Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong layer attribution for alpine package #645

Closed
cdupuis opened this issue Nov 24, 2021 · 9 comments
Closed

Wrong layer attribution for alpine package #645

cdupuis opened this issue Nov 24, 2021 · 9 comments
Labels
bug Something isn't working duplicate This issue or pull request already exists

Comments

@cdupuis
Copy link

cdupuis commented Nov 24, 2021
edited
Loading

What happened:

When running syft node@sha256:6cf4fe67db0c1e052ab251daab39e43a381a74c3738fe8207e613e416d9c30f8 -o json > syft.json the result attributes the busybox package to a layer from the node image although IMHO this package comes in via the alpine base image:

{
   "id": "9435103896917783387",
   "name": "busybox",
   "version": "1.31.1-r20",
   "type": "apk",
   "foundBy": "apkdb-cataloger",
   "locations": [
    {
     "path": "/lib/apk/db/installed",
     "layerID": "sha256:00b9e9075c3a2a8e3dbfe1f4392d1ef11bf4613a2185cc018c632b5ad9196be3"
    }
   ],
   "licenses": [
    "GPL-2.0-only"
   ],
   "language": "",
   "cpes": [
    "cpe:2.3:a:busybox:busybox:1.31.1-r20:*:*:*:*:*:*:*"
   ],
   "purl": "pkg:alpine/[email protected]?arch=armhf",
   "metadataType": "ApkMetadata",
   "metadata": {
    "package": "busybox",
    "originPackage": "busybox",
    "maintainer": "Natanael Copa <[email protected]>",
    "version": "1.31.1-r20",
    "license": "GPL-2.0-only",
    "architecture": "armhf",
    "url": "https://busybox.net/",
    "description": "Size optimized toolbox of many common UNIX utilities",
    "size": 559775,
    "installedSize": 1097728,
    "pullDependencies": "so:libc.musl-armhf.so.1",
    "pullChecksum": "Q1oZjDjOsaBORalBQuzY82AYaUEto=",
    "gitCommitOfApkPort": "0d639f13e315e43a11821d963031ed5b49b15a15",
    "files": [
     {
      "path": "/bin"
     },
     {
      "path": "/bin/busybox",
      "ownerUid": "0",
      "ownerGid": "0",
      "permissions": "755",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1SS58GcbDD3iosP6ILqzN0LstpzA="
      }
     },
     {
      "path": "/bin/sh",
      "ownerUid": "0",
      "ownerGid": "0",
      "permissions": "777",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1pcfTfDNEbNKQc2s1tia7da05M8Q="
      }
     },
     {
      "path": "/etc"
     },
     {
      "path": "/etc/securetty",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1RpeOldjaFVFDbjnK5fzpLGtxunM="
      }
     },
     {
      "path": "/etc/udhcpd.conf",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1UAiPZcDIW1ClRzobfggcCQ77V28="
      }
     },
     {
      "path": "/etc/logrotate.d"
     },
     {
      "path": "/etc/logrotate.d/acpid",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1TylyCINVmnS+A/Tead4vZhE7Bks="
      }
     },
     {
      "path": "/etc/network"
     },
     {
      "path": "/etc/network/if-down.d"
     },
     {
      "path": "/etc/network/if-post-down.d"
     },
     {
      "path": "/etc/network/if-post-up.d"
     },
     {
      "path": "/etc/network/if-pre-down.d"
     },
     {
      "path": "/etc/network/if-pre-up.d"
     },
     {
      "path": "/etc/network/if-up.d"
     },
     {
      "path": "/etc/network/if-up.d/dad",
      "ownerUid": "0",
      "ownerGid": "0",
      "permissions": "775",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1hlxd3qExrihH8bYxDQ3i7TsM/44="
      }
     },
     {
      "path": "/sbin"
     },
     {
      "path": "/tmp",
      "ownerUid": "0",
      "ownerGid": "0",
      "permissions": "1777"
     },
     {
      "path": "/usr"
     },
     {
      "path": "/usr/sbin"
     },
     {
      "path": "/usr/share"
     },
     {
      "path": "/usr/share/udhcpc"
     },
     {
      "path": "/usr/share/udhcpc/default.script",
      "ownerUid": "0",
      "ownerGid": "0",
      "permissions": "755",
      "digest": {
       "algorithm": "sha1",
       "value": "Q1N2KRDz/R6RqKhGqujQ4Y6EokMXY="
      }
     },
     {
      "path": "/var"
     },
     {
      "path": "/var/cache"
     },
     {
      "path": "/var/cache/misc"
     },
     {
      "path": "/var/lib"
     },
     {
      "path": "/var/lib/udhcpd"
     }
    ]
   }
  }

This image contains the following layers:

{
  "schemaVersion": 2,
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "digest": "sha256:b650761d2c79e87bcc041d1a57f768bbb231d2508b445253744f46973c7b1b61",
    "size": 5613
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:b3e69bfc382676dcc8e89f289815a72b60fdf61e66e21d90b8851cbb4b5e3aeb",
      "size": 2606586
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:e3d238c7ffce0a57e2e74a8474b5821e66c91d9b588936594125682f0cecdc30",
      "size": 44695370
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:a594daab2b56a14ac7e06e0852a06fb135a0f7860b42275d074f9d6f0cb9a039",
      "size": 2400137
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:8d62b5671c64f127eb4aba53e68e31f386cd3030f093e89b03423c3626ead04e",
      "size": 453
    }
  ]
}

3 of the 4 layers contain the lib/apk/db/installed file. The 1st layer has busybox in its lib/apk/db/installed:

09:54 $ cat lib/apk/db/installed.1.b3e69bfc382676dcc8e89f289815a72b60fdf61e66e21d90b8851cbb4b5e3aeb 
C:Q1cFyJiuYSZK+Lzu0E6UvVnwQLwA4=
P:musl
V:1.1.24-r10
A:armhf
S:371451
I:598016
T:the musl c library (libc) implementation
U:https://musl.libc.org/
L:MIT
o:musl
m:Timo Teräs <[email protected]>
t:1605857858
c:908046ad5f96c4c1df5541ff4b0251767e110c85
p:so:libc.musl-armhf.so.1=1
F:lib
R:ld-musl-armhf.so.1
a:0:0:755
Z:Q1hDt7KqXYOVv3riGtMBvzQwPdllw=
R:libc.musl-armhf.so.1
a:0:0:777
Z:Q1nIC5KDc++AsuZFnKQtw6GsOp7eQ=

C:Q1oZjDjOsaBORalBQuzY82AYaUEto=
P:busybox
V:1.31.1-r20
A:armhf
S:559775
I:1097728
T:Size optimized toolbox of many common UNIX utilities
U:https://busybox.net/
L:GPL-2.0-only
o:busybox
m:Natanael Copa <[email protected]>
t:1617138378
c:0d639f13e315e43a11821d963031ed5b49b15a15
D:so:libc.musl-armhf.so.1
p:/bin/sh cmd:busybox cmd:sh
r:busybox-initscripts
F:bin
R:busybox
a:0:0:755
Z:Q1SS58GcbDD3iosP6ILqzN0LstpzA=
R:sh
a:0:0:777
Z:Q1pcfTfDNEbNKQc2s1tia7da05M8Q=
F:etc
R:securetty
Z:Q1RpeOldjaFVFDbjnK5fzpLGtxunM=
R:udhcpd.conf
Z:Q1UAiPZcDIW1ClRzobfggcCQ77V28=
F:etc/logrotate.d
R:acpid
Z:Q1TylyCINVmnS+A/Tead4vZhE7Bks=
F:etc/network
F:etc/network/if-down.d
F:etc/network/if-post-down.d
F:etc/network/if-post-up.d
F:etc/network/if-pre-down.d
F:etc/network/if-pre-up.d
F:etc/network/if-up.d
R:dad
a:0:0:775
Z:Q1hlxd3qExrihH8bYxDQ3i7TsM/44=
F:sbin
F:tmp
M:0:0:1777
F:usr
F:usr/sbin
F:usr/share
F:usr/share/udhcpc
R:default.script
a:0:0:755
Z:Q1N2KRDz/R6RqKhGqujQ4Y6EokMXY=
F:var
F:var/cache
F:var/cache/misc
F:var/lib
F:var/lib/udhcpd

