[elbe-devel] [PATCH] elbepack: cyclonedx-sbom: handle repositories without components

[Thomas Weißschuh]

It is valid for a Debian repository to not have subdirectories per
component. Handle these in 'elbe cyclonedx sbom'.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
---
 elbepack/commands/cyclonedx-sbom.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/elbepack/commands/cyclonedx-sbom.py b/elbepack/commands/cyclonedx-sbom.py
index deffd4e93a1f5dd709082f64fc0a18b49fbfd862..4fd8616d75deafa50dc6b9deb45cf5c601e07764 100644
--- a/elbepack/commands/cyclonedx-sbom.py
+++ b/elbepack/commands/cyclonedx-sbom.py
@@ -51,15 +51,18 @@ def _remove_empty_fields(dict):
 def _repository_url(uri):
     uri_parts = uri.split('/')
     if len(uri_parts) < 6:
-        raise ValueError('URI needs to be in pool layout, and pool being the 5th or 6th segment')
-    if uri_parts[-5] == 'pool':
+        raise ValueError('URI needs to be in pool layout')
+    if uri_parts[-4] == 'pool':
+        # http://deb.debian.org/debian/pool/a/adduser/adduser_3.134_all.deb
+        return '/'.join(uri_parts[:-4])
+    elif uri_parts[-5] == 'pool':
         # http://deb.debian.org/debian/pool/main/a/adduser/adduser_3.134_all.deb
         return '/'.join(uri_parts[:-5])
     elif uri_parts[-6] == 'pool':
         # http://deb.debian.org/debian-security/pool/updates/main/u/util-linux/bsdutils_2.38.1-5%2bdeb12u1_amd64.deb
         return '/'.join(uri_parts[:-6])
     else:
-        raise ValueError('URI needs to be in pool layout, and pool being the 5th or 6th segment')
+        raise ValueError('URI needs to be in pool layout')
 
 
 def _purl_from_pkg(pkg):

---
base-commit: 2fd301beadb3b4c7e7318bdd9a41ea582ce3bf29
change-id: 20250203-cyclonedx-sbom-no-component-6d28923d7553

Best regards,
-- 
Thomas Weißschuh <thomas.weissschuh at linutronix.de>