search

optiopay / klar

Integration of Clair and Docker Registry
MIT License
507 stars 140 forks source link

Klar does not give layers globally unique names #54

Closed owms closed 6 years ago

owms commented 6 years ago

Originally posted this issue as a Clair issue but per the discussion on https://github.com/coreos/clair/issues/439 it appears this is an issue with Klar so I am submitting it here.

When using Klar to scan public images from Docker Hub I often receive a 422 error when POSTing layers to Clair. Some examples of popular and public images I cannot scan are tomcat:7-jre8, postgres:9.5.3 (versions prior to 9.5.3 work but later versions do not), python:3.5, nginx:1.12-alpine, redis:3, nginx:3.5, and openjdk:7.

Clair will log a warning about a different feature name and version each time when the offending layer is POSTed in. For example, running klar tomcat:7-jre8 I will see the following line in the Clair logs

{"Event":"Namespace unknown","Level":"warning","Location":"worker.go:211","Time":"2017-08-28 20:13:36.031713","feature name":"init-system-helpers","feature version":"1.48","layer":"sha256:eb9b7457396558f37d230d8cb10dc083fb304895030d40ce8b54598e176546ec"}
{"Event":"Handled HTTP request","Level":"info","Location":"router.go:57","Time":"2017-08-28 20:13:36.031956","elapsed time":316097842,"method":"POST","remote addr":"10.124.3.72:23672","request uri":"/v1/layers","status":"422"}

Per this comment, this appears to be caused by Klar naming layers using the sha hash instead of using globally unique names as required by the Clair V2 API.

hashmap commented 6 years ago

Thanks for the report. V2 is not supported explicitly so far, so it would be a good starting point.

alexppg commented 6 years ago

I'm interested in this too.

Thanks for your work!

jamatute commented 6 years ago

+1

axelpavageau commented 6 years ago

I'm interested too. I've integrated Klar + Clair v1.x in our CI pipelines, but being able to use Clair v2.x would really improve things.

xueshanf commented 6 years ago

+1.

simplyzee commented 6 years ago

+1

TGippert commented 6 years ago

one more +1

hashmap commented 6 years ago

Please try v1.5 RC1 https://github.com/optiopay/klar/releases/tag/1.5-RC1

xueshanf commented 6 years ago

@hashmap Yay! It works. I have the image on dockerhub xueshanf/klar:1.5-rc1 for anyone wants to test. Thanks so much for fixing this!

hashmap commented 6 years ago

If you still have any issues please try https://github.com/optiopay/klar/releases/tag/v1.5-RC2 it's basically the same version but with simple tracing support, specify env var to enable it: KLAR_TRACE=true

owms commented 6 years ago

I tried out v1.5-RC2 on 9 public docker images and 20 private images and they have all worked.