search

GitGuardian / ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
https://gitguardian.com
MIT License
1.67k stars 150 forks source link

RPM Depends on `git` Instead of `git-core` #983

Open rgajason opened 1 week ago

rgajason commented 1 week ago

Environment

Describe the bug

The GGShield RPM has a dependency on git vs git-core, which pulls in dozens of other dependencies on RHEL/UBI systems.

Here's an example of all the extra packages that git pulls in on a UBI9 container:

$ sudo dnf install git
Last metadata expiration check: 3:51:44 ago on Mon Oct 14 22:11:32 2024.
Dependencies resolved.
===================================================================================================================================
 Package                               Architecture          Version                                Repository                Size
===================================================================================================================================
Installing:
 git                                   x86_64                2.43.5-1.el9_4                         appstream                 50 k
Installing dependencies:
 emacs-filesystem                      noarch                1:27.2-10.el9_4                        appstream                7.6 k
 git-core                              x86_64                2.43.5-1.el9_4                         appstream                4.4 M
 git-core-doc                          noarch                2.43.5-1.el9_4                         appstream                2.7 M
 groff-base                            x86_64                1.22.4-10.el9                          baseos                   1.0 M
 libcbor                               x86_64                0.7.0-5.el9                            baseos                    56 k
 libedit                               x86_64                3.1-38.20210216cvs.el9                 baseos                   103 k
 libfido2                              x86_64                1.13.0-2.el9                           baseos                    97 k
 ncurses                               x86_64                6.2-10.20210508.el9                    baseos                   399 k
 openssh                               x86_64                8.7p1-38.el9_4.4                       baseos                   457 k
 openssh-clients                       x86_64                8.7p1-38.el9_4.4                       baseos                   713 k
 perl-AutoLoader                       noarch                5.74-481.el9                           appstream                 20 k
 perl-B                                x86_64                1.80-481.el9                           appstream                178 k
 perl-Carp                             noarch                1.50-460.el9                           appstream                 29 k
 perl-Class-Struct                     noarch                0.66-481.el9                           appstream                 21 k
 perl-Data-Dumper                      x86_64                2.174-462.el9                          appstream                 55 k
 perl-Digest                           noarch                1.19-4.el9                             appstream                 25 k
 perl-Digest-MD5                       x86_64                2.58-4.el9                             appstream                 36 k
 perl-DynaLoader                       x86_64                1.47-481.el9                           appstream                 24 k
 perl-Encode                           x86_64                4:3.08-462.el9                         appstream                1.7 M
 perl-Errno                            x86_64                1.30-481.el9                           appstream                 13 k
 perl-Error                            noarch                1:0.17029-7.el9                        appstream                 41 k
 perl-Exporter                         noarch                5.74-461.el9                           appstream                 31 k
 perl-Fcntl                            x86_64                1.13-481.el9                           appstream                 19 k
 perl-File-Basename                    noarch                2.85-481.el9                           appstream                 16 k
 perl-File-Find                        noarch                1.37-481.el9                           appstream                 24 k
 perl-File-Path                        noarch                2.18-4.el9                             appstream                 35 k
 perl-File-Temp                        noarch                1:0.231.100-4.el9                      appstream                 59 k
 perl-File-stat                        noarch                1.09-481.el9                           appstream                 16 k
 perl-FileHandle                       noarch                2.03-481.el9                           appstream                 14 k
 perl-Getopt-Long                      noarch                1:2.52-4.el9                           appstream                 60 k
 perl-Getopt-Std                       noarch                1.12-481.el9                           appstream                 14 k
 perl-Git                              noarch                2.43.5-1.el9_4                         appstream                 37 k
 perl-HTTP-Tiny                        noarch                0.076-462.el9                          appstream                 53 k
 perl-IO                               x86_64                1.43-481.el9                           appstream                 85 k
 perl-IO-Socket-IP                     noarch                0.41-5.el9                             appstream                 42 k
 perl-IO-Socket-SSL                    noarch                2.073-1.el9                            appstream                217 k
 perl-IPC-Open3                        noarch                1.21-481.el9                           appstream                 21 k
 perl-MIME-Base64                      x86_64                3.16-4.el9                             appstream                 30 k
 perl-Mozilla-CA                       noarch                20200520-6.el9                         appstream                 12 k
 perl-Net-SSLeay                       x86_64                1.92-2.el9                             appstream                365 k
 perl-POSIX                            x86_64                1.94-481.el9                           appstream                 95 k
 perl-PathTools                        x86_64                3.78-461.el9                           appstream                 85 k
 perl-Pod-Escapes                      noarch                1:1.07-460.el9                         appstream                 20 k
 perl-Pod-Perldoc                      noarch                3.28.01-461.el9                        appstream                 83 k
 perl-Pod-Simple                       noarch                1:3.42-4.el9                           appstream                215 k
 perl-Pod-Usage                        noarch                4:2.01-4.el9                           appstream                 40 k
 perl-Scalar-List-Utils                x86_64                4:1.56-461.el9                         appstream                 71 k
 perl-SelectSaver                      noarch                1.02-481.el9                           appstream                 10 k
 perl-Socket                           x86_64                4:2.031-4.el9                          appstream                 54 k
 perl-Storable                         x86_64                1:3.21-460.el9                         appstream                 95 k
 perl-Symbol                           noarch                1.08-481.el9                           appstream                 13 k
 perl-Term-ANSIColor                   noarch                5.01-461.el9                           appstream                 48 k
 perl-Term-Cap                         noarch                1.17-460.el9                           appstream                 22 k
 perl-TermReadKey                      x86_64                2.38-11.el9                            appstream                 36 k
 perl-Text-ParseWords                  noarch                3.30-460.el9                           appstream                 16 k
 perl-Text-Tabs+Wrap                   noarch                2013.0523-460.el9                      appstream                 23 k
 perl-Time-Local                       noarch                2:1.300-7.el9                          appstream                 33 k
 perl-URI                              noarch                5.09-3.el9                             appstream                108 k
 perl-base                             noarch                2.27-481.el9                           appstream                 15 k
 perl-constant                         noarch                1.33-461.el9                           appstream                 23 k
 perl-if                               noarch                0.60.800-481.el9                       appstream                 13 k
 perl-interpreter                      x86_64                4:5.32.1-481.el9                       appstream                 70 k
 perl-lib                              x86_64                0.65-481.el9                           appstream                 13 k
 perl-libnet                           noarch                3.13-4.el9                             appstream                125 k
 perl-libs                             x86_64                4:5.32.1-481.el9                       appstream                2.0 M
 perl-mro                              x86_64                1.23-481.el9                           appstream                 27 k
 perl-overload                         noarch                1.31-481.el9                           appstream                 44 k
 perl-overloading                      noarch                0.02-481.el9                           appstream                 11 k
 perl-parent                           noarch                1:0.238-460.el9                        appstream                 14 k
 perl-podlators                        noarch                1:4.14-460.el9                         appstream                112 k
 perl-subs                             noarch                1.03-481.el9                           appstream                 10 k
 perl-vars                             noarch                1.05-481.el9                           appstream                 12 k
Installing weak dependencies:
 perl-NDBM_File                        x86_64                1.15-481.el9                           appstream                 21 k

