Closed Joerki closed 4 days ago
It is also crashing on windows
[0000] INFO syft version: 1.7.0
[0000] DEBUG config:
log:
quiet: false
level: debug
file: ""
dev:
profile: none
config: .syft.yaml
output:
- syft-json=mongo.json
format:
pretty: null
template:
path: ""
legacy: false
json:
legacy: false
pretty: true
spdx-json:
pretty: false
cyclonedx-json:
pretty: false
cyclonedx-xml:
pretty: false
check-for-app-update: false
default-catalogers: []
select-catalogers: []
package:
search-unindexed-archives: false
search-indexed-archives: true
exclude-binary-overlap-by-ownership: true
file:
metadata:
selection: owned-by-package
digests:
- sha1
- sha256
content:
skip-files-above-size: 256000
globs: []
executable:
globs: []
scope: all-layers
parallelism: 1
relationships:
package-file-ownership: true
package-file-ownership-overlap: true
golang:
search-local-mod-cache-licenses: true
local-mod-cache-dir: C:\Users\w010701\go\pkg\mod
search-remote-licenses: true
proxy: https://proxy.golang.org,direct
no-proxy: ""
main-module-version:
from-ld-flags: true
from-contents: true
from-build-settings: true
java:
use-network: false
maven-url: ""
max-parent-recursive-depth: 0
javascript:
search-remote-licenses: false
npm-base-url: ""
linux-kernel:
catalog-modules: true
python:
guess-unpinned-requirements: false
registry:
insecure-skip-tls-verify: false
insecure-use-http: false
auth: []
ca-cert: ""
from: []
platform: ""
source:
name: ""
version: ""
base-path: ""
file:
digests:
- SHA-256
image:
default-pull-source: ""
exclude: []
cache:
dir: C:\Users\abcdef\AppData\Local\cache\syft
ttl: 7d
Crashing on Debian WSL with this configuration:
joerg@DE12914:~$ syft scan amlac02.azurecr.io/rel/mongo:1.1.1 -o syft-json=mongo.json -vv
[0000] INFO syft version: 1.7.0
[0000] DEBUG config:
log:
quiet: false
level: debug
file: ""
dev:
profile: none
config: .syft.yaml
output:
- syft-json=mongo.json
format:
pretty: null
template:
path: ""
legacy: false
json:
legacy: false
pretty: true
spdx-json:
pretty: false
cyclonedx-json:
pretty: false
cyclonedx-xml:
pretty: false
check-for-app-update: false
default-catalogers: []
select-catalogers: []
package:
search-unindexed-archives: false
search-indexed-archives: true
exclude-binary-overlap-by-ownership: true
file:
metadata:
selection: owned-by-package
digests:
- sha1
- sha256
content:
skip-files-above-size: 256000
globs: []
executable:
globs: []
scope: all-layers
parallelism: 1
relationships:
package-file-ownership: true
package-file-ownership-overlap: true
golang:
search-local-mod-cache-licenses: true
local-mod-cache-dir: /home/joerg/go/pkg/mod
search-remote-licenses: true
proxy: https://proxy.golang.org,direct
no-proxy: ""
main-module-version:
from-ld-flags: true
from-contents: true
from-build-settings: true
java:
use-network: false
maven-url: ""
max-parent-recursive-depth: 0
javascript:
search-remote-licenses: false
npm-base-url: ""
linux-kernel:
catalog-modules: true
python:
guess-unpinned-requirements: false
registry:
insecure-skip-tls-verify: false
insecure-use-http: false
auth: []
ca-cert: ""
from: []
platform: ""
source:
name: ""
version: ""
base-path: ""
file:
digests:
- SHA-256
image:
default-pull-source: ""
exclude: []
cache:
dir: /home/joerg/.cache/syft
ttl: 7d
Hi @kzantow,
thanks for your changes. I'll try to build and check.
I also worked on pure Linux machine (before I saw your commit) to check and doing change of settings, and found out:
When I have search-local-mod-cache-licenses setting to true, I get a crash.
golang: search-local-mod-cache-licenses: true
In case it's false, program works as usual.
Hi @Joerki -- I think I've addressed the issues you've raised here, where invalid directories would result in panics rather than being handled properly. Apologies for that, this seems like a case that probably should have been accounted for from the get-go. Please let us know if the latest release continues to give you issues!
What happened: Hi @kzantow,
the new cache implementation is partially not working. Without changing my previous configuration (#2798). If, in a Docker container syft tries to create the cache subdirectory at an unusual place (root dir, $HOME is missing), this operation failes and syft crashes later on.
When I add -e HOME=/tmp to the docker command line it does not crash.
[0000] WARN unable to get filesystem cache at /.cache/syft: unable to create directory at '/.cache/syft//.cache/syft': mkdir /.cache: permission denied
What you expected to happen: Syft should check writing permissions of the directory where cache shall be created and reports the problem with explicit directory when this operation fails.
Steps to reproduce the issue: Set HOME to a directory without write permissions. Scan an Docker image with Go binaries (like mongo) Enable settings to fetch packages to identify licenses (see settings below).
I created a Docker image with syft binary to use it in differend environments. In the case that HOME is "/", syft crashes. If I change HOME to "/" in my usual, local environment (WSL), syft is reporting the warning, but does not crash.
Anything else we need to know?:
Environment:
Output of
syft version
: It is newest Syft version 1.7.0OS (e.g:
cat /etc/os-release
or similar): Linux, on Debian WSL also in self-created Docker container based on Debian image.