search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.61k stars 309 forks source link

Re-resolve / delete stored provenance information if downloading it in the scanner fails #8311

Open sschuberth opened 8 months ago

sschuberth commented 8 months ago

Sometimes, a provenance resolved successfully to some fixed revision, but at a later point in time the host disappeared (e.g. svn.codehaus.org). In that case, the resolved provenance is retrieved from the database and passed to the scanner wrapper, but the scanner implementation will fail to download it. See e.g. this data

  - provenance:
      vcs_info:
        type: "Subversion"
        url: "https://svn.codehaus.org/plexus/plexus-containers"
        revision: "981837"
        path: ""
      resolved_revision: "981837"
    scanner:
      name: "DOS"
      version: "1.0"
      configuration: ""
    summary:
      start_time: "2024-02-19T16:05:39.209930165Z"
      end_time: "2024-02-19T16:05:39.266308013Z"
      issues:
      - timestamp: "2024-02-19T16:05:39.265568285Z"
        source: "DOS"
        message: "IOException: Unable to initialize a Subversion working tree in '/tmp/ort-DefaultWorkingTreeCache4990696171266543978'\
          \ from https://svn.codehaus.org/plexus/plexus-containers.\nCaused by: SVNException:\
          \ svn: E175002: unknown host\nsvn: E175002: OPTIONS request failed on '/plexus/plexus-containers'\n\
          \    Caused by: UnknownHostException: svn.codehaus.org: Name or service\
          \ not known"
        severity: "ERROR"

In such a case it would be nice if the scanner implementation had a way to either trigger re-resolution of the provenance immediately, or at least delete the stored provenance to trigger re-resolution on the next run.

sschuberth commented 8 months ago

or at least delete the stored provenance

@fviernau do we happen to have a helper-cli command for this. maybe?

fviernau commented 8 months ago

@fviernau do we happen to have a helper-cli command for this. maybe?

not that I'm aware of. orthw has a commad to delete the resolved provenance entries.

sschuberth commented 8 months ago

orthw has a commad to delete the resolved provenance entries.

Note to myself:

https://github.com/oss-review-toolkit/orthw/blob/727d6dd4ba645872dd4cd5acb038232ba7d10a11/orthw#L666-L682