Fix docker extract bugs #1513
Merged
Fix docker extract bugs #1513
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prabhu
force-pushed
the
fix/docker-image-extract-bugs-v2
branch
from
90235a7 to
3f6bc32
Compare
|
prabhu
force-pushed
the
fix/docker-image-extract-bugs-v2
branch
from
7a61dc5 to
3d78683
Compare
prabhu
force-pushed
the
fix/docker-image-extract-bugs-v2
branch
from
0a08b74 to
82d88b6
Compare
Signed-off-by: Prabhu Subramanian <[email protected]> Tweaks Signed-off-by: Prabhu Subramanian <[email protected]> Support for fail-on-error for container sbom generation. Env variable to force non-strict tar extraction. Signed-off-by: Prabhu Subramanian <[email protected]> Support for fail-on-error for container sbom generation. Env variable to force non-strict tar extraction. Signed-off-by: Prabhu Subramanian <[email protected]> Support for fail-on-error for container sbom generation. Env variable to force non-strict tar extraction. Signed-off-by: Prabhu Subramanian <[email protected]>
prabhu
force-pushed
the
fix/docker-image-extract-bugs-v2
branch
from
82d88b6 to
e1dcfc2
Compare
… to force non-strict tar extraction. Signed-off-by: Prabhu Subramanian <[email protected]>
prabhu
commented
Dec 26, 2024
| @@ -50,32 +51,36 @@ jobs: | |||
| path: 'repotests/grafana-operator' | |||
| - name: dockertests | |||
| run: | | |||
| bin/cdxgen.js ubuntu:latest -t docker -o bomresults/bom-ubuntu.json | |||
| bin/cdxgen.js ubuntu:latest -t docker -o bomresults/bom-ubuntu.json --fail-on-error | |||
There was a problem hiding this comment.
Running with --fail-on-error would improve confidence in the tests.
prabhu
commented
Dec 26, 2024
| @@ -499,6 +499,9 @@ export function getOSPackages(src) { | |||
| } | |||
| if (osReleaseData["VERSION_ID"]) { | |||
| distro_id = `${distro_id}-${osReleaseData["VERSION_ID"]}`; | |||
| if (OS_DISTRO_ALIAS[distro_id]) { | |||
There was a problem hiding this comment.
This fixes some warning for dependency tree in debian images.
prabhu
commented
Dec 26, 2024
| @@ -29,6 +29,16 @@ import { DEBUG_MODE, getAllFiles } from "../helpers/utils.js"; | |||
| export const isWin = _platform() === "win32"; | |||
| export const DOCKER_HUB_REGISTRY = "docker.io"; | |||
|
|
|||
| // Should we extract the tar image in non-strict mode | |||
| const NON_STRICT_TAR_EXTRACT = ["true", "1"].includes( | |||
There was a problem hiding this comment.
There is support for untar with strict: false.
prabhu
commented
Dec 26, 2024
| ["TAR_ENTRY_INFO", "TAR_ENTRY_INVALID"].includes(err.code) | ||
| ) { | ||
| if ( | ||
| err?.header?.path?.includes("{") || |
There was a problem hiding this comment.
We have a different bug where we attempt to untar textual metadata. This condition handles this edge case.
… to force non-strict tar extraction. Signed-off-by: Prabhu Subramanian <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1511