.md @@ -22,6 +22,13 @@ Create a diff comparing proposed apk changes following a melange build, to the l --packages-dir string directory containing new packages (default "packages") ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl check](wolfictl_check.md) - Subcommands used for CI checks in Wolfi diff --git a/docs/cmd/wolfictl_check_so-name.md b/docs/cmd/wolfictl_check_so-name.md index d0415633d..86bb604c1 100644 --- a/docs/cmd/wolfictl_check_so-name.md +++ b/docs/cmd/wolfictl_check_so-name.md @@ -23,6 +23,13 @@ Check so name files have not changed in upgrade --packages-dir string directory containing new packages (default "packages") ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl check](wolfictl_check.md) - Subcommands used for CI checks in Wolfi diff --git a/docs/cmd/wolfictl_check_update.md b/docs/cmd/wolfictl_check_update.md index 39dd0a35f..a2a095c36 100644 --- a/docs/cmd/wolfictl_check_update.md +++ b/docs/cmd/wolfictl_check_update.md @@ -5,7 +5,7 @@ Check Wolfi update configs ### Usage ``` -wolfictl check update +wolfictl check update [config[.yaml]...] ``` ### Synopsis @@ -20,6 +20,13 @@ Check Wolfi update configs --override-version string override the local melange config version to test an update works as expected ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl check](wolfictl_check.md) - Subcommands used for CI checks in Wolfi diff --git a/docs/cmd/wolfictl_dot.md b/docs/cmd/wolfictl_dot.md index 23d42b145..b9bb091e9 100644 --- a/docs/cmd/wolfictl_dot.md +++ b/docs/cmd/wolfictl_dot.md @@ -42,6 +42,13 @@ Open browser to explore crane's deps recursively, only showing a minimum subgrap --web do a website ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_gh.md b/docs/cmd/wolfictl_gh.md index 0ea96f415..91435b5b6 100644 --- a/docs/cmd/wolfictl_gh.md +++ b/docs/cmd/wolfictl_gh.md @@ -12,6 +12,13 @@ Commands used to interact with GitHub -h, --help help for gh ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_gh_gc.md b/docs/cmd/wolfictl_gh_gc.md index c70f1b946..98bf8756c 100644 --- a/docs/cmd/wolfictl_gh_gc.md +++ b/docs/cmd/wolfictl_gh_gc.md @@ -12,6 +12,13 @@ Garbage collection commands used with GitHub -h, --help help for gc ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl gh](wolfictl_gh.md) - Commands used to interact with GitHub diff --git a/docs/cmd/wolfictl_gh_gc_branch.md b/docs/cmd/wolfictl_gh_gc_branch.md index 9595ae003..50b1d2b76 100644 --- a/docs/cmd/wolfictl_gh_gc_branch.md +++ b/docs/cmd/wolfictl_gh_gc_branch.md @@ -25,6 +25,13 @@ wolfictl gh gc branch https://github.com/wolfi-dev/os --match "wolfictl-" --match string pattern to match branches against ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl gh gc](wolfictl_gh_gc.md) - Garbage collection commands used with GitHub diff --git a/docs/cmd/wolfictl_gh_gc_issues.md b/docs/cmd/wolfictl_gh_gc_issues.md index 7912092a6..a915e286e 100644 --- a/docs/cmd/wolfictl_gh_gc_issues.md +++ b/docs/cmd/wolfictl_gh_gc_issues.md @@ -25,6 +25,13 @@ wolfictl gc issues https://github.com/wolfi-dev/versions --match "version-stream --match string pattern to match issues against ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl gh gc](wolfictl_gh_gc.md) - Garbage collection commands used with GitHub diff --git a/docs/cmd/wolfictl_gh_release.md b/docs/cmd/wolfictl_gh_release.md index c732a5b4e..75e788214 100644 --- a/docs/cmd/wolfictl_gh_release.md +++ b/docs/cmd/wolfictl_gh_release.md @@ -31,6 +31,13 @@ wolfictl gh release --bump-prerelease-with-prefix rc -h, --help help for release ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl gh](wolfictl_gh.md) - Commands used to interact with GitHub diff --git a/docs/cmd/wolfictl_image.md b/docs/cmd/wolfictl_image.md index 2b241847b..28af160cd 100644 --- a/docs/cmd/wolfictl_image.md +++ b/docs/cmd/wolfictl_image.md @@ -12,6 +12,13 @@ -h, --help help for image ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_image_apk.md b/docs/cmd/wolfictl_image_apk.md index 8ebde20e3..8575c7949 100644 --- a/docs/cmd/wolfictl_image_apk.md +++ b/docs/cmd/wolfictl_image_apk.md @@ -34,6 +34,13 @@ Show APK(s) in a container image -h, --help help for apk ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl image](wolfictl_image.md) - (Experimental) Commands for working with