zhill
commented
3 years ago @UlrichLohrmann we're looking at this in anchore/anchore-engine#850. Thus far we've seen it from images built with older versions of the 'buildah' tool that had a bug fixed recently where it doesn't set the media type correctly in the image manifest.
Can you confirm or deny if this image was built with buildah or not?
nightfurys
I loaded anchore engine v.0.9.0 and started the containers on my linux box. After adding an image to anchore-engine it took a while, then I get analyze_failed and in the log of the analyzer the following entries;
[service:worker] 2021-01-18 13:22:46+0000 [-] [Thread-8] [anchore_engine.services.analyzer.service/build_task()] [INFO] Starting image analysis thread [service:worker] 2021-01-18 13:22:46+0000 [-] [Thread-3368] [anchore_engine.services.analyzer.analysis/process_analyzer_job()] [INFO] image dequeued for analysis: admin : sha256:90c80d078545c228cf1465060917556c1ad3e4210c84216400674bd469d9fbea [service:worker] 2021-01-18 13:22:46+0000 [-] [Thread-3368] [anchore_engine.services.analyzer.analysis/perform_analyze()] [INFO] performing analysis on image: ['admin', 'lvnexust01.dsv-gruppe.de:10443/runnable/dsv/pph@sha256:90c80d078545c228cf1465060917556c1ad3e4210c84216400674bd469d9fbea', 'lvnexust01.dsv-gruppe.de:10443/runnable/dsv/pph:00110.12'] [service:worker] 2021-01-18 13:22:46+0000 [-] [Thread-3368] [anchore_engine.services.analyzer.analysis/perform_analyze()] [INFO] analyzing image: lvnexust01.dsv-gruppe.de:10443/runnable/dsv/pph@sha256:90c80d078545c228cf1465060917556c1ad3e4210c84216400674bd469d9fbea [service:worker] 2021-01-18 13:22:46+0000 [-] [Thread-3368] [anchore_engine.clients.localanchore_standalone/pull_image()] [INFO] Downloading image lvnexust01.dsv-gruppe.de:10443/runnable/dsv/pph@sha256:90c80d078545c228cf1465060917556c1ad3e4210c84216400674bd469d9fbea for analysis to /analysis_scratch/2078a8aa-311a-4f83-b409-36c703e1e87a/raw [service:worker] 2021-01-18 13:25:02+0000 [-] [Thread-3368] [anchore_engine.utils/run_check()] [ERROR] {"level":"debug","msg":"Application config:\n\u001b[35moutput: json\nscope: Squashed\nquiet: false\nlog:\n structured: true\n level: debug\n file: \"\"\ndev:\n profilecpu: false\n profilemem: false\ncheck-for-app-update: false\nanchore:\n upload-enabled: false\n host: \"\"\n path: \"\"\n username: \"\"\n password: \"\"\n dockerfile: \"\"\n overwrite-existing-image: false\n\u001b[0m","time":"2021-01-18 13:25:02"} [service:worker] 2021-01-18 13:25:02+0000 [-] [Thread-3368] [anchore_engine.utils/run_check()] [ERROR] {"from-lib":"stereoscope","level":"debug","msg":"image: source=OciDirectory location=/analysis_scratch/2078a8aa-311a-4f83-b409-36c703e1e87a/raw","time":"2021-01-18 13:25:02"} [service:worker] 2021-01-18 13:25:02+0000 [-] [Thread-3368] [anchore_engine.utils/run_check()] [ERROR] {"from-lib":"stereoscope","level":"debug","msg":"image metadata: digest=sha256:64f82bded3cc0514ca27b4a95683d1db8aa2dbbb38d71e50c8317bc0f1b600ac mediaType=application/vnd.oci.image.manifest.v1+json tags=[]","time":"2021-01-18 13:25:02"} [service:worker] 2021-01-18 13:25:02+0000 [-] [Thread-3368] [anchore_engine.utils/run_check()] [ERROR] {"level":"error","msg":"failed to catalog input: could not fetch image '/analysis_scratch/2078a8aa-311a-4f83-b409-36c703e1e87a/raw': could not read image: unexpected media type: application/vnd.oci.image.layer.v1.tar for layer: sha256:a646ecf2798733c58b5cf7d619530c06b8b2b40373440ae3b9072e6b25d77c83","time":"2021-01-18 13:25:02"} [service:worker] 2021-01-18 13:25:02+0000 [-] Traceback (most recent call last): [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/clients/localanchore_standalone.py", line 1100, in analyze_image [service:worker] 2021-01-18 13:25:02+0000 [-] analyzer_report = run_anchore_analyzers( [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/clients/localanchore_standalone.py", line 903, in run_anchore_analyzers [service:worker] 2021-01-18 13:25:02+0000 [-] analyzer_report = anchore_engine.analyzers.run( [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/analyzers/init.py", line 17, in run [service:worker] 2021-01-18 13:25:02+0000 [-] _run_syft(analyzer_report, copydir) [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/analyzers/init.py", line 92, in _run_syft [service:worker] 2021-01-18 13:25:02+0000 [-] results = syft.catalog_image(imagedir=copydir) [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/analyzers/syft/init.py", line 16, in catalog_image [service:worker] 2021-01-18 13:25:02+0000 [-] all_results = run_syft(imagedir) [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/clients/syft_wrapper.py", line 20, in runsyft [service:worker] 2021-01-18 13:25:02+0000 [-] stdout, = run_check(shlex.split(cmd), env=proc_env) [service:worker] 2021-01-18 13:25:02+0000 [-] File "/usr/local/lib/python3.8/site-packages/anchore_engine/utils.py", line 277, in run_check [service:worker] 2021-01-18 13:25:02+0000 [-] raise CommandException(cmd, code, stdout, stderr) [service:worker] 2021-01-18 13:25:02+0000 [-] anchore_engine.utils.CommandException: Non-zero exit status code when running
Mybe I misinterpret the logs, but the log output "unexpected media type: application/vnd.oci.image.layer.v1.tar" seems to be the problem. My image is of type "docker" and all layers of the image as well.
Is this some kind of misconfiguration or an error within the anchore-engine?
Best regards Ulrich