Add support for Chainguard VM

agent/plugins/configurepackage/envdetect/constants/constants.go

@@ -67,6 +67,12 @@ const PlatformBottlerocket = "bottlerocket"
 // PlatformAlpine uses Ohai identifier for alpine platform
 const PlatformAlpine = "alpine"
 
+// PlatformChainguard uses Ohai identifier for chainguard platform
+const PlatformChainguard = "chainguard"
+
+// PlatformWolfi uses Ohai identifier for wolfi platform
+const PlatformWolfi = "wolfi"
+
 // PlatformSuse uses Ohai identifier for suse platform
 const PlatformSuse = "suse"
 

agent/plugins/configurepackage/envdetect/osdetect/osdetect_unix.go

@@ -187,6 +187,10 @@ func parseOSreleaseFile(lines []string) (string, string, error) {
 		if strings.Contains(strings.ToLower(name), "leap") {
 			platform = c.PlatformOpensuseLeap
 		}
+	case "chainguard":
+		platform = c.PlatformChainguard
+	case "wolfi":
+		platform = c.PlatformWolfi
 	}
 
 	return platform, platformVersion, nil
@@ -407,7 +411,7 @@ func platformFamilyForPlatform(platform string) (string, error) {
 		return c.PlatformFamilyRhel, nil
 	case c.PlatformFedora:
 		return c.PlatformFamilyFedora, nil
-	case c.PlatformAlpine:
+	case c.PlatformAlpine, c.PlatformChainguard, c.PlatformWolfi:
 		return c.PlatformFamilyAlpine, nil
 	case c.PlatformSuse, c.PlatformOpensuse, c.PlatformOpensuseLeap:
 		return c.PlatformFamilySuse, nil

agent/plugins/configurepackage/envdetect/osdetect/osdetect_unix_test.go

@@ -169,6 +169,14 @@ func TestParseOSreleaseFile(t *testing.T) {
 			[]string{`NAME="Alpine Linux"`, `ID=alpine`, `VERSION_ID=3.5.0`, `PRETTY_NAME="Alpine Linux v3.5"`, `HOME_URL="http://alpinelinux.org"`, `BUG_REPORT_URL="http://bugs.alpinelinux.org"`},
 			"alpine", "3.5.0", false,
 		},
+		{
+			[]string{`NAME="Chainguard"`, `ID=chainguard`, `VERSION_ID=20230214`, `PRETTY_NAME="Chainguard"`, `HOME_URL="https://chainguard.dev"`},
+			"chainguard", "20230214", false,
+		},
+		{
+			[]string{`NAME="Wolfi"`, `ID=wolfi`, `VERSION_ID=20230201`, `PRETTY_NAME="Wolfi"`, `HOME_URL="https://wolfi.dev"`, `BUG_REPORT_URL="https://github.com/wolfi-dev/os/issues"`},
+			"wolfi", "20230201", false,
+		},
 		{
 			[]string{`NAME="CentOS Linux"`, `VERSION="7 (Core)"`, `ID="centos"`, `ID_LIKE="rhel fedora"`, `VERSION_ID="7"`, `PRETTY_NAME="CentOS Linux 7 (Core)"`, `ANSI_COLOR="0;31"`, `CPE_NAME="cpe:/o:centos:centos:7"`, `HOME_URL="https://www.centos.org/"`, `BUG_REPORT_URL="https://bugs.centos.org/"`, `CENTOS_MANTISBT_PROJECT="CentOS-7"`, `CENTOS_MANTISBT_PROJECT_VERSION="7"`, `REDHAT_SUPPORT_PRODUCT="centos"`, `REDHAT_SUPPORT_PRODUCT_VERSION="7"`},
 			"centos", "7", false,

agent/plugins/inventory/gatherers/application/dataProvider_unix.go

@@ -23,10 +23,12 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"sort"
 	"strconv"
 	"strings"
 	"time"
 
+	"chainguard.dev/apko/pkg/apk/apk"
 	"github.com/aws/amazon-ssm-agent/agent/context"
 	"github.com/aws/amazon-ssm-agent/agent/log"
 	"github.com/aws/amazon-ssm-agent/agent/platform"
@@ -66,6 +68,9 @@ var (
 
 	// platforms that can pass application inventory files, as the agent cannot gather the data from the local package manager
 	inventoryApplicationFileSupportedPlatforms = []string{"Bottlerocket"}
+
+	// platforms that have an apk-tools v2 installed db
+	apkToolsInstalledDB = "/lib/apk/db/installed"
 )
 
 func randomString(length int) string {
@@ -174,6 +179,19 @@ func collectPlatformDependentApplicationData(context context.T) (appData []model
 		}
 	}
 
