search

project-copacetic / copacetic

๐Ÿงต CLI tool for directly patching container images!
https://project-copacetic.github.io/copacetic/
Apache License 2.0
933 stars 62 forks source link

[DOC] Copa pulling older libraries #406

Open toddysm opened 10 months ago

toddysm commented 10 months ago

Version of copa

No response

Expected Behavior

Expected to get the latest libraries

Actual Behavior

6 exporting to client directory

6 copying files 4.42kB done

6 DONE 0.1s

time="2023-11-03T18:15:41Z" level=error msg="downloaded package libgssapi-krb5-2 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libkrb5-3 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libkrb5support0 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package linux-libc-dev version 6.1.38-4 lower than required 6.1.55-1 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package openssl version 3.0.9-1 lower than required 3.0.11-1~deb12u2 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libc-bin version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libc-dev-bin version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libc6 version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libc6-dev version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libk5crypto3 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update" time="2023-11-03T18:15:41Z" level=error msg="downloaded package libssl3 version 3.0.9-1 lower than required 3.0.11-1~deb12u2 for update" Error: 11 errors occurred: โ€ƒโ€ƒ downloaded package libgssapi-krb5-2 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update โ€ƒโ€ƒ downloaded package libkrb5-3 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update โ€ƒโ€ƒ downloaded package libkrb5support0 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update โ€ƒโ€ƒ downloaded package linux-libc-dev version 6.1.38-4 lower than required 6.1.55-1 for update โ€ƒโ€ƒ downloaded package openssl version 3.0.9-1 lower than required 3.0.11-1~deb12u2 for update โ€ƒโ€ƒ downloaded package libc-bin version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update โ€ƒโ€ƒ downloaded package libc-dev-bin version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update โ€ƒโ€ƒ downloaded package libc6 version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update โ€ƒโ€ƒ downloaded package libc6-dev version 2.36-9+deb12u1 lower than required 2.36-9+deb12u3 for update โ€ƒโ€ƒ downloaded package libk5crypto3 version 1.20.1-2 lower than required 1.20.1-2+deb12u1 for update โ€ƒโ€ƒ* downloaded package libssl3 version 3.0.9-1 lower than required 3.0.11-1~deb12u2 for update

Error patching image tsmacrkubeconna23demousw2.azurecr.io/toddysm/python:3.10 with copa 2023/11/03 18:15:41 Container failed during run: patch-with_copa. No retries remaining. failed to run step ID: patch-with_copa: exit status 1

Run ID: cc16 failed after 1m27s. Error: failed during run, err: exit status 1

Steps To Reproduce

No response

Are you willing to submit PRs to contribute to this bug fix?

sozercan commented 10 months ago

@toddysm make sure to have fresh scan results. these are usually due to stale reports (basically trivy and package repo disagreement), you'll need to make sure to scan before patch every time. this is not a bug with copa.

sozercan commented 10 months ago

synced with @toddysm offline, his issue was due to github outage and cannot repro now. this might be due to trivy's db being hosted in ghcr.

we should document this in FAQ since this might be somewhat common if scan results are stale or scanner's db is outdated.