Transaction Summary
===================================================================================================================================
Install  74 Packages

...compared to just git-core:

$ sudo dnf install git-core
Last metadata expiration check: 3:51:52 ago on Mon Oct 14 22:11:32 2024.
Dependencies resolved.
===================================================================================================================================
 Package                          Architecture            Version                                 Repository                  Size
===================================================================================================================================
Installing:
 git-core                         x86_64                  2.43.5-1.el9_4                          appstream                  4.4 M
Installing dependencies:
 libcbor                          x86_64                  0.7.0-5.el9                             baseos                      56 k
 libedit                          x86_64                  3.1-38.20210216cvs.el9                  baseos                     103 k
 libfido2                         x86_64                  1.13.0-2.el9                            baseos                      97 k
 openssh                          x86_64                  8.7p1-38.el9_4.4                        baseos                     457 k
 openssh-clients                  x86_64                  8.7p1-38.el9_4.4                        baseos                     713 k

Transaction Summary
===================================================================================================================================
Install  6 Packages

The full git package only adds these features:

git-contacts
git-credential-netrc
git-filter-branch
git-request-pull

I don't believe that GGShield uses any of those from the Git client directly, so it should be safe to depend on git-core instead.

agateau-gg commented 6 days ago

Indeed, we should be able to depend only on git-core.