Record the apko.json file used to produce this image. (#1353)

The file is recorded in `/etc/apko.json`. Signed-off-by: Matt Moore <[email protected]>
chainguard-dev · Nov 8, 2024 · 2a93470 · 2a93470
1 parent c6cb7a3
commit 2a93470
Show file tree

Hide file tree

Showing 16 changed files with 77 additions and 54 deletions.
diff --git a/internal/cli/publish_test.go b/internal/cli/publish_test.go
@@ -91,7 +91,7 @@ func TestPublish(t *testing.T) {
 
 	// This test will fail if we ever make a change in apko that changes the image.
 	// Sometimes, this is intentional, and we need to change this and bump the version.
-	want := "sha256:f09e60c2dabb44047225149ccc4a6cdffac23aabf50352931ddd618705e82f2d"
+	want := "sha256:f341d69eddfffdd181935fe3cffe185fdf20778835b797089a818e0b1b540f93"
 	require.Equal(t, want, digest.String())
 
 	sdst := fmt.Sprintf("%s:%s.sbom", dst, strings.ReplaceAll(want, ":", "-"))
@@ -109,7 +109,7 @@ func TestPublish(t *testing.T) {
 
 	// This test will fail if we ever make a change in apko that changes the SBOM.
 	// Sometimes, this is intentional, and we need to change this and bump the version.
-	swant := "sha256:194bbad4bd7a37e206126b24d63fd0146434b1abbad9afa567fab364c0d5e608"
+	swant := "sha256:9d55cc224dadc94faf9f2fb974a55e10d523625df652954030f5f7f3210b427a"
 	require.Equal(t, swant, got)
 
 	im, err := idx.IndexManifest()
@@ -118,8 +118,8 @@ func TestPublish(t *testing.T) {
 	// We also want to check the children SBOMs because the index SBOM does not have
 	// references to the children SBOMs, just the children!
 	wantBoms := []string{
-		"sha256:3bb2af9d9909bc82e537ac17c5283c8e60589b77ada27ec0ad94964709c7d076",
-		"sha256:d3106b5778c36eed5a87d41b7d62234f598917846c3c8d3478a69d5c1f7d4199",
+		"sha256:c2edd8bec2034de667ac19701eed3032512190cf0d46300acef5afccee01dbd1",
+		"sha256:94213634580d1d5feb97cdcc030f804d28ed6f8e77cde225b0aae53d5b927a33",
 	}
 
