From c045e6c64e291732021925fcce017a406fef9e55 Mon Sep 17 00:00:00 2001
From: Simon Baird <sbaird@redhat.com>
Date: Wed, 2 Oct 2024 14:08:05 -0400
Subject: [PATCH] Manually add some ubi rpm repo ids to allowed list

There might be a better source for these, but in the short term
let's add them manually.

I got the list of repo ids from the /etc/yum.repos.d/ubi.repo file
in the ubi-minimal images.

(See also the discussion in Jira.)

Ref: https://issues.redhat.com/browse/EC-904
---
 data/known_rpm_repositories.yml       | 20 ++++++++++++++++++++
 hack/update-known-rpm-repositories.sh | 20 ++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/data/known_rpm_repositories.yml b/data/known_rpm_repositories.yml
index 66abbd9..2d0486c 100644
--- a/data/known_rpm_repositories.yml
+++ b/data/known_rpm_repositories.yml
@@ -9694,4 +9694,24 @@ rule_data:
     - "suse-15.1-server-satellite-tools-6.7-debug-rpms"
     - "suse-15.1-server-satellite-tools-6.7-rpms"
     - "suse-15.1-server-satellite-tools-6.7-source-rpms"
+    - "ubi-8-appstream-debug-rpms"
+    - "ubi-8-appstream-rpms"
+    - "ubi-8-appstream-source"
+    - "ubi-8-baseos-debug-rpms"
+    - "ubi-8-baseos-rpms"
+    - "ubi-8-baseos-source"
+    - "ubi-8-codeready-builder"
+    - "ubi-8-codeready-builder-debug-rpms"
+    - "ubi-8-codeready-builder-rpms"
+    - "ubi-8-codeready-builder-source"
+    - "ubi-9-appstream-debug-rpms"
+    - "ubi-9-appstream-rpms"
+    - "ubi-9-appstream-source"
+    - "ubi-9-baseos-debug-rpms"
+    - "ubi-9-baseos-rpms"
+    - "ubi-9-baseos-source"
+    - "ubi-9-codeready-builder"
+    - "ubi-9-codeready-builder-debug-rpms"
+    - "ubi-9-codeready-builder-rpms"
+    - "ubi-9-codeready-builder-source"
     - "web-terminal-textonly-1-for-middleware-rpms"
diff --git a/hack/update-known-rpm-repositories.sh b/hack/update-known-rpm-repositories.sh
index 7a5d0c0..22acf15 100755
--- a/hack/update-known-rpm-repositories.sh
+++ b/hack/update-known-rpm-repositories.sh
@@ -16,6 +16,26 @@ BASE_URL='https://access.redhat.com/security/data/meta/v1/repository-to-cpe.json
 #   ]'
 # Having a comma on the last item is not necessarily valid JSON, but yq handles it well.
 export EXTRAS='[
+    "ubi-8-baseos-rpms",
+    "ubi-8-baseos-debug-rpms",
+    "ubi-8-baseos-source",
+    "ubi-8-appstream-rpms",
+    "ubi-8-appstream-debug-rpms",
+    "ubi-8-appstream-source",
+    "ubi-8-codeready-builder-rpms",
+    "ubi-8-codeready-builder",
+    "ubi-8-codeready-builder-debug-rpms",
+    "ubi-8-codeready-builder-source",
+    "ubi-9-baseos-rpms",
+    "ubi-9-baseos-debug-rpms",
+    "ubi-9-baseos-source",
+    "ubi-9-appstream-rpms",
+    "ubi-9-appstream-debug-rpms",
+    "ubi-9-appstream-source",
+    "ubi-9-codeready-builder-rpms",
+    "ubi-9-codeready-builder",
+    "ubi-9-codeready-builder-debug-rpms",
+    "ubi-9-codeready-builder-source",
 ]'
 
 export COMMENT='