Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: clair-4.5.0
Affects Version/s: clair-4.4.3
Component/s: clair
Labels:
- clair
- clairv4
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False
Product:
Quay Enterprise

RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

When we export updates with clairctl and then try to import them to the database, clairctl always errors out:

root@dalek:/tmp/clair-reproducer# podman run --rm -v /tmp/clair-reproducer/:/clair/config --entrypoint /usr/bin/clairctl registry.redhat.io/quay/clair-rhel8:v3.7.7 --config /clair/config/config.yaml -D export-updaters --gzip /clair/config/updaters.gz
...
2022-09-09T11:06:30Z INF parse start component=rhel/rhcc/Updater.Parse updater=rhel-container-updater
2022-09-09T11:06:35Z DBG xml decoded component=rhel/rhcc/Updater.Parse updater=rhel-container-updater
2022-09-09T11:06:35Z DBG found raw entries component=rhel/rhcc/Updater.Parse count=27496 updater=rhel-container-updater
2022-09-09T11:06:36Z DBG found vulnerabilities component=rhel/rhcc/Updater.Parse count=11393 updater=rhel-container-updater
2022-09-09T11:06:36Z INF parse done component=rhel/rhcc/Updater.Parse updater=rhel-container-updater
2022-09-09T11:06:36Z INF successful update component=libvuln/updates/Manager.driveUpdater ref=7ce9eccf-2d29-46d4-93d6-4e8192fbd39a updater=rhel-container-updater
2022-09-09T11:06:36Z INF finished update component=libvuln/updates/Manager.driveUpdater updater=rhel-container-updater
2022-09-09T11:09:20Z ERR  error="updating errors:\npyupio: pyupio: fetcher got unexpected HTTP response: 404 (404 Not Found)\naws-linux1-updater: failed to create client: failed to make request for mirrors: unexpected response 400 400 Bad Request\n"

root@dalek:/tmp/clair-reproducer# file updaters.gz 
updaters.gz: gzip compressed data, original size modulo 2^32 1023968533

root@dalek:/tmp/clair-reproducer# podman run --rm -v /tmp/clair-reproducer/:/clair/config --entrypoint /usr/bin/clairctl registry.redhat.io/quay/clair-rhel8:v3.7.7 -config /clair/config/config.yaml -D import-updaters --gzip /clair/config/updaters.gz
2022-09-09T11:24:27Z ERR  error="gzip: invalid header"

The file created by clairctl can be gunzipped successfully without any errors:

root@dalek:/tmp/clair-reproducer# gunzip updaters.gz 
root@dalek:/tmp/clair-reproducer# file updaters 
updaters: JSON data

The same error affects Clair image version 3.6.8-3.6.10 as well as image version 3.7. The issue also affects multiple customers who cannot reliably use Clair in disconnected environments since importing does not work. Even if we ungzip and then gzip the file again, Clair still complains that the file has a wrong header:

root@dalek:/tmp/clair-reproducer# gunzip updaters.gz 
root@dalek:/tmp/clair-reproducer# file updaters 
updaters: JSON data

root@dalek:/tmp/clair-reproducer# gzip updaters 
root@dalek:/tmp/clair-reproducer# podman run --rm -v /tmp/clair-reproducer/:/clair/config --entrypoint /usr/bin/clairctl registry.redhat.io/quay/clair-rhel8:v3.7.7 --config /clair/config/config.yaml -D import-updaters --gzip /clair/config/updaters.gz
2022-09-09T11:43:04Z ERR  error="gzip: invalid header"

root@dalek:/tmp/clair-reproducer# file updaters.gz 
updaters.gz: gzip compressed data, was "updaters", last modified: Fri Sep  9 11:34:12 2022, from Unix, original size modulo 2^32 1024442674

Please check!

Attachments

Issue Links

is related to

PROJQUAY-4783 Update to Clair 4.5.1

Closed

Activity

People

Assignee:: Henry Donnay

Reporter:: Ivan Bazulic

Votes:: 4 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2022/09/09 11:45 AM

Updated:: 2022/11/28 4:52 PM

Resolved:: 2022/11/28 4:13 PM