clair-scanner
clair-scanner copied to clipboard
arminc
error "reference does not exist"
I've setup clair and clair_postgres containers and downloaded the latest version of the clair-scanner CLI. It won't work though and I don't understand the error message.
root@build:/srv/docker-compose# clair-scanner_linux_amd64 debian:latest
2019/02/14 17:10:47 [INFO] ▶ Start clair-scanner
2019/02/14 17:10:47 [CRIT] ▶ Could not save Docker image [debian:latest]: Error response from daemon: reference does not exist
root@build:/srv/docker-compose# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c4c9e84e4f37 quay.io/coreos/clair:v2.0.7 "/clair -config /con…" 50 seconds ago Up 48 seconds 0.0.0.0:6060-6061->6060-6061/tcp clair
5fa90369d9b3 postgres:11.1 "docker-entrypoint.s…" 22 minutes ago Up 22 minutes 5432/tcp clair_postgres
Using strace I saw that the communication was through /var/run/docker.sock and the error message part of a 404 response from the server.
read(3, "HTTP/1.1 404 Not Found\r\nApi-Version: 1.39\r\nContent-Type: application/json\r\nDocker-Experimental: false\r\nOstype: linux\r\nServer: Docker/18.09.2 (linux)\r\nDate: Thu, 14 Feb 2019 16:06:27 GMT\r\nContent-Length: 39\r\n\r\n{\"message\":\"reference does not exist\"}\n", 4096) = 248
Or maybe it comes from dockerd itself (notice the "Server: Docker") and not the clair damon inside the Docker container? But what does it mean?
A docker logs clair returns only INFO level messages, the last ones are:
{"Event":"finished fetching","Level":"info","Location":"updater.go:242","Time":"2019-02-14 16:25:24.134101","updater name":"debian"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:242","Time":"2019-02-14 16:25:24.371419","updater name":"alpine"}
A docker pull debian:latest did the trick. It is still confusing that it says "Could not save Docker image" - either it should pull and save it or say "Could not scan Docker image: does not exist", then it would be clearer that I have to download it first.