Add subdir for tar files in the working dir

[HontoNoRoger]

The safeguard of adding a subdir based on the first part of the file name is necessary for docker-like image tar archives, which don't have a folder for each layer but rather another tar.gz file or similar. This is the case for kaniko built docker image archives.

Without it, tar archives will overwrite the untar_dir on every new layer analyzed. This will result in the os-release file not being found as the os analyzer expects the files of the first layer in the dir but it's actually the files of the last dir.

Signed-off-by: Roger Lehmann roger.lehmann@newtron.de

[HontoNoRoger]

This PR should enable a valid workaround to get Kaniko working with Tern by using --raw-image. See https://github.com/tern-tools/tern/issues/361#issuecomment-1123836781

[rnjudge]

Thank you so much for the PR @HontoNoRoger and I apologize for the delay in reviewing.

Can you tell me the steps for how I could test this with a Kaniko raw image or provide one to me to use for testing?

[HontoNoRoger]

Hi @rnjudge thanks for getting back to me. Sure, sorry I didn't initially post a description for reproducing this.

How make an example Kaniko raw image and test it

1. Open up a terminal and go to the Tern project dir
2. create a folder, e.g. kaniko
3. create a Dockerfile in the created kaniko directory like this one:

   
   FROM ubuntu:20.04

RUN apt-get update && apt-get install -y curl && apt-get clean

3. run Kaniko directly in Docker via
```bash
docker run \
    -v $PWD/kaniko:/workspace \
    gcr.io/kaniko-project/executor:latest \
    --dockerfile="/workspace/Dockerfile" \
    --tarPath="/workspace/image.tar" \
    --destination="image" \
    --no-push \

4. after it ran successfully, you should now have a kaniko/image.tar you can use for the check
5. check licenses with Tern now via tern --clear-cache report --raw-image kaniko/image.tar

This should give you the licenses when the patch in this PR is applied. Without the patch Tern returns with an error saying it cannot find a base os, therefore no package manager and therefore no licenses.

[HontoNoRoger]

I also tried it out with a different Dockerfile, one that looks like this:

FROM alpine:latest

RUN apk add curl

With this built into a kaniko raw image, Tern correctly identifies the base os being Alpine after applying the patch, but it has different issues when running an empty command inside the chroot. But this seems to be a different issue worthy of a follow-up.

[rnjudge]

I also tried it out with a different Dockerfile, one that looks like this:

FROM alpine:latest

RUN apk add curl

With this built into a kaniko raw image, Tern correctly identifies the base os being Alpine after applying the patch, but it has different issues when running an empty command inside the chroot. But this seems to be a different issue worthy of a follow-up.

I wonder if the empty command error you're seeing looks at all like what was seen in https://github.com/tern-tools/tern/issues/1161?

[rnjudge]

@HontoNoRoger ok, this fix worked for me so I'm happy to merge. Would you be willing to add a comment or two to your changes to clarify the different execution paths? This will make it easier for future contributors :) If you also wanted to add a reference to https://github.com/tern-tools/tern/issues/361 in your commit message that would be great.

Thanks so much for your PR!

[HontoNoRoger]

Hi @rnjudge I've added a code comment explaining the purpose of the changes, extended the test case for testGetUntarDir and referenced the issue you mentioned. Please let me know if I can futher improve the quality of this PR. Thank you for taking the time to review it. :slightly_smiling_face:

[nishakm]

LGTM @HontoNoRoger and @rnjudge!