container images that use Wolfi diff --git a/docs/cmd/wolfictl_lint.md b/docs/cmd/wolfictl_lint.md index e724f62d9..61fcc5f1d 100644 --- a/docs/cmd/wolfictl_lint.md +++ b/docs/cmd/wolfictl_lint.md @@ -17,8 +17,15 @@ Lint the code ``` -h, --help help for lint -l, --list prints the all of available rules and exits + -s, --severity string minimum severity level to report (error, warning, info) (default "warning") --skip-rule stringArray list of rules to skip - -v, --verbose verbose output +``` + +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) ``` ### SEE ALSO diff --git a/docs/cmd/wolfictl_lint_yam.md b/docs/cmd/wolfictl_lint_yam.md index 9b4c99c4e..7bc73d1a4 100644 --- a/docs/cmd/wolfictl_lint_yam.md +++ b/docs/cmd/wolfictl_lint_yam.md @@ -18,6 +18,13 @@ wolfictl lint yam [file]... -h, --help help for yam ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl lint](wolfictl_lint.md) - Lint the code diff --git a/docs/cmd/wolfictl_scan.md b/docs/cmd/wolfictl_scan.md index 40a9f0265..d65f5e9c1 100644 --- a/docs/cmd/wolfictl_scan.md +++ b/docs/cmd/wolfictl_scan.md @@ -36,8 +36,8 @@ By default, the command will print all vulnerabilities found in the package(s) to stdout. You can filter the vulnerabilities shown using existing local advisory data. To do this, you must first clone the advisory data from the advisories repository for the distro whose packages you are scanning. You -specify the path to each local advisories repository using the ---advisories-repo-dir flag for each repository. Then, you can use the +specify the path to the local advisories repository using the +--advisories-repo-dir flag for the repository. Then, you can use the "--advisory-filter" flag to specify which set of advisories to use for filtering. The following sets of advisories are available: @@ -113,18 +113,27 @@ wolfictl scan package1 package2 --remote ### Options ``` - -a, --advisories-repo-dir strings local directory for advisory data - -f, --advisory-filter string exclude vulnerability matches that are referenced from the specified set of advisories (resolved|all|concluded) - --build-log treat input as a package build log file (or a directory that contains a packages.log file) - --disable-sbom-cache don't use the SBOM cache - --distro string distro to use during vulnerability matching (default "wolfi") - -h, --help help for scan - --local-file-grype-db string import a local grype db file - -o, --output string output format (outline|json), defaults to outline - -r, --remote treat input(s) as the name(s) of package(s) in the Wolfi package repository to download and scan the latest versions of - --require-zero exit 1 if any vulnerabilities are found - -s, --sbom treat input(s) as SBOM(s) of APK(s) instead of as actual APK(s) - --use-cpes turn on all CPE matching in Grype + -a, --advisories-repo-dir string directory containing the advisories repository + -f, --advisory-filter string exclude vulnerability matches that are referenced from the specified set of advisories (resolved|all|concluded) + --build-log treat input as a package build log file (or a directory that contains a packages.log file) + --disable-sbom-cache don't use the SBOM cache + --distro string distro to use during vulnerability matching (default "wolfi") + -h, --help help for scan + --local-file-grype-db string import a local grype db file + -o, --output string output format (outline|json), defaults to outline + -r, --remote treat input(s) as the name(s) of package(s) in the Wolfi package repository to download and scan the latest versions of + --repository string URL of the APK package repository (default "https://packages.wolfi.dev/os") + --require-zero exit 1 if any vulnerabilities are found + -s, --sbom treat input(s) as SBOM(s) of APK(s) instead of as actual APK(s) + --use-cpes turn on all CPE matching in Grype + -v, --verbose count logging verbosity (v = info, vv = debug, default is none) +``` + +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) ``` ### SEE ALSO diff --git a/docs/cmd/wolfictl_text.md b/docs/cmd/wolfictl_text.md index 6cfdd1166..0f4eba004 100644 --- a/docs/cmd/wolfictl_text.md +++ b/docs/cmd/wolfictl_text.md @@ -24,6 +24,13 @@ Print a sorted list of downstream dependent packages -t, --type string What type of text to emit; values can be one of: [target makefile name version name-version] (default "target") ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_update.md b/docs/cmd/wolfictl_update.md index 565193345..8a16ce4df 100644 --- a/docs/cmd/wolfictl_update.md +++ b/docs/cmd/wolfictl_update.md @@ -29,6 +29,13 @@ Proposes melange package update(s) via a pull request --use-gitsign enable gitsign to sign the git commits ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_update_package.md b/docs/cmd/wolfictl_update_package.md index c4c4a966e..d8191ac00 100644 --- a/docs/cmd/wolfictl_update_package.md +++ b/docs/cmd/wolfictl_update_package.md @@ -29,6 +29,13 @@ wolfictl update package cheese --version v1.2.3 --target-repo https://github.com --version string version to bump melange package to ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl update](wolfictl_update.md) - Proposes melange package update(s) via a pull request diff --git a/docs/cmd/wolfictl_version.md b/docs/cmd/wolfictl_version.md index f8c363ecb..4a637a5d3 100644 --- a/docs/cmd/wolfictl_version.md +++ b/docs/cmd/wolfictl_version.md @@ -19,6 +19,13 @@ Prints the version --json print JSON instead of text ``` +### Options inherited from parent commands + +``` + --log-level string log level (e.g. debug, info, warn, error) (default "info") + --log-policy strings log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr]) +``` + ### SEE ALSO * [wolfictl](wolfictl.md) - A CLI helper for developing Wolfi diff --git a/docs/cmd/wolfictl_withdraw.md b/docs/cmd/wolfictl_withdraw.md index f94a68f90..ae9558550 100644 --- a/docs/cmd/wolfictl_withdraw.md +++ b/docs/cmd/wolfictl_withdraw.md @@ -5,7 +5,7 @@ Withdraw packages from an APKINDEX.tar.gz ### Usage ``` -wolfictl withdraw [flags] example-pkg-1.2.3-r4 +wolfictl withdraw example-pkg-1.2.3-r4 ``` ### Synopsis @@ -23,6 +23,13 @@ withdraw --signing-key ./foo.rsa example-pkg-1.2.3-r4 also-bad-2.3.4-r1 \-\-count + +.fi +.RE + .SH OPTIONS .PP \fB\-a\fP, \fB\-\-advisories\-repo\-dir\fP="" directory containing the advisories repository +.PP +\fB\-\-aliases\fP[=true] + show other known vulnerability IDs for each advisory + +.PP +\fB\-c\fP, \fB\-\-component\-type\fP="" + filter advisories by detected component type + +.PP +\fB\-\-count\fP[=false] + show only the count of advisories that match the criteria + +.PP +\fB\-\-created\-before\fP="" + filter advisories created before a given date + +.PP +\fB\-\-created\-since\fP="" + filter advisories created since a given date + .PP \fB\-h\fP, \fB\-\-help\fP[=false] help for list @@ -86,23 +161,41 @@ investigation over time for a given package/vulnerability match.' \fB\-\-history\fP[=false] show full history for advisories -.PP -\fB\-\-no\-distro\-detection\fP[=false] - do not attempt to auto\-detect the distro - .PP \fB\-p\fP, \fB\-\-package\fP="" package name +.PP +\fB\-t\fP, \fB\-\-type\fP="" + filter advisories by event type + .PP \fB\-\-unresolved\fP[=false] only show advisories considered to be unresolved +.PP +\fB\-\-updated\-before\fP="" + filter advisories updated before a given date + +.PP +\fB\-\-updated\-since\fP="" + filter advisories updated since a given date + .PP \fB\-V\fP, \fB\-\-vuln\fP="" vulnerability ID for advisory +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-advisory(1)\fP diff --git a/docs/man/man1/wolfictl-advisory-secdb.1 b/docs/man/man1/wolfictl-advisory-secdb.1 index 86248b9d5..f9f4e57fb 100644 --- a/docs/man/man1/wolfictl-advisory-secdb.1 +++ b/docs/man/man1/wolfictl-advisory-secdb.1 @@ -49,6 +49,16 @@ Build an Alpine\-style security database from advisory data URL scheme and hostname for the package repository +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-advisory(1)\fP diff --git a/docs/man/man1/wolfictl-advisory-update.1 b/docs/man/man1/wolfictl-advisory-update.1 index 498da7a19..a6f8ed36e 100644 --- a/docs/man/man1/wolfictl-advisory-update.1 +++ b/docs/man/man1/wolfictl-advisory-update.1 @@ -100,6 +100,16 @@ required fields are missing. vulnerability ID for advisory +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-advisory(1)\fP diff --git a/docs/man/man1/wolfictl-advisory-validate.1 b/docs/man/man1/wolfictl-advisory-validate.1 index ec4045929..07993c3fd 100644 --- a/docs/man/man1/wolfictl-advisory-validate.1 +++ b/docs/man/man1/wolfictl-advisory-validate.1 @@ -108,7 +108,7 @@ print an error message that specifies where and how the data is invalid. URL of the APK package repository .PP -\fB\-\-skip\-alias\fP[=false] +\fB\-\-skip\-alias\fP[=true] skip alias completeness validation .PP @@ -124,6 +124,16 @@ print an error message that specifies where and how the data is invalid. logging verbosity (v = info, vv = debug, default is none) +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP -\fBwolfictl\-advisory(1)\fP +\fBwolfictl\-advisory(1)\fP, \fBwolfictl\-advisory\-validate\-fixes(1)\fP diff --git a/docs/man/man1/wolfictl-advisory.1 b/docs/man/man1/wolfictl-advisory.1 index 943e5068f..a9fcabf74 100644 --- a/docs/man/man1/wolfictl-advisory.1 +++ b/docs/man/man1/wolfictl-advisory.1 @@ -24,6 +24,16 @@ Commands for consuming and maintaining security advisory data help for advisory +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP -\fBwolfictl(1)\fP, \fBwolfictl\-advisory\-alias(1)\fP, \fBwolfictl\-advisory\-create(1)\fP, \fBwolfictl\-advisory\-diff(1)\fP, \fBwolfictl\-advisory\-discover(1)\fP, \fBwolfictl\-advisory\-list(1)\fP, \fBwolfictl\-advisory\-secdb(1)\fP, \fBwolfictl\-advisory\-update(1)\fP, \fBwolfictl\-advisory\-validate(1)\fP +\fBwolfictl(1)\fP, \fBwolfictl\-advisory\-alias(1)\fP, \fBwolfictl\-advisory\-copy(1)\fP, \fBwolfictl\-advisory\-create(1)\fP, \fBwolfictl\-advisory\-diff(1)\fP, \fBwolfictl\-advisory\-discover(1)\fP, \fBwolfictl\-advisory\-guide(1)\fP, \fBwolfictl\-advisory\-list(1)\fP, \fBwolfictl\-advisory\-osv(1)\fP, \fBwolfictl\-advisory\-secdb(1)\fP, \fBwolfictl\-advisory\-update(1)\fP, \fBwolfictl\-advisory\-validate(1)\fP diff --git a/docs/man/man1/wolfictl-apk.1 b/docs/man/man1/wolfictl-apk.1 index 4b44c3b5d..2f580420d 100644 --- a/docs/man/man1/wolfictl-apk.1 +++ b/docs/man/man1/wolfictl-apk.1 @@ -16,19 +16,21 @@ wolfictl\-apk \- .SH DESCRIPTION .SH OPTIONS -.PP -\fB\-\-arch\fP="x86\_64" - arch of package to get - .PP \fB\-h\fP, \fB\-\-help\fP[=false] help for apk + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + .PP -\fB\-\-repo\fP="wolfi" - repo to get packages from +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) .SH SEE ALSO .PP -\fBwolfictl(1)\fP +\fBwolfictl(1)\fP, \fBwolfictl\-apk\-cp(1)\fP, \fBwolfictl\-apk\-ls(1)\fP diff --git a/docs/man/man1/wolfictl-build.1 b/docs/man/man1/wolfictl-build.1 index 2e5737cbd..745ca5b62 100644 --- a/docs/man/man1/wolfictl-build.1 +++ b/docs/man/man1/wolfictl-build.1 @@ -16,10 +16,38 @@ wolfictl\-build \- .SH DESCRIPTION .SH OPTIONS +.PP +\fB\-a\fP, \fB\-\-annotations\fP=[] + key=value pairs to add to the pod spec annotations. The keys will be prefixed with 'melange.chainguard.dev/' on the pod. + .PP \fB\-\-arch\fP=[x86\_64,aarch64] arch of package to build +.PP +\fB\-\-bucket\fP="" + gcs bucket to upload results (experimental) + +.PP +\fB\-\-bundle\fP="" + bundle of work to do (experimental) + +.PP +\fB\-\-cache\-dir\fP="./melange\-cache/" + directory used for cached inputs + +.PP +\fB\-\-cache\-source\fP="" + directory or bucket used for preloading the cache + +.PP +\fB\-\-destination\-bucket\fP="" + bucket where packages are uploaded (experimental) + +.PP +\fB\-\-destination\-repository\fP="" + repo where packages will eventually be uploaded, used to skip existing packages (currently only supports http) + .PP \fB\-d\fP, \fB\-\-dir\fP="." directory to search for melange configs @@ -28,6 +56,10 @@ wolfictl\-build \- \fB\-\-dry\-run\fP[=false] print commands instead of executing them +.PP +\fB\-\-generate\-index\fP[=true] + whether to generate APKINDEX.tar.gz + .PP \fB\-h\fP, \fB\-\-help\fP[=false] help for build @@ -36,14 +68,26 @@ wolfictl\-build \- \fB\-j\fP, \fB\-\-jobs\fP=0 number of jobs to run concurrently (default is GOMAXPROCS) +.PP +\fB\-\-k8s\-namespace\fP="default" + namespace to deploy pods into for builds. + .PP \fB\-k\fP, \fB\-\-keyring\-append\fP=[ \[la]https://packages.wolfi.dev/os/wolfi-signing.rsa.pub\[ra]] path to extra keys to include in the build environment keyring .PP -\fB\-\-log\-dir\fP="buildlogs" - subdirectory where buildlogs will be written when specified (packages/$arch/buildlogs/$apk.log) +\fB\-\-machine\-family\fP="" + machine family for amd64 builds + +.PP +\fB\-\-namespace\fP="wolfi" + namespace to use in