 	for i, m := range im.Manifests {

diff --git a/...data/golden/blobs/sha256/16e741f38ee9768330001d0b12b34006d5bdf90bc2dd72716bca4446e66b6ac6 b/...data/golden/blobs/sha256/16e741f38ee9768330001d0b12b34006d5bdf90bc2dd72716bca4446e66b6ac6
diff --git a/...data/golden/blobs/sha256/18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1 b/...data/golden/blobs/sha256/18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1
@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":593,"digest":"sha256:c4fba92e353f8a3be76c9feaa4763c3f9177697364fe54943eda3f51ec641d55"},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","size":3249,"digest":"sha256:e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0"}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
diff --git a/...data/golden/blobs/sha256/26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328 b/...data/golden/blobs/sha256/26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328
diff --git a/...99f24337b25e483d9332e6d6e2485a71562bd2900 → ...f87d3637a202783f535d70d0152c53d80f57c90a2 b/...99f24337b25e483d9332e6d6e2485a71562bd2900 → ...f87d3637a202783f535d70d0152c53d80f57c90a2
@@ -1 +1 @@
-{"architecture":"amd64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This is an apko single-layer image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:ae315dbf6cdeac9bef1b14aed88fd75bbfbf5ed9671994241528c2da3fa6d785"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
+{"architecture":"amd64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This is an apko single-layer image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:63d864eaf7996ff3b8364aec6f9885d4325baf1671204f24337d10295c069e5c"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
diff --git a/...data/golden/blobs/sha256/5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57 b/...data/golden/blobs/sha256/5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57
@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":593,"digest":"sha256:41b285b4a6870e47e59ef34f87d3637a202783f535d70d0152c53d80f57c90a2"},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","size":3239,"digest":"sha256:26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328"}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
diff --git a/...data/golden/blobs/sha256/6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d b/...data/golden/blobs/sha256/6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d
diff --git a/...data/golden/blobs/sha256/a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675 b/...data/golden/blobs/sha256/a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675
diff --git a/...797d1aa95a424968f8136392f6a5476cc89577fbb → ...aa4763c3f9177697364fe54943eda3f51ec641d55 b/...797d1aa95a424968f8136392f6a5476cc89577fbb → ...aa4763c3f9177697364fe54943eda3f51ec641d55
@@ -1 +1 @@
-{"architecture":"arm64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This is an apko single-layer image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:efe1fac5d8d6bcadf61026012fa98c321eb53299f22f02b1fe5ed4c22f2995cf"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
+{"architecture":"arm64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This is an apko single-layer image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:70043edb168572d0c65b9545471f090ecbf2eefccc466e2ba3fd01df5cbe00d3"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
diff --git a/...data/golden/blobs/sha256/e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0 b/...data/golden/blobs/sha256/e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0
diff --git a/...data/golden/blobs/sha256/f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972 b/...data/golden/blobs/sha256/f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972
diff --git a/internal/cli/testdata/golden/index.json b/internal/cli/testdata/golden/index.json
@@ -1 +1 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675","platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972","platform":{"architecture":"arm64","os":"linux"}}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57","platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1","platform":{"architecture":"arm64","os":"linux"}}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
diff --git a/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json b/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
@@ -1,6 +1,6 @@
 {
   "SPDXID": "SPDXRef-DOCUMENT",
-  "name": "sbom-sha256:6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d",
+  "name": "sbom-sha256:e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0",
   "spdxVersion": "SPDX-2.3",
   "creationInfo": {
     "created": "1970-01-01T00:00:00Z",
@@ -13,13 +13,13 @@
   "dataLicense": "CC0-1.0",
   "documentNamespace": "https://spdx.org/spdxdocs/apko/",
   "documentDescribes": [
-    "SPDXRef-Package-sha256-f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972"
+    "SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
   ],
   "packages": [
     {
-      "SPDXID": "SPDXRef-Package-sha256-f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
-      "name": "sha256:f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
-      "versionInfo": "sha256:f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
+      "SPDXID": "SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+      "name": "sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+      "versionInfo": "sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
       "filesAnalyzed": false,
       "description": "apko container image",
       "downloadLocation": "NOASSERTION",
@@ -28,20 +28,20 @@
       "checksums": [
         {
           "algorithm": "SHA256",
-          "checksumValue": "f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972"
+          "checksumValue": "18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
         }
       ],
       "externalRefs": [
         {
           "referenceCategory": "PACKAGE-MANAGER",
-          "referenceLocator": "pkg:oci/golden@sha256%3Af5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+          "referenceLocator": "pkg:oci/golden@sha256%3A18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
           "referenceType": "purl"
         }
       ]
     },
     {
-      "SPDXID": "SPDXRef-Package-sha256-6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d",
-      "name": "sha256:6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d",
+      "SPDXID": "SPDXRef-Package-sha256-e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0",
+      "name": "sha256:e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0",
       "versionInfo": "1.0.0",
       "filesAnalyzed": false,
       "description": "apko operating system layer",
@@ -50,7 +50,7 @@
       "externalRefs": [
         {
           "referenceCategory": "PACKAGE-MANAGER",
-          "referenceLocator": "pkg:oci/golden@sha256%3A6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip\u0026os=linux",
+          "referenceLocator": "pkg:oci/golden@sha256%3Ae29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip\u0026os=linux",
           "referenceType": "purl"
         }
       ]
@@ -96,9 +96,9 @@
   ],
   "relationships": [
     {
-      "spdxElementId": "SPDXRef-Package-sha256-f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
+      "spdxElementId": "SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
       "relationshipType": "CONTAINS",
-      "relatedSpdxElement": "SPDXRef-Package-sha256-6e6ffbcf153baa74794a66c87760f8d393ad82b51770b2c3b6ae5211ee5d7b6d"
+      "relatedSpdxElement": "SPDXRef-Package-sha256-e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0"
     }
   ]
 }
diff --git a/internal/cli/testdata/golden/sboms/sbom-index.spdx.json b/internal/cli/testdata/golden/sboms/sbom-index.spdx.json
@@ -1,6 +1,6 @@
 {
   "SPDXID": "SPDXRef-DOCUMENT",
-  "name": "sbom-sha256:d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227",
+  "name": "sbom-sha256:3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
   "spdxVersion": "SPDX-2.3",
   "creationInfo": {
     "created": "1970-01-01T00:00:00Z",
@@ -13,13 +13,13 @@
   "dataLicense": "CC0-1.0",
   "documentNamespace": "https://spdx.org/spdxdocs/apko/",
   "documentDescribes": [
-    "SPDXRef-Package-sha256-d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227"
+    "SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48"
   ],
   "packages": [
     {
-      "SPDXID": "SPDXRef-Package-sha256-d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227",
-      "name": "sha256:d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227",
-      "versionInfo": "sha256:d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227",
+      "SPDXID": "SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
+      "name": "sha256:3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
+      "versionInfo": "sha256:3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
       "filesAnalyzed": false,
       "description": "Multi-arch image index",
       "downloadLocation": "NOASSERTION",
@@ -29,72 +29,72 @@
       "checksums": [
         {
           "algorithm": "SHA256",
-          "checksumValue": "d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227"
+          "checksumValue": "3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48"
         }
       ],
       "externalRefs": [
         {
           "referenceCategory": "PACKAGE-MANAGER",
-          "referenceLocator": "pkg:oci/golden@sha256%3Ad558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227?mediaType=application%2Fvnd.oci.image.index.v1%2Bjson",
+          "referenceLocator": "pkg:oci/golden@sha256%3A3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48?mediaType=application%2Fvnd.oci.image.index.v1%2Bjson",
           "referenceType": "purl"
         }
       ]
     },
     {
-      "SPDXID": "SPDXRef-Package-sha256-a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675",
-      "name": "sha256:a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675",
-      "versionInfo": "sha256:a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675",
+      "SPDXID": "SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
+      "name": "sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
+      "versionInfo": "sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
       "filesAnalyzed": false,
       "downloadLocation": "NOASSERTION",
       "supplier": "Organization: Chainguard, Inc.",
       "primaryPackagePurpose": "CONTAINER",
       "checksums": [
         {
           "algorithm": "SHA256",
-          "checksumValue": "a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675"
+          "checksumValue": "5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57"
         }
       ],
       "externalRefs": [
         {
           "referenceCategory": "PACKAGE-MANAGER",
-          "referenceLocator": "pkg:oci/golden@sha256%3Aa87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+          "referenceLocator": "pkg:oci/golden@sha256%3A5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
           "referenceType": "purl"
         }
       ]
     },
     {
-      "SPDXID": "SPDXRef-Package-sha256-f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
-      "name": "sha256:f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
-      "versionInfo": "sha256:f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972",
+      "SPDXID": "SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+      "name": "sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+      "versionInfo": "sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
       "filesAnalyzed": false,
       "downloadLocation": "NOASSERTION",
       "supplier": "Organization: Chainguard, Inc.",
       "primaryPackagePurpose": "CONTAINER",
       "checksums": [
         {
           "algorithm": "SHA256",
-          "checksumValue": "f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972"
+          "checksumValue": "18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
         }
       ],
       "externalRefs": [
         {
           "referenceCategory": "PACKAGE-MANAGER",
-          "referenceLocator": "pkg:oci/golden@sha256%3Af5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+          "referenceLocator": "pkg:oci/golden@sha256%3A18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
           "referenceType": "purl"
         }
       ]
     }
   ],
   "relationships": [
     {
-      "spdxElementId": "SPDXRef-Package-sha256-d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227",
+      "spdxElementId": "SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
       "relationshipType": "VARIANT_OF",
-      "relatedSpdxElement": "SPDXRef-Package-sha256-a87baa16c787394589606e2519134a8e23d9323f475cc3e1a6f63731e8579675"
+      "relatedSpdxElement": "SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57"
     },
     {
-      "spdxElementId": "SPDXRef-Package-sha256-d558b9114f2eaf11b1a3d9720cdcff3b12f087e741377d04f93bd5dc53f36227",
+      "spdxElementId": "SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
       "relationshipType": "VARIANT_OF",
-      "relatedSpdxElement": "SPDXRef-Package-sha256-f5e87ab7f4eba7d7a649cd3fcb969b4fcb9c72784c9cbe7ed3f0f60e84933972"
+      "relatedSpdxElement": "SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
     }
   ]
 }