Extracting the layer tar balls and diff'ing the lib/apk/db/installed file between the layers reveals the following:

✔ ~/Development
09:44 $ diff lib/apk/db/installed.1.b3e69bfc382676dcc8e89f289815a72b60fdf61e66e21d90b8851cbb4b5e3aeb lib/apk/db/installed.2.e3d238c7ffce0a57e2e74a8474b5821e66c91d9b588936594125682f0cecdc30 
583a584,629
> C:Q1vLsJuIVUJ2MC/ozkj71sQRUw9Yk=
> P:libgcc
> V:9.3.0-r2
> A:armhf
> S:18832
> I:53248
> T:GNU C compiler runtime libraries
> U:https://gcc.gnu.org
> L:GPL-2.0-or-later LGPL-2.1-or-later
> o:gcc
> m:Natanael Copa <[email protected]>
> t:1589798499
> c:1069d8331c7125eb84994d624d45579a660acc41
> D:so:libc.musl-armhf.so.1
> p:so:libgcc_s.so.1=1
> r:libstdc++ binutils
> F:usr
> F:usr/lib
> R:libgcc_s.so.1
> Z:Q1z7F22R/UCmFxa7nwVHQfR4HPCT0=
> 
> C:Q1rjCI5ln2KM9FFZkm50izkUWDwZ4=
> P:libstdc++
> V:9.3.0-r2
> A:armhf
> S:448319
> I:1396736
> T:GNU C++ standard runtime library
> U:https://gcc.gnu.org
> L:GPL-2.0-or-later LGPL-2.1-or-later
> o:gcc
> m:Natanael Copa <[email protected]>
> t:1589798499
> c:1069d8331c7125eb84994d624d45579a660acc41
> D:so:libc.musl-armhf.so.1 so:libgcc_s.so.1
> p:so:libstdc++.so.6=6.0.28
> r:libstdc++ binutils
> F:usr
> F:usr/lib
> R:libstdc++.so.6
> a:0:0:777
> Z:Q1XRF4iSaYuggdocGXkh0F6J/U2kI=
> R:libstdc++.so.6.0.28
> a:0:0:755
> Z:Q1vslol01MEBET/3WWiqkpyLtDCYA=
> 
✘-1 ~/Development
09:44 $ diff lib/apk/db/installed.2.e3d238c7ffce0a57e2e74a8474b5821e66c91d9b588936594125682f0cecdc30 lib/apk/db/installed.3.a594daab2b56a14ac7e06e0852a06fb135a0f7860b42275d074f9d6f0cb9a039 
✔ ~/Development

To me this shows that none of the layers modify the lib/apk/db/installed to add the busybox package and that it really comes from the first layer and not from the 3rd layer as reported by syft.

The downstream consequence of this bug is that CVE are getting reported against node images when those really originate from the alpine base image and need to be fixed there.

What you expected to happen:

I think that a container SBOM tool should correctly report the origin of a package. At least in this specific case, I don't think the origin of the busybox package can be trusted.

How to reproduce it (as minimally and precisely as possible):

syft node@sha256:6cf4fe67db0c1e052ab251daab39e43a381a74c3738fe8207e613e416d9c30f8 -o json

Anything else we need to know?:

Please let me know if you need anything else to debug this. I'm happy to help.

Environment:

  • Output of syft version:
09:44 $ syft version
Application:   syft
Version:       0.30.1
BuildDate:     2021-11-15T20:26:29Z
GitCommit:     45ea4177e8a37a56798bacf89c4b6cdd5d056d6e
GitTreeState:  clean
Platform:      darwin/amd64
GoVersion:     go1.16.10
Compiler:      gc
@cdupuis cdupuis added the bug Something isn't working label Nov 24, 2021
@luhring
Copy link
Contributor

luhring commented Nov 24, 2021

Hi @cdupuis — I see what you're saying. I think this would be accomplished by the feature request #435.

I believe Syft is behaving as intended here, but I think there's room to improve the experience for SBOM consumers.

Today, Syft has the notion of "scope", which governs how it interprets a set of image layers. This is described briefly here.

Syft has a flag --scope <value>, where the two possible values are squashed and all-layers. The default value is squashed. Here are the behaviors for these values:

squashed — the image layers are squashed, such that Syft's internal catalogers see only a single, flattened filesystem, similar to what would appear to processes running in a container. With this filesystem merge operation, the instance of a file that's found in the latest layer is the one that "wins" in the merge result. So in this case for busybox, which is found in /lib/apk/db/installed, that layer would be sha256:00b9e9075c3a2a8e3dbfe1f4392d1ef11bf4613a2185cc018c632b5ad9196be3.

all-layers — all layers are scanned as independent file systems. If a package is discovered in multiple layers, it is reported multiple times.

When I run this:

syft node@sha256:6cf4fe67db0c1e052ab251daab39e43a381a74c3738fe8207e613e416d9c30f8 -o json --scope all-layers

I see Syft report busybox at layer sha256:8e322dc9c333c75d017a725c01e1083f2465cde131123522c7e69dde0fdf9912, in addition to reporting the same package for the subsequent layers.

Do you agree that this would be resolved by #435? Curious for your thoughts. 😃

@cdupuis
Copy link
Author

cdupuis commented Nov 24, 2021

Thanks for your response @luhring (as always). Really appreciate it.

I see what you are saying. That makes sense. Although I still wonder why, even with the all-layers scope a package shows up in layers that actually don't really contain it. In this case, only the first layer has the busybox executables. The simple fact that a package is listed in the lib/apk/db/installed doesn't indicate that the layer puts that package into the image, right?

I wonder if internal catalogers that detect packages based on lib/apk/db/installed or var/lib/dpkg/status should look at the file diff between two layers to determine if a package is contained in a layer? Has that been considered?

@luhring
Copy link
Contributor

luhring commented Nov 24, 2021

Although I still wonder why, even with the all-layers scope a package shows up in layers that actually don't really contain it. In this case, only the first layer has the busybox executables. The simple fact that a package is listed in the lib/apk/db/installed doesn't indicate that the layer puts that package into the image, right?

I think this is tricky. What's the best way to determine if a given package is installed?

In my experience, different people have different answers. But if there's an approach that seems better all-around, and it can be implemented correctly in Syft, we're definitely open to considering it.

@cdupuis
Copy link
Author

cdupuis commented Nov 24, 2021
edited
Loading

Yeah, this is indeed tricky. I was wondering if you could compare the contents of the lib/apk/db/installed or var/lib/dpkg/status between two layers to determine if something actually got installed or updated when moving from one layer to the next?

In this particular case it would have correctly reported out the fact that busybox amongst other packages was installed in the first layer and subsequently other packages were added but busybox was never touched again.

@luhring
Copy link
Contributor

luhring commented Nov 24, 2021

to determine if something actually got installed or updated

How would we determine this part? I follow that we'd look at a diff between two layers, but it's not yet clicking for me what we'd actually be looking at within that diff, and how we could determine positively that what we see in the diff means a package was installed. 🤔

@cdupuis
Copy link
Author

cdupuis commented Nov 24, 2021

Let me see if I can come with an example to explain what I mean.

