From 996f849c7a0f7b66f6abd0889276631dfc39d7b9 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Sun, 28 Sep 2025 08:47:49 -0400
Subject: [PATCH 1/3] Revert "cmd-diff: default --from to N-1 build"

Turns out this behavior wasn't really required and there
was some preference to leave it the other way [1].

This reverts commit 9ffb64fe618ad07e98fe2f0b912fd3f67390335e.

[1] https://github.com/coreos/coreos-assembler/pull/4253#discussion_r2383248120
---
 src/cmd-diff | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cmd-diff b/src/cmd-diff
index c259c7f184..adf4256dc6 100755
--- a/src/cmd-diff
+++ b/src/cmd-diff
@@ -147,7 +147,7 @@ def main():
         args.diff_from = builds.get_previous()
         args.diff_to = latest_build
     elif args.diff_from is None:
-        args.diff_from = builds.get_previous()
+        args.diff_from = latest_build
     elif args.diff_to is None:
         args.diff_to = latest_build
 

From aafbc3c94fc24ebf47e7488d2617f798e819a556 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Thu, 18 Sep 2025 16:53:55 -0400
Subject: [PATCH 2/3] cmd-build-with-buildah: remove semicolon

It's not needed.
---
 src/cmd-build-with-buildah | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cmd-build-with-buildah b/src/cmd-build-with-buildah
index b7fd649a6d..c95226b1c5 100755
--- a/src/cmd-build-with-buildah
+++ b/src/cmd-build-with-buildah
@@ -58,7 +58,7 @@ while true; do
             DIRECT=1
             ;;
         --autolock)
-            shift;
+            shift
             AUTOLOCK_VERSION=$1
             ;;
         --skip-prune)

From 6cba969aa0b1464fc57541e43b5c4b68022d5030 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Thu, 18 Sep 2025 16:55:00 -0400
Subject: [PATCH 3/3] cmd-build-with-buildah: update meta.json with
 pkg/advisory diffs

This used to be done in the cmd-build path and some things depend
on it, so let's add it back here. This also prints a diff so we'll
see it in the logs in the pipeline, which can be useful.
---
 src/cmd-build-with-buildah | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/cmd-build-with-buildah b/src/cmd-build-with-buildah
index c95226b1c5..7e7abbfc26 100755
--- a/src/cmd-build-with-buildah
+++ b/src/cmd-build-with-buildah
@@ -22,7 +22,8 @@ Usage: coreos-assembler build-with-buildah
                          non-strict build.
   --skip-prune           Skip pruning previous builds.
   --strict               Only allow installing locked packages when using lockfiles.
-  --parent-build=VERSION This option does nothing and is provided for backwards compatibility.
+  --parent-build=VERSION The version that represents the parent to this build. Used for RPM diffs
+                         that get added to the meta.json
   --force                Import a new build even if inputhash has not changed.
 EOF
 }
@@ -69,6 +70,7 @@ while true; do
             ;;
         --parent-build)
             shift
+            PARENT_BUILD=$1
             ;;
         --force)
             FORCE=1
@@ -232,6 +234,19 @@ build_with_buildah() {
         /usr/lib/coreos-assembler/cmd-import "${final_ref}" ${SKIP_PRUNE:+--skip-prune}
     fi
 
+    # For the logs, print the RPM diff
+    /usr/lib/coreos-assembler/cmd-diff \
+        --rpms ${PARENT_BUILD:+--from=$PARENT_BUILD}
+
+    # For meta.json let's record the RPM diff and advisory diff information
+    /usr/lib/coreos-assembler/cmd-diff \
+        --rpms-json ${PARENT_BUILD:+--from=$PARENT_BUILD} |
+        jq '{"pkgdiff": .pkgdiff, "advisories-diff": .advisories}' > "${tempdir}/diff.json"
+    /usr/lib/coreos-assembler/cmd-meta --build="${VERSION}" \
+        --skip-validation --artifact-json "${tempdir}/diff.json"
+    # Run a 'dump' now to perform schema validation since we skipped it above.
+    /usr/lib/coreos-assembler/cmd-meta --dump --build="${VERSION}" > /dev/null
+
     rm -rf "${tempdir}"
 }