+	if fileExists(apkToolsInstalledDB) {
+		noPackageManagerFound = false
+		var apkToolsAppData []model.ApplicationData
+		if apkToolsAppData, err = getApkToolsApplicationData(platformName); err != nil {
+			log.Errorf("Failed to gather inventory data for %v: %v", GathererName, err)
+		} else {
+			log.Infof("Appending application information found using ApkTools v2 Installed DB to application data.")
+			log.Infof("Found %v apk packages", len(apkToolsAppData))
+			appData = append(appData, apkToolsAppData...)
+
+		}
+	}
+
 	log.Infof("Found %v packages in total", len(appData))
 
 	if noPackageManagerFound {
@@ -237,6 +255,39 @@ func getInventoryApplicationFileData(inventoryApplicationFileBytes []byte) (data
 	return
 }
 
+// getApkToolsApplicationData creates ApplicationData from apk-tools
+// v2 installed DB
+func getApkToolsApplicationData(platformName string) (data []model.ApplicationData, err error) {
+	a, err := apk.New()
+	if err != nil {
+		return nil, err
+	}
+	pkgs, err := a.GetInstalled()
+	if err != nil {
+		return nil, err
+	}
+	for _, pkg := range pkgs {
+		var item model.ApplicationData
+		item.Name = pkg.Name
+		item.Version = pkg.Version
+		// Not quite right, TODO upgrade to maintainer
+		item.Publisher = platformName
+		// Not quite right, but might be helpful
+		item.InstalledTime = pkg.BuildTime.Format(time.RFC3339)
+		item.Architecture = pkg.Arch
+		item.URL = pkg.URL
+		item.Summary = pkg.Description
+		// PURLs are lowercased IDs
+		item.PackageId = fmt.Sprintf("pkg:apk/%s/%s@%s?arch=%s&source=%s", strings.ToLower(platformName), pkg.Name, pkg.Version, pkg.Arch, pkg.Origin)
+		data = append(data, item)
+	}
+	// Sort, as otherwise this is in a filesystem tree order
+	sort.Slice(data[:], func(i, j int) bool {
+		return data[i].Name < data[j].Name
+	})
+	return data, nil
+}
+
 // getApplicationData runs a shell command and gets information about all packages/applications
 func getApplicationData(context context.T, command string, args []string) (data []model.ApplicationData, err error) {
 

go.mod

@@ -1,23 +1,26 @@
 module github.com/aws/amazon-ssm-agent
 
-go 1.22
+go 1.23.4
+
+toolchain go1.24.0
 
 replace github.com/aws/aws-sdk-go => ./extra/aws-sdk-go
 
 replace github.com/nightlyone/lockfile => ./extra/lockfile
 
 require (
+	chainguard.dev/apko v0.25.7
 	github.com/Jeffail/gabs v1.0.0
 	github.com/Workiva/go-datastructures v1.0.53
 	github.com/aws/aws-sdk-go v1.55.5
 	github.com/carlescere/scheduler v0.0.0-20150615230211-9b78eac89dfb
-	github.com/cenkalti/backoff/v4 v4.0.2
+	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575
 	github.com/coreos/go-semver v0.2.0
 	github.com/creack/pty v1.1.11
 	github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e
 	github.com/fsnotify/fsnotify v1.5.1
-	github.com/go-git/go-git/v5 v5.13.1
+	github.com/go-git/go-git/v5 v5.14.0
 	github.com/google/go-github/v61 v61.0.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75
@@ -31,41 +34,82 @@ require (
 	github.com/xtaci/smux v1.5.15
 	github.com/yusufpapurcu/wmi v1.2.4
 	go.nanomsg.org/mangos/v3 v3.3.0
-	golang.org/x/crypto v0.32.0
-	golang.org/x/net v0.34.0
-	golang.org/x/oauth2 v0.24.0
-	golang.org/x/sync v0.10.0
-	golang.org/x/sys v0.29.0
-	gopkg.in/ini.v1 v1.62.0
+	golang.org/x/crypto v0.36.0
+	golang.org/x/net v0.37.0
+	golang.org/x/oauth2 v0.28.0
+	golang.org/x/sync v0.13.0
+	golang.org/x/sys v0.32.0
+	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
+	chainguard.dev/go-grpc-kit v0.17.7 // indirect
+	chainguard.dev/sdk v0.1.31 // indirect
+	cloud.google.com/go/auth v0.15.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.4 // indirect
-	github.com/cloudflare/circl v1.5.0 // indirect
-	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/ProtonMail/go-crypto v1.1.5 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/chainguard-dev/clog v1.7.0 // indirect
+	github.com/cloudflare/circl v1.6.0 // indirect
+	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.1 // indirect
+	github.com/go-git/go-billy/v5 v5.6.2 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kelseyhightower/envconfig v1.4.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/mmcloughlin/avo v0.6.0 // indirect
-	github.com/pjbgf/sha1cd v0.3.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pjbgf/sha1cd v0.3.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
-	github.com/smartystreets/goconvey v1.8.1 // indirect
+	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/tools v0.29.0 // indirect
+	go.lsp.dev/uri v0.3.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.step.sm/crypto v0.60.0 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/api v0.228.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
+	google.golang.org/grpc v1.71.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )