Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4434

Unable to import updates with clairctl

XMLWordPrintable

    • False
    • None
    • False
    • Quay Enterprise

      When we export updates with clairctl and then try to import them to the database, clairctl always errors out:

      root@dalek:/tmp/clair-reproducer# podman run --rm -v /tmp/clair-reproducer/:/clair/config --entrypoint /usr/bin/clairctl registry.redhat.io/quay/clair-rhel8:v3.7.7 --config /clair/config/config.yaml -D export-updaters --gzip /clair/config/updaters.gz
...
2022-09-09T11:06:30Z INF parse start component=rhel/rhcc/Updater.Parse updater=rhel-container-updater
2022-09-09T11:06:35Z DBG xml decoded component=rhel/rhcc/Updater.Parse updater=rhel-container-updater
2022-09-09T11:06:35Z DBG found raw entries component=rhel/rhcc/Updater.Parse count=27496 updater=rhel-container-updater
2022-09-09T11:06:36Z DBG found vulnerabilities component=rhel/rhcc/Updater.Parse count=11393 updater=rhel-container-updater
2022-09-09T11:06:36Z INF parse done component=rhel/rhcc/Updater.Parse updater=rhel-container-updater
2022-09-09T11:06:36Z INF successful update component=libvuln/updates/Manager.driveUpdater ref=7ce9eccf-2d29-46d4-93d6-4e8192fbd39a updater=rhel-container-updater
2022-09-09T11:06:36Z INF finished update component=libvuln/updates/Manager.driveUpdater updater=rhel-container-updater
2022-09-09T11:09:20Z ERR  error="updating errors:\npyupio: pyupio: fetcher got unexpected HTTP response: 404 (404 Not Found)\naws-linux1-updater: failed to create client: failed to make request for mirrors: unexpected response 400 400 Bad Request\n"

root@dalek:/tmp/clair-reproducer# file updaters.gz 
updaters.gz: gzip compressed data, original size modulo 2^32 1023968533

root@dalek:/tmp/clair-reproducer# podman run --rm -v /tmp/clair-reproducer/:/clair/config --entrypoint /usr/bin/clairctl registry.redhat.io/quay/clair-rhel8:v3.7.7 -config /clair/config/config.yaml -D import-updaters --gzip /clair/config/updaters.gz
2022-09-09T11:24:27Z ERR  error="gzip: invalid header"

      The file created by clairctl can be gunzipped successfully without any errors:

      root@dalek:/tmp/clair-reproducer# gunzip updaters.gz 
root@dalek:/tmp/clair-reproducer# file updaters 
updaters: JSON data

      The same error affects Clair image version 3.6.8-3.6.10 as well as image version 3.7. The issue also affects multiple customers who cannot reliably use Clair in disconnected environments since importing does not work. Even if we ungzip and then gzip the file again, Clair still complains that the file has a wrong header:

      root@dalek:/tmp/clair-reproducer# gunzip updaters.gz 
root@dalek:/tmp/clair-reproducer# file updaters 
updaters: JSON data

root@dalek:/tmp/clair-reproducer# gzip updaters 
root@dalek:/tmp/clair-reproducer# podman run --rm -v /tmp/clair-reproducer/:/clair/config --entrypoint /usr/bin/clairctl registry.redhat.io/quay/clair-rhel8:v3.7.7 --config /clair/config/config.yaml -D import-updaters --gzip /clair/config/updaters.gz
2022-09-09T11:43:04Z ERR  error="gzip: invalid header"

root@dalek:/tmp/clair-reproducer# file updaters.gz 
updaters.gz: gzip compressed data, was "updaters", last modified: Fri Sep  9 11:34:12 2022, from Unix, original size modulo 2^32 1024442674

      Please check!

              hdonnay Henry Donnay
              rhn-support-ibazulic Ivan Bazulic
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: