rnjudge
commented
2 years ago I tested this with Dockerfiles, multi-layer images and problematic past images/scenarios and everything looked as expected when running natively on Linux. I did get some weird race-y warning messages at times but could never reliably reproduce them.
Once the nits/suggestions are resolved this is good to go :)
This PR enables the use of Skopeo to pull container images. Skopeo uses the OCI schema version 2 to fetch container images. It lays out the images on disk differently than Docker after a pull. In order to enable analysis of containers pulled in this way, this PR introduces the OCIImage class which reflects the expected layout.
In order to deal with the different expected directory structures, commit 1 moves a commonly used function in rootfs.py, get_untar_dir, into the ImageLayer class, and creates a new property called 'image_layout'. In this way, container image layouts on disk can be dealt with based on derived Image classes.
Commit 2 introduces the OCIImage class and changes to the DockerImage class which makes use of the new ImageLayer property and method. Commit 3 replaces all instances of get_untar_dir with the ImageLayer instance's get_untar_dir method. Commit 4 connects all the pieces from the command line option to the image extraction method. Finally, commit 5 adds Skopeo to the list of requirements for Tern in the documentation, Dockerfiles and the development environments.
Commit 6 deals with the different image dictionary layouts based on the image layout in the html report specifically.
Note that the change to the Dockerfile that installs tern using pip has not changed as this changeset is not included in any releases yet.
Fixes #948
Signed-off-by: Nisha K nishak@vmware.com