Let's use the following Dockerfile to build an image:

FROM alpine:3.8

RUN apk add --update openssl && \
    rm -rf /var/cache/apk/*

RUN apk add --update git && \
    rm -rf /var/cache/apk/*

And now extracting lib/apk/db/installed from layer 1 and 2 and running a diff on both files, gives the following result:

542a543,677
> C:Q1msk1gr7VqUXzKzaJFftp7BkZN40=
> P:libcrypto1.0
> V:1.0.2u-r0
> A:x86_64
> S:1081261
> I:2527232
> T:Crypto library from openssl
> U:https://openssl.org
> L:openssl
> o:openssl
> m:Timo Teras <[email protected]>
> t:1577097004
> c:33832d93c0d87e0c90f543ea973e7d12ea27a3ee
> D:so:libc.musl-x86_64.so.1 so:libz.so.1
> p:so:libcrypto.so.1.0.0=1.0.0
> F:lib
> R:libcrypto.so.1.0.0
> a:0:0:555
> Z:Q1ODLwNd+vPlxqXtyqOPosQSp6S0o=
> F:usr
> F:usr/lib
> R:libcrypto.so.1.0.0
> a:0:0:777
> Z:Q1jLDKGBtunzKi5FKmK/QTAqfh6uI=
> F:usr/lib/engines
> R:libubsec.so
> a:0:0:555
> Z:Q1iiivUsMTTJMWQpEj8HY3IZZEf70=
> R:libatalla.so
> a:0:0:555
> Z:Q1eqkecvfWqutP5LPkvnrTBXFv13w=
> R:libcapi.so
> a:0:0:555
> Z:Q1u2M2IQyJrxdidQcT0dUnLchcROo=
> R:libgost.so
> a:0:0:555
> Z:Q1npvb9lOH9SspSTJGQNuk4+HySig=
> R:libcswift.so
> a:0:0:555
> Z:Q1wY3zhv7ZZoUh0FJQUkS6HZb5kF8=
> R:libchil.so
> a:0:0:555
> Z:Q1APntUyjcYghRksq6wFod7oipZbc=
> R:libgmp.so
> a:0:0:555
> Z:Q1sZjid4xbEJ7KHcrm9yn2Mcc97ws=
> R:libnuron.so
> a:0:0:555
> Z:Q1fCmj18y8yXwY7CPYySZMygigA2I=
> R:lib4758cca.so
> a:0:0:555
> Z:Q1X71JsOn/y8S9YLn+r/a+q1wQRyE=
> R:libsureware.so
> a:0:0:555
> Z:Q1dq4UpiuK68Py/IfGLlFjahexBwM=
> R:libpadlock.so
> a:0:0:555
> Z:Q1o5NkgSdiwazx0O/BFsMqyF2b3J8=
> R:libaep.so
> a:0:0:555
> Z:Q1Jk1Jm6rQz7/7iZS3wKfrSOhvM6Q=
> 
> C:Q1j6f5OinvEk2hXX4ixBZAaSUyCFI=
> P:libssl1.0
> V:1.0.2u-r0
> A:x86_64
> S:178745
> I:446464
> T:SSL shared libraries
> U:https://openssl.org
> L:openssl
> o:openssl
> m:Timo Teras <[email protected]>
> t:1577097004
> c:33832d93c0d87e0c90f543ea973e7d12ea27a3ee
> D:so:libc.musl-x86_64.so.1 so:libcrypto.so.1.0.0
> p:so:libssl.so.1.0.0=1.0.0
> F:lib
> R:libssl.so.1.0.0
> a:0:0:555
> Z:Q16DcHo5QMCgiUp0m3PMz1vNcNloc=
> F:usr
> F:usr/lib
> R:libssl.so.1.0.0
> a:0:0:777
> Z:Q1ke5dnHGVWcEyRpOe0/lKEqizHHQ=
> 
> C:Q1lqpDb+AGEDJhTe424m3ypSjTetE=
> P:openssl
> V:1.0.2u-r0
> A:x86_64
> S:225381
> I:606208
> T:Toolkit for SSL v2/v3 and TLS v1
> U:https://openssl.org
> L:openssl
> o:openssl
> m:Timo Teras <[email protected]>
> t:1577097004
> c:33832d93c0d87e0c90f543ea973e7d12ea27a3ee
> D:so:libc.musl-x86_64.so.1 so:libcrypto.so.1.0.0 so:libssl.so.1.0.0
> p:cmd:openssl
> F:etc
> F:etc/ssl
> F:etc/ssl/misc
> R:CA.sh
> a:0:0:755
> Z:Q1VUnDWEc6DtI6M1Ngvvwp0bA0kuo=
> R:CA.pl
> a:0:0:755
> Z:Q1Te7DTzGXy7s1g4UxBpjWkQlttlY=
> R:c_issuer
> a:0:0:755
> Z:Q1DMeRt9xZV79DtM/LXmid6o2Dsa4=
> R:c_name
> a:0:0:755
> Z:Q1dq38GG/1BidPqAZgB52sqOUrsLw=
> R:c_hash
> a:0:0:755
> Z:Q13rsdWLk2vlPk3gD8ylFFOWSi58s=
> R:tsget
> a:0:0:755
> Z:Q1nmxuEYwvukO24lcnedWx5HlDxzU=
> R:c_info
> a:0:0:755
> Z:Q1GmZ/x6gIUw9ccftpFx7CRD/ykSU=
> F:etc/ssl/certs
> F:etc/ssl/private
> F:usr
> F:usr/bin
> R:openssl
> a:0:0:755
> Z:Q1yMYRzAPYCIFie0jFMltqNl/5R1w=
> F:usr/lib
>

This diff would indicate that openssl, libssl1.0 and libcrypto1.0 were added in layer 2.

Now doing the same with the 2 and 3 shows a similar result and indicates that git and its dependencies got installed:

677a678,1728
> C:Q1PThpYjYSaExuaI3FKwWmG/jupq0=
> P:ca-certificates
> V:20191127-r2
> A:x86_64
> S:174932
> I:733184
> T:Common CA certificates PEM files from Mozilla
> U:https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
> L:MPL-2.0 GPL-2.0-or-later
> o:ca-certificates
> m:Natanael Copa <[email protected]>
> t:1591195980
> c:f91a48ba3659cc21c3b5467576f4b35da642164b
> D:/bin/sh so:libc.musl-x86_64.so.1 so:libcrypto.so.43
> p:cmd:c_rehash cmd:update-ca-certificates
> r:libcrypto1.0 openssl
> F:etc
> R:ca-certificates.conf
> Z:Q1bWg/EVw1q6GtWhym7eF5k72sZF4=
> F:etc/ca-certificates
> F:etc/ca-certificates/update.d
> R:certhash
> a:0:0:755
> Z:Q1pxPSWX01pfOF6GEDK4MWWAXF/GI=
> F:etc/apk
> F:etc/apk/protected_paths.d
> R:ca-certificates.list
> Z:Q15Z0Sr1o7f7TchDHWcWYgW7zi8JU=
> F:etc/ssl
> F:etc/ssl/certs
> F:usr
> F:usr/sbin
> R:update-ca-certificates
> a:0:0:755
> Z:Q189BstbJPKJTamk1e2ZLKZQUUFO0=
> F:usr/bin
> R:c_rehash
> a:0:0:755
> Z:Q1680+HtWIcQStByj6WQxLMF6+PSc=
> F:usr/local
> F:usr/local/share
> F:usr/local/share/ca-certificates
> F:usr/share
> F:usr/share/ca-certificates
> F:usr/share/ca-certificates/mozilla
> R:Certigna_Root_CA.crt
> Z:Q1VdBji67nphRLjjwCjCTuEScgLDw=
> R:Taiwan_GRCA.crt
> Z:Q1JY+r3c8G1ZOygwPrFezjs52t318=
> R:LuxTrust_Global_Root_2.crt
> Z:Q1VGlaQPYfCtkuauec9h6UYgmSvJE=
> R:OISTE_WISeKey_Global_Root_GC_CA.crt
> Z:Q1s9z9hD3/Vmr07wpIPmV5/7USzDc=
> R:Starfield_Class_2_CA.crt
> Z:Q1x4mQIjkIDcfi6C+oVqX2yiDsyX4=
> R:Izenpe.com.crt
> Z:Q1GeaIXHKBc2WVUUgM5R3dJoDGgFs=
> R:GTS_Root_R3.crt
> Z:Q1cw4ZH/NhO2AAGClZwxr2pLGRgVE=
> R:SecureTrust_CA.crt
> Z:Q1YnaZhQ0ZyJ9uDLdJTXfLDGwrgc4=
> R:Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
> Z:Q1bi0FmdlvvYon38mjVfT446CbNd4=
> R:Go_Daddy_Root_Certificate_Authority_-_G2.crt
> Z:Q1dg+7Ns+1WmfHHKw9zw02jqn5juc=
> R:QuoVadis_Root_CA_2_G3.crt
> Z:Q1Xz/eGc+P/GA4VXW5iXVkS3t/8DE=
> R:Security_Communication_Root_CA.crt
> Z:Q1hHXaxl+s+AkgSwN4hsJyFzYPhyo=
> R:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
> Z:Q152hIZP/jRh+jHTYn0f5bhMMk3xk=
> R:CA_Disig_Root_R2.crt
> Z:Q1caI4aKvuMtU9JXPcc7guC3fXb7g=
> R:Amazon_Root_CA_1.crt
> Z:Q18NLSUe9e6EuOBdgBIFahSV/PNLM=
> R:Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
> Z:Q11k0g4DoAXieyeb4onAM2NE4G3tI=
> R:Amazon_Root_CA_3.crt
> Z:Q1LnFTqB+5ig+7UIs7k4KeTp7aXSM=
> R:ISRG_Root_X1.crt
> Z:Q1Telif+ms5KzOJ+qhoIN809tVcEs=
> R:Comodo_AAA_Services_root.crt
> Z:Q1sKnpNU0d6bSImINWsCsa//WGMG0=
> R:CFCA_EV_ROOT.crt
> Z:Q1loKCArxcjbb09WtNgaJVPBCM4jo=
> R:DigiCert_Trusted_Root_G4.crt
> Z:Q14Y5YxyFxxjGFPyHd7u8PPt3/ETw=
> R:OISTE_WISeKey_Global_Root_GA_CA.crt
> Z:Q1CTFJalKdfCdTeDrjliAiZ8pIvwk=
> R:SZAFIR_ROOT_CA2.crt
> Z:Q1A9PJoBIp7M4pCCh7xT9fiyz6NuI=
> R:AddTrust_Low-Value_Services_Root.crt
> Z:Q1hmp2vWN5BgEOa2BG7c1F8HIXiXg=
> R:T-TeleSec_GlobalRoot_Class_2.crt
> Z:Q1fxseQorG0szm6j7hBs3dbVaG7u4=
> R:SSL.com_Root_Certification_Authority_RSA.crt
> Z:Q1e/+WIUpPklH+avUkzl6bKkIWFE4=
> R:GlobalSign_Root_CA_-_R3.crt
> Z:Q1GwlPBX3l+kTXlYJo2T7V9NbF29w=
> R:Global_Chambersign_Root_-_2008.crt
> Z:Q1zib8NgSVQ+4UfPeo7orQQ/CzOKI=
> R:AffirmTrust_Commercial.crt
> Z:Q1MWKWEe/aNVzcYng71h6RqguiCqY=
> R:Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.crt
> Z:Q10Hp0kVBVQBfAm9wBo871UKX6QjA=
> R:SwissSign_Gold_CA_-_G2.crt
> Z:Q1W7RaFtsQpJCJYOUSdokxP/9EIgg=
> R:GlobalSign_Root_CA.crt
> Z:Q16IMApFoHJhWCQ6TvfyCVvjE+WU0=
> R:AC_RAIZ_FNMT-RCM.crt
> Z:Q1zrQ8jr6mXkYXKfBxrS9O9iqDG6E=
> R:DigiCert_Assured_ID_Root_G3.crt
> Z:Q1B2g6wk4HH2F5S47x13+pCWuNapA=
> R:Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.crt
> Z:Q1kCPnRN0wRwpolLsDOgD8gAENeuQ=
> R:Atos_TrustedRoot_2011.crt
> Z:Q1PnvxSafNMice8YMooix2a9sZLHY=
> R:GeoTrust_Primary_Certification_Authority.crt
> Z:Q1vYDbTdnayFLLcmp5ZypayM0Vipo=
> R:certSIGN_ROOT_CA.crt
> Z:Q1NyaLsxBz4ftdfjIhwgPScDOIbnI=
> R:GDCA_TrustAUTH_R5_ROOT.crt
> Z:Q1J27wGT+f8qXuQ3rKpAacjUxBhR4=
> R:thawte_Primary_Root_CA.crt
> Z:Q1UNB2LvgVRjHW+5z9fzOP5I8nqpA=
> R:Hongkong_Post_Root_CA_1.crt
> Z:Q1kD9hfEiU7vcIF6vuRufvKyna8t4=
> R:Cybertrust_Global_Root.crt
> Z:Q1F/LhdIx7Hf4Q5ctq+UYn10e7OZQ=
> R:Starfield_Services_Root_Certificate_Authority_-_G2.crt
> Z:Q1KQkbdqCOUgSGV551isbEoJ6g/g4=
> R:QuoVadis_Root_CA_2.crt
> Z:Q1HI16QKVk+1nqGAgCBC2Lgqiu2jg=
> R:GeoTrust_Global_CA.crt
> Z:Q1A+C3nAWpKpU+F/oiPnmVlCR4AWg=
> R:Hongkong_Post_Root_CA_3.crt
> Z:Q11ceM459tfKe1iQF+u1em2iH6j8o=
> R:SecureSign_RootCA11.crt
> Z:Q1KBJxBxytqPGGdGdkQoEgY+p3NgE=
> R:Go_Daddy_Class_2_CA.crt
> Z:Q1mPHMPZ8Jc2ketK6aHq+sf9YwHfs=
> R:IdenTrust_Commercial_Root_CA_1.crt
> Z:Q1T6cBv1VrjS+3j6j0dkOiElI/Gnc=
> R:TWCA_Root_Certification_Authority.crt
> Z:Q1YMM+hVeJEGv3WjyXaW/dLViJBGc=
> R:Staat_der_Nederlanden_EV_Root_CA.crt
> Z:Q1JmwEU697kLbFSLPcQR0wkB+JN+0=
> R:OISTE_WISeKey_Global_Root_GB_CA.crt
> Z:Q1/OLA3AWcGtOsk9QWtrquu16Xt18=
> R:DigiCert_Assured_ID_Root_G2.crt
> Z:Q1lmLQRiWxg2Vf2wME9kSGWiiir3w=
> R:Starfield_Root_Certificate_Authority_-_G2.crt
> Z:Q1ZZS+OnDfqpy7m0htvG4CcWR/tho=
> R:SSL.com_EV_Root_Certification_Authority_ECC.crt
> Z:Q1w9AVqjkkw0B32+f1eNbOOJuRnXE=
> R:EE_Certification_Centre_Root_CA.crt
> Z:Q1uRHLGr4AOPeZul0eCu9npI1RjG8=
> R:Buypass_Class_2_Root_CA.crt
> Z:Q1Cj5B506aQTcDZSXwwv1tjt/cfDk=
> R:emSign_Root_CA_-_G1.crt
> Z:Q1b4bdtYXS9RawKPohlY8Jq+RjuMw=
> R:Certum_Root_CA.crt
> Z:Q1n5ENSiPh/TnI0lplSAGAxYPPSP8=
> R:TeliaSonera_Root_CA_v1.crt
> Z:Q1oiGaf9Cne+dCKgIEm40ngFwCULo=
> R:AffirmTrust_Networking.crt
> Z:Q1h6mFdWOWfVnMvlHkqPwrov2h6Rk=
> R:AffirmTrust_Premium_ECC.crt
> Z:Q1QHiDLI6H4VUqYdLyfjiRfxQ8iRk=
> R:ACCVRAIZ1.crt
> Z:Q1Yg+imHdMYbwUfkdmdTJSJnpNnJ0=
> R:DigiCert_Assured_ID_Root_CA.crt
> Z:Q11jaiOW4ptOkeABBqGDk4ptdG9xY=
> R:QuoVadis_Root_CA_3.crt
> Z:Q1yF3UetR2TiqvM+KLZ2+1A4wFaKg=
> R:SwissSign_Silver_CA_-_G2.crt
> Z:Q1yfZUppgAQEFV06v7PvIzgs2pLa0=
> R:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
> Z:Q1IF7PbkDY+dxwC5Ms5qOiaDaZRlI=
> R:GeoTrust_Primary_Certification_Authority_-_G3.crt
> Z:Q1B0wBQW9PsFBqAAEmZkAmMSwGNmQ=
> R:QuoVadis_Root_CA_1_G3.crt
> Z:Q1d0Rc+cAAiFiNDnwzBmJTicMP9L4=
> R:Entrust_Root_Certification_Authority_-_G2.crt
> Z:Q1YDDay2u0w6zVi1KDE6a0F83bzbg=
> R:Staat_der_Nederlanden_Root_CA_-_G3.crt
> Z:Q1yU4jwLLkuY8HsvPOYS09eITzVd8=
> R:COMODO_ECC_Certification_Authority.crt
> Z:Q16Zlove6WSuq9LwJcyr4dEIWy+Iw=
> R:COMODO_RSA_Certification_Authority.crt
> Z:Q19AaUb0qbN51K+YR0UcoB3EDPuWg=
> R:QuoVadis_Root_CA.crt
> Z:Q1meTudHGg/QmEMGekm8fy5lpYz2I=
> R:D-TRUST_Root_Class_3_CA_2_EV_2009.crt
> Z:Q1mzrwTFcbong1Q8WrUZOqJ5OY+nY=
> R:DigiCert_Global_Root_G2.crt
> Z:Q1vNYPBwCO7TvR0WqXT/8Lk85oEQs=
> R:Entrust_Root_Certification_Authority.crt
> Z:Q1hMJwKUa2iVrAniX8TszWhRKaLic=
> R:EC-ACC.crt
> Z:Q19zNyDboW8eGeSJ6YeggR5OuojxM=
> R:UCA_Extended_Validation_Root.crt
> Z:Q1c2xtj6NuNIe0Y7XBSN1qCos5qZw=
> R:XRamp_Global_CA_Root.crt
> Z:Q1i3Ay7Lre5sw0bSuFushbUD7rcA0=
> R:Trustis_FPS_Root_CA.crt
> Z:Q1Av11SZPSgw5yvqA6nmA9RvovIz0=
> R:GeoTrust_Primary_Certification_Authority_-_G2.crt
> Z:Q1Jdu0/LQSs41IgsBujmo2bHmQcg4=
> R:emSign_ECC_Root_CA_-_G3.crt
> Z:Q1P1uKoUGnyo2ucdhrcHR5Bxf/vnY=
> R:thawte_Primary_Root_CA_-_G3.crt
> Z:Q1OBZ4LvJifyj5ckbtBnZA+8gS3e4=
> R:Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
> Z:Q1ezXs+8GTPJzzPTU0NwF0cEKwMms=
> R:NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
> Z:Q1PBwBdef4LfpqpvbMMqrtFaxQ9C0=
> R:Amazon_Root_CA_2.crt
> Z:Q1Mjt7ShDA2NoZij6MBZyb7CT0ky0=
> R:Camerfirma_Global_Chambersign_Root.crt
> Z:Q1C7KdDorgV040tTuAwVRjNm4oXbI=
> R:TrustCor_RootCert_CA-2.crt
> Z:Q1b75fdaAKuvpLlRqotHptQk7zBA4=
> R:Amazon_Root_CA_4.crt
> Z:Q12ayOl3M2DRbZUiV0diaHPoGqn9Y=
> R:Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.crt
> Z:Q1EkWUBO/EgriupS76AwgK5EJJGuY=
> R:emSign_ECC_Root_CA_-_C3.crt
> Z:Q1zYsDcDDxkMsTErh0fzzRhBWGq7I=
> R:Security_Communication_RootCA2.crt
> Z:Q1aFENB5LpVZLc/j6tIwpYCWz0334=
> R:DigiCert_Global_Root_CA.crt
> Z:Q1RBgpDAr2YYQ7KMcPTrco9MxGKWA=
> R:ePKI_Root_Certification_Authority.crt
> Z:Q1ukis7BL6ag6KKa2IAYJcbQorhek=
> R:GlobalSign_Root_CA_-_R6.crt
> Z:Q1pfhGidPu6wwM9n3QvPp+hzs1U7M=
> R:D-TRUST_Root_CA_3_2013.crt
> Z:Q16ESZiwdqsH2cMXAS56Hz8j0eRLY=
> R:VeriSign_Universal_Root_Certification_Authority.crt
> Z:Q1HErww9hPl6NJFnDXXcKtruu1Bxs=
> R:Certum_Trusted_Network_CA.crt
> Z:Q1dsOv1er41cvyUPCLkj+/kIXGeT4=
> R:COMODO_Certification_Authority.crt
> Z:Q1tLncnPRwxmsenlPDApoHqUGJgYU=
> R:SwissSign_Platinum_CA_-_G2.crt
> Z:Q1dFWSBC5s8ZsU8OxQ9bvtgciEEjI=
> R:Camerfirma_Chambers_of_Commerce_Root.crt
> Z:Q1j4l3MEzwpsbzZYSlzGBIoWCFwlU=
> R:emSign_Root_CA_-_C1.crt
> Z:Q1mbgWLDLz7PBYBhErqnercjDpmNU=
> R:T-TeleSec_GlobalRoot_Class_3.crt
> Z:Q1KoPK9TUdQT1Ev/m36j4Gz2JA7uQ=
> R:DigiCert_Global_Root_G3.crt
> Z:Q17gm3Wh+4D3Y1T0Xazjb6UXTZa7A=
> R:Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.crt
> Z:Q1m9n9nAlOJnAllvtVxbmBMbUWQhk=
> R:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
> Z:Q1XFspUHyVErZYgHyHlnrbaOZQqC8=
> R:Secure_Global_CA.crt
> Z:Q1hq7QkVBqW9ZIBb1DMFSQXDmkLBA=
> R:Actalis_Authentication_Root_CA.crt
> Z:Q1URypVgcCKpntjmi9Y/E2xIVM78s=
> R:Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
> Z:Q1Itn+gzAv8GriXm77jMH6Id+vDnI=
> R:USERTrust_RSA_Certification_Authority.crt
> Z:Q1LyOAaFvg6owb4eGoSW/58iDE9hw=
> R:D-TRUST_Root_Class_3_CA_2_2009.crt
> Z:Q1CVXtoLnzXYkVz8Xey6D97/owehU=
> R:AffirmTrust_Premium.crt
> Z:Q1Kke7oacZjzthsXkjna3IttlVWIc=
> R:GTS_Root_R2.crt
> Z:Q1kZ6ME6RbjL9lEz+dzLRPOBlvUqk=
> R:Certigna.crt
> Z:Q1/l30B8TLpw9JkoQQv1XfA9Hicy8=
> R:TWCA_Global_Root_CA.crt
> Z:Q1OH9yg4dVzVC6GdL7KcHwOAN3btg=
> R:IdenTrust_Public_Sector_Root_CA_1.crt
> Z:Q1thO7Om3MLuesYtCVHg6pvL1I/4w=
> R:TrustCor_ECA-1.crt
> Z:Q1kuNY0O+oHUTetOVaxmxTUl8EChE=
> R:Staat_der_Nederlanden_Root_CA_-_G2.crt
> Z:Q1q+zK+4s+BdPglYHM3INKUgkBuWY=
> R:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
> Z:Q1/CxV6yQo8lb/VblsISOoKOmPGmY=
> R:SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
> Z:Q1LEFEQi79PXeM9fPCgHJOYS7Ymyk=
> R:QuoVadis_Root_CA_3_G3.crt
> Z:Q1fHadn9tN9NdDrJ24/SY3Y+Hp5J4=
> R:Chambers_of_Commerce_Root_-_2008.crt
> Z:Q1aoheWbyYbE4o92pjJwCxxa5Hub0=
> R:DST_Root_CA_X3.crt
> Z:Q1Y28cdtgN5tSRYwE9weYkpsp6Ta0=
> R:TrustCor_RootCert_CA-1.crt
> Z:Q1aw5p4YFvGgp12pdaPzKfD15WfR8=
> R:Entrust.net_Premium_2048_Secure_Server_CA.crt
> Z:Q1LicN/AuTM/JrWZ6s9CzhD7JoIVQ=
> R:GTS_Root_R1.crt
> Z:Q1gf+QIXSflI4PvFaPVMhsL5m0dU8=
> R:Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
> Z:Q1tqyQI09yWCWAznc5WvrGgKUfhsE=
> R:USERTrust_ECC_Certification_Authority.crt
> Z:Q12c4P9Wxxu0CROI6jjgHZdWWnVX8=
> R:DigiCert_High_Assurance_EV_Root_CA.crt
> Z:Q1/yQqgtaVyh5HbsWkZctE8HR+21g=
> R:thawte_Primary_Root_CA_-_G2.crt
> Z:Q1UwAy9Mi2fIePO/aFn3cizaoSALc=
> R:GlobalSign_Root_CA_-_R2.crt
> Z:Q1M5SBYtNGil17CwFHxY1ssEesQpY=
> R:GeoTrust_Universal_CA.crt
> Z:Q1cNlhXZdJneVCQrosysxpGwnChOE=
> R:GlobalSign_ECC_Root_CA_-_R4.crt
> Z:Q14ofywW9sCB/uwcjaRPHuR+W01Mo=
> R:Entrust_Root_Certification_Authority_-_G4.crt
> Z:Q12M+H1tKT+20y4srpA0MxJ0JvxpQ=
> R:Baltimore_CyberTrust_Root.crt
> Z:Q1r4Wn/AFocJkJ5dnML2BgnFHI/sc=
> R:Sonera_Class_2_Root_CA.crt
> Z:Q1cVjaI6B6aKMib0aXrmdsGrknca4=
> R:GTS_Root_R4.crt
> Z:Q1TDyFCqaL2QfnpMtfEWAU0n4UMCU=
> R:GlobalSign_ECC_Root_CA_-_R5.crt
> Z:Q1tTA6apTbLuUc6bB84FcApoOcTQw=
> R:Microsec_e-Szigno_Root_CA_2009.crt
> Z:Q12GFvQ5RYNm5qWpTSxycTwMj/zTs=
> R:GeoTrust_Universal_CA_2.crt
> Z:Q1DxMFS5f9TVpxEIyE18U2DQn2BSM=
> R:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
> Z:Q1O135aetWqrFqIlY6Lrg7wodsXdw=
> R:UCA_Global_G2_Root.crt
> Z:Q1FAwCc4Q3HykwmMXJPJOI2f3iJZU=
> R:Entrust_Root_Certification_Authority_-_EC1.crt
