search

optiopay / klar

Integration of Clair and Docker Registry
MIT License
506 stars 138 forks source link

Can't pull fsLayers "authentication required" #172

Open Joe-Heffer-Shef opened 4 years ago

Joe-Heffer-Shef commented 4 years ago

Hi,

I'm using Klar v2.4.0 Linux 64-bit binary with Clair v2.1.4 (I'm running Clair using docker-compose using the image quay.io/coreos/clair:v2.1.4) running on Ubuntu 20.04.

I'm trying to run a scan on an image with the identifier c0afcfb7356e. I got this ID by running docker image list.

Below is the debug output from klar. It looks like it's trying to authenticate with the official Docker Hub registry but is failing. I've tried entering my username/password and also generating an access token via the DockerHub account settings console.

These are the environment variables:

export KLAR_TRACE=true
export CLAIR_ADDR=localhost
export DOCKER_USER=My_Username
export DOCKER_PASSWORD=********
export DOCKER_TOKEN==******************************
export REGISTRY_INSECURE=true
$ klar c0afcfb7356e
clair timeout 1m0s
docker timeout: 1m0s
no whitelist file
----> HTTP REQUEST:
GET /v2/library/c0afcfb7356e/manifests/latest HTTP/1.1
Host: registry-1.docker.io
Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws
Authorization: Basic ********

<---- HTTP RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Length: 163
Content-Type: application/json
Date: Fri, 03 Jul 2020 13:22:16 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/c0afcfb7356e:pull"

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"library/c0afcfb7356e","Action":"pull"}]}]}

----> HTTP REQUEST:
GET /v2/library/c0afcfb7356e/manifests/latest HTTP/1.1
Host: registry-1.docker.io
Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws
Authorization: Basic ********

<---- HTTP RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Length: 163
Content-Type: application/json
Date: Fri, 03 Jul 2020 13:22:17 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/c0afcfb7356e:pull"

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"library/c0afcfb7356e","Action":"pull"}]}]}

----> HTTP REQUEST:
GET /v2/library/c0afcfb7356e/manifests/latest HTTP/1.1
Host: registry-1.docker.io
Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws
Authorization: Bearer ********

<---- HTTP RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Length: 163
Content-Type: application/json
Date: Fri, 03 Jul 2020 13:22:17 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/c0afcfb7356e:pull"

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"library/c0afcfb7356e","Action":"pull"}]}]}

Can't pull fsLayers
nishant-d commented 4 years ago

I am facing the same issue, @Joe-Heffer-Shef could you find any solution?

Joe-Heffer-Shef commented 4 years ago

I am facing the same issue, @Joe-Heffer-Shef could you find any solution?

I'm afraid not. I'm now using Anchore instead.