package URLs in SBOM (eg wolfi, alpine) + +.PP +\fB\-\-out\-dir\fP="" + directory where packages will be output .PP \fB\-\-pipeline\-dir\fP="" @@ -58,6 +102,32 @@ wolfictl\-build \- \fB\-\-runner\fP="docker" which runner to use to enable running commands, default is based on your platform. +.PP +\fB\-\-service\-account\fP="default" + service\-account to run pods as. + +.PP +\fB\-\-signing\-key\fP="" + key to use for signing + +.PP +\fB\-\-summary\fP="" + file to write build summary + +.PP +\fB\-\-trace\fP="" + where to write trace output + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + .SH SEE ALSO .PP diff --git a/docs/man/man1/wolfictl-bump.1 b/docs/man/man1/wolfictl-bump.1 index 6691ba192..bef3d220b 100644 --- a/docs/man/man1/wolfictl-bump.1 +++ b/docs/man/man1/wolfictl-bump.1 @@ -10,7 +10,7 @@ wolfictl\-bump \- Bumps the epoch field in melange configuration files .SH SYNOPSIS .PP -\fBwolfictl bump [flags] config[.yaml] [config[.yaml]...]\fP +\fBwolfictl bump config[.yaml] [config[.yaml]...]\fP .SH DESCRIPTION @@ -62,6 +62,16 @@ modifying anything in the filesystem. path to the wolfi/os repository +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH EXAMPLE .PP wolfictl bump openssh.yaml perl lib*.yaml diff --git a/docs/man/man1/wolfictl-check-diff.1 b/docs/man/man1/wolfictl-check-diff.1 index f5c3d86c5..50f6e10d7 100644 --- a/docs/man/man1/wolfictl-check-diff.1 +++ b/docs/man/man1/wolfictl-check-diff.1 @@ -41,6 +41,16 @@ Create a diff comparing proposed apk changes following a melange build, to the l directory containing new packages +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-check(1)\fP diff --git a/docs/man/man1/wolfictl-check-so-name.1 b/docs/man/man1/wolfictl-check-so-name.1 index 67582f603..20eb7ae5f 100644 --- a/docs/man/man1/wolfictl-check-so-name.1 +++ b/docs/man/man1/wolfictl-check-so-name.1 @@ -45,6 +45,16 @@ Check so name files have not changed in upgrade directory containing new packages +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-check(1)\fP diff --git a/docs/man/man1/wolfictl-check-update.1 b/docs/man/man1/wolfictl-check-update.1 index e1a8d737a..d0e2b5221 100644 --- a/docs/man/man1/wolfictl-check-update.1 +++ b/docs/man/man1/wolfictl-check-update.1 @@ -10,7 +10,7 @@ wolfictl\-check\-update \- Check Wolfi update configs .SH SYNOPSIS .PP -\fBwolfictl check update\fP +\fBwolfictl check update [config[.yaml]...]\fP .SH DESCRIPTION @@ -32,6 +32,16 @@ Check Wolfi update configs override the local melange config version to test an update works as expected +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-check(1)\fP diff --git a/docs/man/man1/wolfictl-check.1 b/docs/man/man1/wolfictl-check.1 index 0b80294ad..87520aa46 100644 --- a/docs/man/man1/wolfictl-check.1 +++ b/docs/man/man1/wolfictl-check.1 @@ -24,6 +24,16 @@ Subcommands used for CI checks in Wolfi help for check +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP, \fBwolfictl\-check\-diff(1)\fP, \fBwolfictl\-check\-so\-name(1)\fP, \fBwolfictl\-check\-update(1)\fP diff --git a/docs/man/man1/wolfictl-dot.1 b/docs/man/man1/wolfictl-dot.1 index 48c0944a4..6873a84e6 100644 --- a/docs/man/man1/wolfictl-dot.1 +++ b/docs/man/man1/wolfictl-dot.1 @@ -79,6 +79,16 @@ wolfictl dot \-\-web \-R \-S crane do a website +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP diff --git a/docs/man/man1/wolfictl-gh-gc-branch.1 b/docs/man/man1/wolfictl-gh-gc-branch.1 index 734e377fe..535713e42 100644 --- a/docs/man/man1/wolfictl-gh-gc-branch.1 +++ b/docs/man/man1/wolfictl-gh-gc-branch.1 @@ -39,6 +39,16 @@ wolfictl gh gc branch pattern to match branches against +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-gh\-gc(1)\fP diff --git a/docs/man/man1/wolfictl-gh-gc-issues.1 b/docs/man/man1/wolfictl-gh-gc-issues.1 index 50f4dc325..9f4994133 100644 --- a/docs/man/man1/wolfictl-gh-gc-issues.1 +++ b/docs/man/man1/wolfictl-gh-gc-issues.1 @@ -39,6 +39,16 @@ wolfictl gc issues pattern to match issues against +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-gh\-gc(1)\fP diff --git a/docs/man/man1/wolfictl-gh-gc.1 b/docs/man/man1/wolfictl-gh-gc.1 index 30d4d61c4..bf3ef7da0 100644 --- a/docs/man/man1/wolfictl-gh-gc.1 +++ b/docs/man/man1/wolfictl-gh-gc.1 @@ -24,6 +24,16 @@ Garbage collection commands used with GitHub help for gc +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-gh(1)\fP, \fBwolfictl\-gh\-gc\-branch(1)\fP, \fBwolfictl\-gh\-gc\-issues(1)\fP diff --git a/docs/man/man1/wolfictl-gh-release.1 b/docs/man/man1/wolfictl-gh-release.1 index b8eecbf92..c310ec1fa 100644 --- a/docs/man/man1/wolfictl-gh-release.1 +++ b/docs/man/man1/wolfictl-gh-release.1 @@ -53,6 +53,16 @@ wolfictl gh release \-\-bump\-prerelease\-with\-prefix rc help for release +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-gh(1)\fP diff --git a/docs/man/man1/wolfictl-gh.1 b/docs/man/man1/wolfictl-gh.1 index f0b1af4d8..d029c4b02 100644 --- a/docs/man/man1/wolfictl-gh.1 +++ b/docs/man/man1/wolfictl-gh.1 @@ -24,6 +24,16 @@ Commands used to interact with GitHub help for gh +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP, \fBwolfictl\-gh\-gc(1)\fP, \fBwolfictl\-gh\-release(1)\fP diff --git a/docs/man/man1/wolfictl-image-apk.1 b/docs/man/man1/wolfictl-image-apk.1 index d27d25881..d6c0045ed 100644 --- a/docs/man/man1/wolfictl-image-apk.1 +++ b/docs/man/man1/wolfictl-image-apk.1 @@ -32,6 +32,16 @@ Show APK(s) in a container image help for apk +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH EXAMPLE .PP # Show all APKs in an image diff --git a/docs/man/man1/wolfictl-image.1 b/docs/man/man1/wolfictl-image.1 index a958205ce..aa86b5e65 100644 --- a/docs/man/man1/wolfictl-image.1 +++ b/docs/man/man1/wolfictl-image.1 @@ -24,6 +24,16 @@ wolfictl\-image \- (Experimental) Commands for working with container images tha help for image +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP, \fBwolfictl\-image\-apk(1)\fP diff --git a/docs/man/man1/wolfictl-lint-yam.1 b/docs/man/man1/wolfictl-lint-yam.1 index 4fb824b40..62c4979be 100644 --- a/docs/man/man1/wolfictl-lint-yam.1 +++ b/docs/man/man1/wolfictl-lint-yam.1 @@ -21,6 +21,16 @@ wolfictl\-lint\-yam \- help for yam +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl\-lint(1)\fP diff --git a/docs/man/man1/wolfictl-lint.1 b/docs/man/man1/wolfictl-lint.1 index f5d0699d1..398631994 100644 --- a/docs/man/man1/wolfictl-lint.1 +++ b/docs/man/man1/wolfictl-lint.1 @@ -27,13 +27,23 @@ Lint the code \fB\-l\fP, \fB\-\-list\fP[=false] prints the all of available rules and exits +.PP +\fB\-s\fP, \fB\-\-severity\fP="warning" + minimum severity level to report (error, warning, info) + .PP \fB\-\-skip\-rule\fP=[] list of rules to skip + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + .PP -\fB\-v\fP, \fB\-\-verbose\fP[=false] - verbose output +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) .SH SEE ALSO diff --git a/docs/man/man1/wolfictl-scan.1 b/docs/man/man1/wolfictl-scan.1 index 29ae3bf45..5bb062003 100644 --- a/docs/man/man1/wolfictl-scan.1 +++ b/docs/man/man1/wolfictl-scan.1 @@ -53,8 +53,8 @@ By default, the command will print all vulnerabilities found in the package(s) to stdout. You can filter the vulnerabilities shown using existing local advisory data. To do this, you must first clone the advisory data from the advisories repository for the distro whose packages you are scanning. You -specify the path to each local advisories repository using the -\-\-advisories\-repo\-dir flag for each repository. Then, you can use the +specify the path to the local advisories repository using the +\-\-advisories\-repo\-dir flag for the repository. Then, you can use the "\-\-advisory\-filter" flag to specify which set of advisories to use for filtering. The following sets of advisories are available: @@ -130,8 +130,8 @@ found and the \-\-require\-zero flag is specified. .SH OPTIONS .PP -\fB\-a\fP, \fB\-\-advisories\-repo\-dir\fP=[] - local directory for advisory data +\fB\-a\fP, \fB\-\-advisories\-repo\-dir\fP="" + directory containing the advisories repository .PP \fB\-f\fP, \fB\-\-advisory\-filter\fP="" @@ -165,6 +165,11 @@ found and the \-\-require\-zero flag is specified. \fB\-r\fP, \fB\-\-remote\fP[=false] treat input(s) as the name(s) of package(s) in the Wolfi package repository to download and scan the latest versions of +.PP +\fB\-\-repository\fP=" +\[la]https://packages.wolfi.dev/os"\[ra] + URL of the APK package repository + .PP \fB\-\-require\-zero\fP[=false] exit 1 if any vulnerabilities are found @@ -177,6 +182,20 @@ found and the \-\-require\-zero flag is specified. \fB\-\-use\-cpes\fP[=false] turn on all CPE matching in Grype +.PP +\fB\-v\fP, \fB\-\-verbose\fP[=0] + logging verbosity (v = info, vv = debug, default is none) + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + .SH EXAMPLE diff --git a/docs/man/man1/wolfictl-text.1 b/docs/man/man1/wolfictl-text.1 index 957eff0fe..f7f642484 100644 --- a/docs/man/man1/wolfictl-text.1 +++ b/docs/man/man1/wolfictl-text.1 @@ -50,6 +50,16 @@ Print a sorted list of downstream dependent packages What type of text to emit; values can be one of: [target makefile name version name\-version] +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP diff --git a/docs/man/man1/wolfictl-update-package.1 b/docs/man/man1/wolfictl-update-package.1 index e1757f7ee..4b908beb6 100644 --- a/docs/man/man1/wolfictl-update-package.1 +++ b/docs/man/man1/wolfictl-update-package.1 @@ -53,6 +53,16 @@ wolfictl\-update\-package \- Proposes a single melange package update via a pull version to bump melange package to +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH EXAMPLE .PP wolfictl update package cheese \-\-version v1.2.3 \-\-target\-repo diff --git a/docs/man/man1/wolfictl-update.1 b/docs/man/man1/wolfictl-update.1 index 5001e9b32..7f359af8a 100644 --- a/docs/man/man1/wolfictl-update.1 +++ b/docs/man/man1/wolfictl-update.1 @@ -69,6 +69,16 @@ Proposes melange package update(s) via a pull request enable gitsign to sign the git commits +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP, \fBwolfictl\-update\-package(1)\fP diff --git a/docs/man/man1/wolfictl-version.1 b/docs/man/man1/wolfictl-version.1 index 4f137301b..3f0c950cd 100644 --- a/docs/man/man1/wolfictl-version.1 +++ b/docs/man/man1/wolfictl-version.1 @@ -28,6 +28,16 @@ Prints the version print JSON instead of text +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH SEE ALSO .PP \fBwolfictl(1)\fP diff --git a/docs/man/man1/wolfictl-withdraw.1 b/docs/man/man1/wolfictl-withdraw.1 index c729a13fd..ec462c91c 100644 --- a/docs/man/man1/wolfictl-withdraw.1 +++ b/docs/man/man1/wolfictl-withdraw.1 @@ -10,7 +10,7 @@ wolfictl\-withdraw \- Withdraw packages from an APKINDEX.tar.gz .SH SYNOPSIS .PP -\fBwolfictl withdraw [flags] example\-pkg\-1.2.3\-r4\fP +\fBwolfictl withdraw example\-pkg\-1.2.3\-r4\fP .SH DESCRIPTION @@ -28,6 +28,16 @@ Withdraw packages from an APKINDEX.tar.gz the signing key to use +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + + .SH EXAMPLE .PP withdraw \-\-signing\-key ./foo.rsa example\-pkg\-1.2.3\-r4 also\-bad\-2.3.4\-r1 new/APKINDEX.tar.gz diff --git a/docs/man/man1/wolfictl.1 b/docs/man/man1/wolfictl.1 index b0ce8ade4..9bb5ef732 100644 --- a/docs/man/man1/wolfictl.1 +++ b/docs/man/man1/wolfictl.1 @@ -23,7 +23,15 @@ A CLI helper for developing Wolfi \fB\-h\fP, \fB\-\-help\fP[=false] help for wolfictl +.PP +\fB\-\-log\-level\fP="info" + log level (e.g. debug, info, warn, error) + +.PP +\fB\-\-log\-policy\fP=[builtin:stderr] + log policy (e.g. builtin:stderr, /tmp/log/foo) + .SH SEE ALSO .PP -\fBwolfictl\-advisory(1)\fP, \fBwolfictl\-apk(1)\fP, \fBwolfictl\-build(1)\fP, \fBwolfictl\-bump(1)\fP, \fBwolfictl\-check(1)\fP, \fBwolfictl\-dot(1)\fP, \fBwolfictl\-gh(1)\fP, \fBwolfictl\-image(1)\fP, \fBwolfictl\-index(1)\fP, \fBwolfictl\-lint(1)\fP, \fBwolfictl\-scan(1)\fP, \fBwolfictl\-text(1)\fP, \fBwolfictl\-update(1)\fP, \fBwolfictl\-version(1)\fP, \fBwolfictl\-withdraw(1)\fP +\fBwolfictl\-advisory(1)\fP, \fBwolfictl\-apk(1)\fP, \fBwolfictl\-build(1)\fP, \fBwolfictl\-bump(1)\fP, \fBwolfictl\-bundle(1)\fP, \fBwolfictl\-check(1)\fP, \fBwolfictl\-dot(1)\fP, \fBwolfictl\-gh(1)\fP, \fBwolfictl\-image(1)\fP, \fBwolfictl\-lint(1)\fP, \fBwolfictl\-ruby(1)\fP, \fBwolfictl\-scan(1)\fP, \fBwolfictl\-test(1)\fP, \fBwolfictl\-text(1)\fP, \fBwolfictl\-update(1)\fP, \fBwolfictl\-version(1)\fP, \fBwolfictl\-withdraw(1)\fP diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go index c17f2c0fd..7d2f9d84a 100644 --- a/pkg/cli/scan.go +++ b/pkg/cli/scan.go @@ -14,6 +14,7 @@ import ( "strings" "chainguard.dev/apko/pkg/apk/apk" + "chainguard.dev/apko/pkg/apk/auth" sbomSyft "github.com/anchore/syft/syft/sbom" "github.com/chainguard-dev/clog" "github.com/charmbracelet/lipgloss" @@ -25,7 +26,6 @@ import ( "github.com/wolfi-dev/wolfictl/pkg/configs" v2 "github.com/wolfi-dev/wolfictl/pkg/configs/advisory/v2" rwos "github.com/wolfi-dev/wolfictl/pkg/configs/rwfs/os" - "github.com/wolfi-dev/wolfictl/pkg/index" "github.com/wolfi-dev/wolfictl/pkg/sbom" "github.com/wolfi-dev/wolfictl/pkg/scan" "github.com/wolfi-dev/wolfictl/pkg/versions" @@ -357,6 +357,7 @@ type scanParams struct { disableSBOMCache bool triageWithGoVulnCheck bool remoteScanning bool + remoteRepository string useCPEMatching bool verbosity int } @@ -374,6 +375,7 @@ func (p *scanParams) addFlagsTo(cmd *cobra.Command) { cmd.Flags().BoolVar(&p.triageWithGoVulnCheck, "govulncheck", false, "EXPERIMENTAL: triage vulnerabilities in Go binaries using govulncheck") _ = cmd.Flags().MarkHidden("govulncheck") //nolint:errcheck cmd.Flags().BoolVarP(&p.remoteScanning, "remote", "r", false, "treat input(s) as the name(s) of package(s) in the Wolfi package repository to download and scan the latest versions of") + cmd.Flags().StringVar(&p.remoteRepository, "repository", "https://packages.wolfi.dev/os", "URL of the APK package repository") cmd.Flags().BoolVar(&p.useCPEMatching, "use-cpes", false, "turn on all CPE matching in Grype") addVerboseFlag(&p.verbosity, cmd) } @@ -403,7 +405,7 @@ func (p *scanParams) resolveInputsToScan(ctx context.Context, args []string) (in } for _, arg := range args { - targetPaths, cleanup, err := resolveInputForRemoteTarget(ctx, arg) + targetPaths, cleanup, err := resolveInputForRemoteTarget(ctx, arg, p.remoteRepository) if err != nil { return nil, nil, fmt.Errorf("failed to resolve input %q for remote scanning: %w", arg, err) } @@ -606,6 +608,18 @@ func resolveInputFileFromArg(inputFilePath string) (*os.File, error) { } } +// getAPKIndexURL returns the URL of the APKINDEX.tar.gz file for the given +// repository and architecture. If the repository URL already points to an +// APKINDEX.tar.gz file, it will be returned as-is. User input may or may not +// have included the architecture or the APKINDEX.tar.gz suffix, so construct +// the full URL to provide better UX. +func getAPKIndexURL(repositoryURL, arch string) string { + if strings.HasSuffix(repositoryURL, "/x86_64/APKINDEX.tar.gz") || strings.HasSuffix(repositoryURL, "/aarch64/APKINDEX.tar.gz") { + return repositoryURL + } + return fmt.Sprintf("%s/%s/APKINDEX.tar.gz", repositoryURL, arch) +} + // resolveInputForRemoteTarget takes the given input string, which is expected // to be the name of a Wolfi package (or subpackage), and it queries the Wolfi // APK repository to find the latest version of the package for each @@ -615,13 +629,14 @@ func resolveInputFileFromArg(inputFilePath string) (*os.File, error) { // For example, given the input value "calico", this function will find the // latest version of the package (e.g. "calico-3.26.3-r3.apk") and download it // for each architecture. -func resolveInputForRemoteTarget(ctx context.Context, input string) (downloadedAPKFilePaths []string, cleanup func() error, err error) { +func resolveInputForRemoteTarget(ctx context.Context, input, repository string) (downloadedAPKFilePaths []string, cleanup func() error, err error) { logger := clog.FromContext(ctx) archesFound := 0 for _, arch := range []string{"x86_64", "aarch64"} { - const apkRepositoryURL = "https://packages.wolfi.dev/os" - apkindex, err := index.Index(arch, apkRepositoryURL) + // Since index.Index function doesn't respect the `$HTTP_AUTH`, use + // fetchAPKIndex function instead. + apkindex, _, err := fetchAPKIndex(ctx, getAPKIndexURL(repository, arch)) if err != nil { return nil, nil, fmt.Errorf("getting APKINDEX: %w", err) } @@ -651,7 +666,7 @@ func resolveInputForRemoteTarget(ctx context.Context, input string) (downloadedA break } } - downloadURL := fmt.Sprintf("%s/%s/%s", apkRepositoryURL, arch, latestPkg.Filename()) + downloadURL := fmt.Sprintf("%s/%s/%s", repository, arch, latestPkg.Filename()) apkTempFileName := fmt.Sprintf("%s-%s-%s-*.apk", arch, input, latestVersion) tmpFile, err := os.CreateTemp("", apkTempFileName) @@ -665,6 +680,7 @@ func resolveInputForRemoteTarget(ctx context.Context, input string) (downloadedA return nil, nil, fmt.Errorf("creating request for %q: %w", downloadURL, err) } + auth.DefaultAuthenticators.AddAuth(ctx, req) logger.Debug("downloading APK", "url", downloadURL) resp, err := http.DefaultClient.Do(req) if err != nil {