> Z:Q1vsDvp7XZRmS2Qn0L3CLneubtHWs=
> R:E-Tugra_Certification_Authority.crt
> Z:Q18XY975DIsrXcz7TdUqctRp3oMPQ=
> R:Buypass_Class_3_Root_CA.crt
> Z:Q1W4iUMLfdFRfJT4e3cXXFr5V7FaQ=
> R:SSL.com_Root_Certification_Authority_ECC.crt
> Z:Q10PJ40hKbrw0b5weDETb1zhbeyY4=
> R:Network_Solutions_Certificate_Authority.crt
> Z:Q1E/17ob1ZlENzmyurStRUJ26xYxc=
> R:Certum_Trusted_Network_CA_2.crt
> Z:Q1Fk2yMYJ/htcwEtxmgPtr53fyBaw=
> 
> C:Q1EToCBKEmeBdTneiJj7exZpuUtS0=
> P:nghttp2-libs
> V:1.39.2-r0
> A:x86_64
> S:67180
> I:155648
> T:Experimental HTTP/2 client, server and proxy (libraries)
> U:https://nghttp2.org
> L:MIT
> o:nghttp2
> m:Francesco Colista <[email protected]>
> t:1568186892
> c:1dc7b4f0c96ed51dcf6d72c6251e6bb4f6ff24ea
> D:so:libc.musl-x86_64.so.1
> p:so:libnghttp2.so.14=14.18.0
> F:usr
> F:usr/lib
> R:libnghttp2.so.14
> a:0:0:777
> Z:Q1LPn1/GhjknxncslDnIV2sozleRg=
> R:libnghttp2.so.14.18.0
> a:0:0:755
> Z:Q1n1yCxO+rgqHtKRvYz/4byA3czbE=
> 
> C:Q1HZNUYHGFSlhSOEdrONERG5VpMqE=
> P:libssh2
> V:1.9.0-r1
> A:x86_64
> S:93814
> I:221184
> T:library for accessing ssh1/ssh2 protocol servers
> U:https://libssh2.org/
> L:BSD
> o:libssh2
> m:Natanael Copa <[email protected]>
> t:1571996730
> c:4763b1bc00bf1da982aabff8810e53fd9dced2f0
> D:so:libc.musl-x86_64.so.1 so:libcrypto.so.43 so:libz.so.1
> p:so:libssh2.so.1=1.0.1
> F:usr
> F:usr/lib
> R:libssh2.so.1
> a:0:0:777
> Z:Q1D2bctUiR7ouD4db7CotuX/7bOl8=
> R:libssh2.so.1.0.1
> a:0:0:755
> Z:Q1/iM/3g+JPd47eY90ZgzpZRkpIUk=
> 
> C:Q1fyUS5OyIxEQ7kHjju3h54DsN1Zc=
> P:libcurl
> V:7.61.1-r3
> A:x86_64
> S:216028
> I:466944
> T:The multiprotocol file transfer library
> U:https://curl.haxx.se
> L:MIT
> o:curl
> m:Natanael Copa <[email protected]>
> t:1568707440
> c:c64caaa6d0cf04cf1a2a90b1b751edef900fd849
> D:ca-certificates so:libc.musl-x86_64.so.1 so:libcrypto.so.43 so:libnghttp2.so.14 so:libssh2.so.1 so:libssl.so.45 so:libz.so.1
> p:so:libcurl.so.4=4.5.0
> F:usr
> F:usr/lib
> R:libcurl.so.4
> a:0:0:777
> Z:Q1ngrNm+ppawZtfHpO0LvmUxP8f58=
> R:libcurl.so.4.5.0
> a:0:0:755
> Z:Q1LZx+ksH6MHln5rfb1QnCWS/nHk8=
> 
> C:Q1ivNP9Fg164j6sWYwhw6I3vrgex8=
> P:expat
> V:2.2.8-r0
> A:x86_64
> S:66892
> I:176128
> T:An XML Parser library written in C
> U:http://www.libexpat.org/
> L:MIT
> o:expat
> m:Carlo Landmeter <[email protected]>
> t:1568974105
> c:f8aaee8bb88596131af189a58b1e5a210c085584
> D:so:libc.musl-x86_64.so.1
> p:so:libexpat.so.1=1.6.10 cmd:xmlwf
> F:usr
> F:usr/bin
> R:xmlwf
> a:0:0:755
> Z:Q1J/ePy7lvBqK3m1i4wX0J9HCCO08=
> F:usr/lib
> R:libexpat.so.1.6.10
> a:0:0:755
> Z:Q1dKmXIEhVFoThew/M1zpyk+tnzHg=
> R:libexpat.so.1
> a:0:0:777
> Z:Q1DBU5ysdwK91copPhknaLG4SxYgo=
> 
> C:Q1dAOptgXbFQyMv8D1boHibW36t3U=
> P:pcre2
> V:10.31-r0
> A:x86_64
> S:225993
> I:602112
> T:Perl-compatible regular expression library
> U:http://pcre.sourceforge.net/
> L:BSD-3-Clause
> o:pcre2
> m:Jakub Jirutka <[email protected]>
> t:1525177497
> c:f15559ce104532156bf682903cec5ced0bec1426
> D:so:libc.musl-x86_64.so.1
> p:so:libpcre2-8.so.0=0.7.0 so:libpcre2-posix.so.2=2.0.0
> F:usr
> F:usr/lib
> R:libpcre2-8.so.0.7.0
> a:0:0:755
> Z:Q1PhoXKII1nLphwj01/k4F8fys20c=
> R:libpcre2-8.so.0
> a:0:0:777
> Z:Q1VDS0WV6wx1Sn8zNR/rTPN5IJcdQ=
> R:libpcre2-posix.so.2
> a:0:0:777
> Z:Q1ui7wLyv6d05O7H5YMRQN5ft2e7o=
> R:libpcre2-posix.so.2.0.0
> a:0:0:755
> Z:Q1tU9/aLuC36Kjk6nP2IwZrOftTkQ=
> 
> C:Q1ubA4spcN4PRTWxVOI1GHI3+Ii74=
> P:git
> V:2.18.4-r0
> A:x86_64
> S:6568718
> I:13213696
> T:Distributed version control system
> U:https://www.git-scm.com/
> L:GPL-2.0-or-later
> o:git
> m:Natanael Copa <[email protected]>
> t:1587495829
> c:f32b8f8df8e99e7b325c18d9faefd359d2f1a39a
> D:so:libc.musl-x86_64.so.1 so:libcurl.so.4 so:libexpat.so.1 so:libpcre2-8.so.0 so:libz.so.1
> p:cmd:git cmd:git-receive-pack cmd:git-shell cmd:git-upload-archive cmd:git-upload-pack
> r:git-perl
> F:usr
> F:usr/libexec
> F:usr/libexec/git-core
> R:git-fmt-merge-msg
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-parse-remote
> Z:Q1JJP2c5/FjhaiD9dr0Ue+FYnk4zg=
> R:git-describe
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-repack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-bisect--helper
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-whatchanged
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-revert
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-cat-file
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-tree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-serve
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-subtree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-read-tree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-verify-tag
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-commit
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-var
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rebase--helper
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-reset
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-diff
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-clean
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-verify-commit
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-push
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-remote-ftps
> a:0:0:755
> Z:Q1FNQ3oYyunabkCkiwZ2XTxnn1+0U=
> R:git-credential-cache--daemon
> a:0:0:755
> Z:Q1rp8cQFyXI34CT30j/Z5Ya9bDyqc=
> R:git-merge-base
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-branch
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-bisect
> a:0:0:755
> Z:Q1c2PO1ax6h+ynMqJUITYNu+kdZkQ=
> R:git-pack-redundant
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-interpret-trailers
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-prune-packed
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-diff-index
