Empty vendor for RPM packages in Amazon Linux

[knqyf263]

Description

The vendor may be empty even in official packages. Since the vendor is used to determine if it is a third package or not, other methods need to be considered. One heuristic that comes to mind easily at present is whether or not the release contains "amzn".

Discussed in #5869

[DmitriyLewen]

@knqyf263 I created #5951
Also I checked some version of curl-minimal and only one version doesn't have Vendor fields:

bash-5.2# yum list curl-minimal --showduplicates
...
curl-minimal.aarch64              8.3.0-1.amzn2023.0.1               amazonlinux
curl-minimal.aarch64              8.3.0-1.amzn2023.0.2               amazonlinux
curl-minimal.aarch64              8.5.0-1.amzn2023.0.1               amazonlinux

bash-5.2# rpm -qi curl-minimal
Name        : curl-minimal
Version     : 8.3.0
Release     : 1.amzn2023.0.1
Architecture: aarch64
Install Date: Tue Jan 16 06:04:09 2024
Group       : Unspecified
Size        : 395875
License     : curl
Signature   : RSA/SHA512, Thu Sep 21 20:36:29 2023, Key ID e951904ad832c631
Source RPM  : curl-8.3.0-1.amzn2023.0.1.src.rpm
Build Date  : Thu Sep 21 19:34:30 2023
Build Host  : ip-10-0-37-69.us-west-2.compute.internal
Packager    : Amazon Linux
Vendor      : Amazon Linux
URL         : https://curl.se/
Summary     : Conservatively configured build of curl for minimal installations

bash-5.2# rpm -qi curl-minimal
Name        : curl-minimal
Version     : 8.3.0
Release     : 1.amzn2023.0.2
Architecture: aarch64
Install Date: Tue Jan 16 07:13:43 2024
Group       : Unspecified
Size        : 395875
License     : curl
Signature   : RSA/SHA512, Tue Oct 10 16:33:12 2023, Key ID e951904ad832c631
Source RPM  : curl-8.3.0-1.amzn2023.0.2.src.rpm
Build Date  : Fri Oct  6 19:21:45 2023
Build Host  : ip-10-0-35-91.us-west-2.compute.internal
URL         : https://curl.se/
Summary     : Conservatively configured build of curl for minimal installations

bash-5.2# rpm -qi curl-minimal
Name        : curl-minimal
Version     : 8.5.0
Release     : 1.amzn2023.0.1
Architecture: aarch64
Install Date: Tue Jan 16 07:14:08 2024
Group       : Unspecified
Size        : 396832
License     : curl
Signature   : RSA/SHA512, Thu Dec 14 17:37:56 2023, Key ID e951904ad832c631
Source RPM  : curl-8.5.0-1.amzn2023.0.1.src.rpm
Build Date  : Thu Dec 14 00:40:29 2023
Build Host  : ip-10-0-37-122.us-west-2.compute.internal
Packager    : Amazon Linux
Vendor      : Amazon Linux
URL         : https://curl.se/
Summary     : Conservatively configured build of curl for minimal installations

It seems bug is only for one version.
@tonaim have you seen other packages with this problem?

[tonaim]

yes, exactly it is happening only with one package. I did not find any other such package .

[DmitriyLewen]

So I think merge #5951 can wait.
If we find similar packages, we will merge this PR.

[knqyf263]

I've already added it to the merge queue😄 Yes, I also think this is Amazon's bug, but our approach with the vendor field is also heuristic. It is good to have various ways to identify official packages.

[tonaim]

Thank you @knqyf263 and @DmitriyLewen