paclair icon indicating copy to clipboard operation
paclair copied to clipboard
verified publisher icon yebinama

Paclair fail to retrieve image with no layers

Open ilyesFh opened this issue 5 years ago • 2 comments

$ python -m paclair --conf /source/conf.yml Docker ${IMAGE} push Traceback (most recent call last): File "/usr/local/lib/python3.8/runpy.py", line 194, in _run_module_as_main return _run_code(code, main_globals, None, File "/usr/local/lib/python3.8/runpy.py", line 87, in _run_code exec(code, run_globals) File "/usr/local/lib/python3.8/site-packages/paclair/main.py", line 105, in main() File "/usr/local/lib/python3.8/site-packages/paclair/main.py", line 71, in main paclair_object.push(args.plugin, host) File "/usr/local/lib/python3.8/site-packages/paclair/handler.py", line 76, in push self._plugins[plugin].push(name) File "/usr/local/lib/python3.8/site-packages/paclair/plugins/abstract_plugin.py", line 53, in push return self.clair.post_ancestry(self.create_ancestry(name)) File "/usr/local/lib/python3.8/site-packages/paclair/plugins/docker_plugin.py", line 68, in create_ancestry return DockerAncestry(self.create_docker_image(name)) File "/usr/local/lib/python3.8/site-packages/paclair/ancestries/docker.py", line 24, in init for layer in docker_image.get_layers(): File "/usr/local/lib/python3.8/site-packages/paclair/docker/docker_image.py", line 85, in get_layers fs_layers = manifest['layers'] KeyError: 'layers'

ilyesFh avatar Jun 17 '20 13:06 ilyesFh

{ "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 1788, "digest": "sha256:2542a516a2f88d2223f25ac79186c76e461bf2da8f27a15502184adf54273302", "platform": { "architecture": "amd64", "os": "linux" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 1789, "digest": "sha256:1f6b5777aedc6b6ba94dc03a311e5b5222bae5fca26aba65716f95d6a219ea56", "platform": { "architecture": "arm64", "os": "linux" } } ] }

ilyesFh avatar Jun 17 '20 14:06 ilyesFh

@ilyesFh What image did you try to scan using Paclair?

I have the same issue with image: gcr.io/kubernetes-e2e-test-images/sample-apiserver:1.17. Paclair can't work with multi-platform images, like gcr.io/kubernetes-e2e-test-images/sample-apiserver:1.17.

The manifest, that you specify, it's list manifests or "fat manifest". If I understand clearly, Docker API, by default, returns this kind of manifest if another doesn't specify in request header.

The only workaround I suggest specifying needed manifest's mediaType in request headers :

resp = requests.get(
            url,
            verify=self.verify,
            headers={"Accept": "application/vnd.docker.distribution.manifest.v2+json",
                     "Authorization": "{}".format(token)},
            stream=True
        )

SofyaTavrovskaya avatar Mar 11 '21 14:03 SofyaTavrovskaya