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-show-branch
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rebase--interactive
> Z:Q1H21TeAx/uJhd08DlSLHHoTsF69k=
> R:git-check-mailmap
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-cherry-pick
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-worktree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-fetch-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-mailinfo
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-format-patch
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-tag
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-add
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-column
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-mailsplit
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-filter-branch
> a:0:0:755
> Z:Q1BobShuYt3dHDekXsvGNKPh21oOM=
> R:git-stash
> a:0:0:755
> Z:Q1hal+sCJldSaTpM1BsaFJbVvhqnA=
> R:git-name-rev
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rebase--am
> Z:Q1AdwlHaafb0eiDS7XrQAQdaslUgk=
> R:git-rev-list
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-notes
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-init
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-init-db
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-shortlog
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rerere
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-fsck-objects
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-mv
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-fetch
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-for-each-ref
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-difftool--helper
> a:0:0:755
> Z:Q1lW64qKFngkdzefVkZdluuw43vbE=
> R:git-stage
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-pull
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-diff-tree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rev-parse
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-check-attr
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-credential-store
> a:0:0:755
> Z:Q18kiG7CfYtU/O6OM8P4qNqgAKlrM=
> R:git-remote-fd
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-annotate
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-apply
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-checkout-index
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-commit-graph
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-pack-objects
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-http-push
> a:0:0:755
> Z:Q1GWZrtmiFQdW3Ir+rwnuSBdCLgao=
> R:git-mergetool
> a:0:0:755
> Z:Q1S6vLNe594R6J5/OBz2l5ndp2Xnw=
> R:git-update-ref
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-octopus
> a:0:0:755
> Z:Q1D7/bjLf08RRck/mSVIBckjmztZY=
> R:git-blame
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-one-file
> a:0:0:755
> Z:Q122u2LgGsqtiPEzBR/FtOZ4F5JIY=
> R:git-symbolic-ref
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-ls-remote
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-commit-tree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-recursive
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-check-ref-format
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-grep
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-ours
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-bundle
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-show-index
> a:0:0:755
> Z:Q104N0BrxcTf0jH8kJeDCxMFxReFw=
> R:git-mergetool--lib
> Z:Q1nhobQiqq/DMQPakNKFzyMKAR0Rc=
> R:git-upload-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-resolve
> a:0:0:755
> Z:Q1qXe+7FKzOYXP9jacviX3AuQWcHU=
> R:git-update-index
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-sh-i18n--envsubst
> a:0:0:755
> Z:Q1sEv3uqlZ7aW0BagK4R91dp5yKYA=
> R:git-mktag
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-write-tree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-credential
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-remote-http
> a:0:0:755
> Z:Q1FNQ3oYyunabkCkiwZ2XTxnn1+0U=
> R:git-quiltimport
> a:0:0:755
> Z:Q1qJCfrOj32gkJYRazhr6Cvn8gkxk=
> R:git-cherry
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-archive
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-get-tar-commit-id
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-send-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-fsck
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-difftool
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-gc
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-fast-export
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-check-ignore
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-reflog
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-remote-ext
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-file
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-mktree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-hash-object
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-web--browse
> a:0:0:755
> Z:Q1qX7DL65PBzXmnuPW/syYuSeRlwI=
> R:git-submodule--helper
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-receive-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-pack-refs
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-help
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-stripspace
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-sh-setup
> Z:Q1VKoKc5Q+/bWM/+5XK56AotDH710=
> R:git-merge
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-verify-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rebase--merge
> Z:Q1vmlrQBLQEjwhjrL5pTtaJQWCT7s=
> R:git-rebase
> a:0:0:755
> Z:Q1CHGDrlug0LXERUqTTx8s3MWd6lI=
> R:git-am
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-request-pull
