search

jfrog / jfrog-cli

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products.
https://www.jfrog.com/confluence/display/CLI/JFrog+CLI
Apache License 2.0
521 stars 223 forks source link

Scan on demand is not working with a DinD setup #1453

Open omerbfrog opened 2 years ago

omerbfrog commented 2 years ago

Describe the bug

When trying out the new jfrog CLI docker image on demand Xray scanning, the indexer-app component doesn't seem to work on the default Docker build container (docker:stable). The setup is Docker In Docker (DinD)

To Reproduce

On a machine with a docker daemon running (can do it on Mac with Docker Desktop), run :

  1. docker run --network=host -it -v /var/run/docker.sock:/var/run/docker.sock docker:stable /bin/sh
  2. Inside the DIND client session, do apk add curl
  3. curl -fL https://install-cli.jfrog.io/ | sh to install the latest jfrog cli in container
  4. jf c add -> And configure to your Artifactory instance
  5. Do docker pull nginx:latest to get a container to scan
  6. Run jf docker scan nginx:latest Observe error: / # docker pull nginx:latest latest: Pulling from library/nginx Digest: sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest / # jf docker scan nginx:latest 09:37:21 [Info] Log path: /root/.jfrog/logs/jfrog-cli.2022-02-27.09-37-21.70.log 09:37:30 [Error] Scan command failed. fork/exec /root/.jfrog/dependencies/xray-indexer/temp/indexer-app: no such file or directory

Expected behavior

A successful scan on demand for the docker-image. In case the current behavior is expected, please update.

Screenshots

image

Versions

Additional context it's probably because "indexer-app" binary is expecting the glibc library. There's a possible workaround written by Ariel Kabov: https://github.com/arielkv/dind-glibc/blob/master/Dockerfile

tkriviradev commented 2 years ago

Same issue here latest cli running in alpine container.

Or even running in docker run releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf

docker run -it -v /var/run/docker.sock:/var/run/docker.sock releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf

jf rt ping
OK

jf --version
jf version 2.14.0
JFrog Xray Indexer 3.44.1 is not cached locally. Downloading it now...
16:50:46 [🚨Error] failed while attempting to download Xray indexer: fork/exec /root/.jfrog/dependencies/xray-indexer/temp/indexer-app: no such file or directory
/ # ^C
eyalbe4 commented 2 years ago

Thanks for reporting these issues @omerbfrog and @tkriviradev!

@omerbfrog - The issue you reported will be resolved by a fix on Xray's side. We're currently working on the fix and it'll be released soon. confirm @tkriviradev - Let us verify that the issue you reported has the same root cause. We'll reply here soon.

eyalbe4 commented 2 years ago

@tkriviradev - We believe that the issue you reported has the root cause as the other issue reported here, and will be resolved by an Xray release which will be released soon.

jonesbusy commented 2 years ago

Hi,

Same issue here. We are using Jenkins and Kubernetes plugin to start containers including the jfrog cli to perform on-demand scan.

jf config add <config>--url <url> --user=******** --password=**** --overwrite
jf scan target/<my package>.zip
JFrog Xray Indexer 3.43.1 is not cached locally. Downloading it now...
[Error] failed while attempting to download Xray indexer: fork/exec /home/jenkins/.jfrog/dependencies/xray-indexer/temp/indexer-app: no such file or directory

Works fine outside the container

Thanks.

eyalbe4 commented 2 years ago

@jonesbusy, @tkriviradev and @omerbfrog - thank you all for reporting this issue! The issue was fixed on version 3.45.0 of JFrog Xray. We'd appreciate your feedback for the fix.