> a:0:0:755
> Z:Q1f8a0I498h60PoTShUoiCxlV12Sg=
> R:git-log
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-unpack-file
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-checkout
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-status
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-remote-https
> a:0:0:755
> Z:Q1FNQ3oYyunabkCkiwZ2XTxnn1+0U=
> R:git-http-fetch
> a:0:0:755
> Z:Q1oVJyHIjvW7q5wnaP7awKe8WrffA=
> R:git-index-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-upload-archive
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-rm
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-remote-ftp
> a:0:0:755
> Z:Q1FNQ3oYyunabkCkiwZ2XTxnn1+0U=
> R:git-count-objects
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-unpack-objects
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-ls-files
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-merge-index
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-show-ref
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-sh-i18n
> Z:Q1Lkxz61Y0A8dP1ttT0uGkZTeZ9CI=
> R:git-diff-files
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-patch-id
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-show
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-remote
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-submodule
> a:0:0:755
> Z:Q1fRozSa44ONNN5yypfsSv2ewhj2I=
> R:git-prune
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-update-server-info
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-ls-tree
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-credential-cache
> a:0:0:755
> Z:Q1LYo3i6pRNwyxLs/Wd78v26BCaj8=
> R:git-clone
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-config
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-replace
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> F:usr/libexec/git-core/mergetools
> R:meld
> Z:Q1cNfAI8kVh5xLjIsj4PWxA6vAJG0=
> R:guiffy
> Z:Q1iFG0w9sQa8g5yl1BDMyI/zGwVgI=
> R:examdiff
> Z:Q1SwktMjUpAM45lzuQjPcYQIb3xFs=
> R:opendiff
> Z:Q1/Qp8ktBxoBFf37rN7suLs+0Skbs=
> R:gvimdiff
> Z:Q1jZuJYs9GrZlMHK8vb91YyJMJbYs=
> R:bc
> Z:Q1eP8Ti3qxGjR15KCuS+CaMwUkBws=
> R:araxis
> Z:Q1Nbn45diRNmggtfhiBcCgtnqEScQ=
> R:emerge
> Z:Q1NLBPgymCEVU/exZfeaVH3zZvwVc=
> R:vimdiff
> Z:Q1UyN15OIsVT/qF4XNj4DxQvGJJaY=
> R:vimdiff3
> Z:Q1jZuJYs9GrZlMHK8vb91YyJMJbYs=
> R:tkdiff
> Z:Q1Dx/CiXXX10cMNSmoU8UswnayICA=
> R:codecompare
> Z:Q1eETxVt0LsxxDJSrLfzKgdohPYws=
> R:kdiff3
> Z:Q1f1/c0x2kVOYS61gxcZc/OWiji+k=
> R:vimdiff2
> Z:Q1jZuJYs9GrZlMHK8vb91YyJMJbYs=
> R:kompare
> Z:Q1gv349exa6UCCz5F+SUF14CpUVZc=
> R:ecmerge
> Z:Q16/SvhyXRrNFXsI1xGR9smPc3UzU=
> R:diffmerge
> Z:Q1KIFMpr/3FOHmW3JMlQpNoNVudB8=
> R:xxdiff
> Z:Q1ai7xze9o8xoJfioXQcJO/aZjcfE=
> R:winmerge
> Z:Q1Mi6X4AgzTFgX14YKlxPmo9BqxZ4=
> R:gvimdiff3
> Z:Q1jZuJYs9GrZlMHK8vb91YyJMJbYs=
> R:tortoisemerge
> Z:Q11ZrkZMKW689SrCdF3ItTMMM2Oz4=
> R:diffuse
> Z:Q1xffz7Y1Svt0MMFU2CesOPPqTdTE=
> R:deltawalker
> Z:Q1PU/2BEGpv5F69I2kTEgGXgZxsJw=
> R:gvimdiff2
> Z:Q1jZuJYs9GrZlMHK8vb91YyJMJbYs=
> R:bc3
> Z:Q1nAzyoCjKTcWPYdXp1iLaKjEMcpY=
> F:usr/bin
> R:git
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-upload-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-receive-pack
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-upload-archive
> a:0:0:755
> Z:Q1Za0Wh3XgNnDhJ1jhzDjEM6VPI/8=
> R:git-shell
> a:0:0:755
> Z:Q1Op7Sx1c6qZ1uBzzW0o37nu+2rBk=
> F:usr/share
> F:usr/share/git-core
> F:usr/share/git-core/templates
> M:0:0:2755
> R:description
> Z:Q1ljXxt+EsBFISgZ3ZNNgJ7wfvovQ=
> F:usr/share/git-core/templates/info
> M:0:0:2755
> R:exclude
> Z:Q1yHnfAV2XYVBQr6e5ZB4zUqHnAaw=
> F:usr/share/git-core/templates/branches
> M:0:0:2755
> F:usr/share/git-core/templates/hooks
> M:0:0:2755
> R:pre-push.sample
> a:0:0:755
> Z:Q1XIUYv9HR09LBpxlJlMChbYoxOkE=
> R:commit-msg.sample
> a:0:0:755
> Z:Q17h7VqtmKQ18gILbeNcFzt12a/6w=
> R:prepare-commit-msg.sample
> a:0:0:755
> Z:Q1JYSAa6FHFSrgBctnWqTwHV0GhFY=
> R:pre-applypatch.sample
> a:0:0:755
> Z:Q18ggofBqSUl3p9UYukFqdMd4eLXU=
> R:pre-receive.sample
> a:0:0:755
> Z:Q1cFoX0lnniW8Agv4unywMOxJ75aw=
> R:update.sample
> a:0:0:755
> Z:Q15ynNYbJ8EolR0Tnejnxj0aN1jd4=
> R:pre-commit.sample
> a:0:0:755
> Z:Q1M3Ka1M5RrNo1CU5YHkCI8xZ6Cvg=
> R:pre-rebase.sample
> a:0:0:755
> Z:Q1KI79wAJ9tM/Yt8R8Su3boJtt7RI=
> R:applypatch-msg.sample
> a:0:0:755
> Z:Q1TeiOuVpek/0n54tfs7UjGo2JF90=
> R:post-update.sample
> a:0:0:755
> Z:Q1thTC9j2n3Knx2y563mHvMESPyWw=
> F:usr/share/perl5
> F:var
> F:var/git

This diff does not contain anything about openssl and hence it can be asserted that openssl wasn't actually installed or modified in this layer.

Of course, to do this kind of diffing one would need a proper parser for the lib/apk/db/installed file and then check the parsed content of both versions of the file for modifications.

Does that make sense?

@luhring
Copy link
Contributor

luhring commented Nov 24, 2021

It does! I follow now, sorry. At first, I thought you were talking about inspecting other files (e.g. the busybox binaries) to make the determination.

I think this implementation is along the lines of we'd do for #435.

@luhring
Copy link
Contributor

luhring commented Nov 29, 2021

@cdupuis Would it be okay with you if we close this issue and track the feature via #435? I think the core request is the same between these two issues. And the issues are now linked, so we'll have the benefit of this issue's context as we work on #435.

@cdupuis
Copy link
Author

cdupuis commented Nov 29, 2021

Sure, yeah.

@luhring luhring added the duplicate This issue or pull request already exists label Nov 29, 2021
@luhring luhring closed this as completed Nov 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cdupuis @luhring