-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to analyze the image using dive #498
Comments
Could it be that this is related to a Docker update that was released last weekend? I also see the same issue on Docker v25.0.0 but haven't yet seen in on v24.0.7. |
@rajiv-k is this something you could look into? |
Apparently, the files no longer follow the same naming logic, so this code no longer detects the config file, and this one later fails. Here's the same image (same Dockerfile) built with Docker 24.0.7 (pulled from our registry last week):
and saved from a failed CI build today, with Docker 25.0.0:
In the first case, the config file is that This is I believe because:
|
Same here using dive 0.11.0 as docker image, Docker version 25.0.0, build e758fe5, Ubuntu |
@tbroyer since you've already dived into the relevant code, are you interested in sending a PR? |
@mark2185 I started looking at it yesterday, but am really not sure how to approach it: start reading each file in the tar looking for a "magic number"? (knowing that tar and json don't really have such things) and/or trying to load them as tar or json and ignoring errors? (this could imply buffering a big chunk of the file) should this new/fallback approach be limited to entries in I'll happily review a PR and test it though, and could help brainstorm the best approach. |
Fair enough, wanted to be sure before taking a crack at it. I'd wager a good way would be initializing a Then we try unmarshalling it to see how well that works out, and if that errors out as well we can safely say what the hell. |
You have to take gzip into account too, and remember that in many (most?) cases we're reading a tar that's directly streamed from the Docker daemon, and is not seekable. This means adding some buffering; 512 bytes should be enough as that's the size of a tar entry header (according to https://en.wikipedia.org/wiki/Tar_(computing)#File_format), but what if it's gzipped? maybe in this case it can be assumed to not be JSON so the fallback to JSON, and need for seeking back to the start of the entry, is not needed? That would mean doing something like:
|
@tbroyer if I'm reading the image layout specification correctly, the Can't check because I don't have such an image, which leads me to my next question - where did you get |
Yes, but nothing guarantees that you'll see the
I too am on Arch so still on 24.0.7, our CI is on Ubuntu though, and we get the Docker Engine packages straight from Docker, Inc.: https://docs.docker.com/engine/install/ubuntu/ |
I managed to generate the And I reproduce the issue with it:
|
I'm on ubuntu 22.04 using docker |
I have same problem
System info:
|
I spent a couple hours and managed to get something working (see PR #500) Tested on the included test-oci-docker-image.tar (same as test-docker-image.tar above) and on a real image built on our CI.
|
The PR from @tbroyer fixes the problem for me. Until it gets merged and a new dive release made, here's the TL;DR of how I was able to get it compiled and running:
There are probably proper Makefile targets I should be using, but I didn't bother digging in to figure it out. This worked. |
Add support for OCI-compatible Docker images. Fixes #498
What happened: I am using RHEL9 free tier from AWS and installed the dive with below steps by referring the github page https://github.com/wagoodman/dive and the version is dive 0.11.0
i have downloaded the Docker image "nginx:latest" by using "docker pull nginx" command
then i have executed "dive nginx:latest", getting below error
[ec2-user@ip-172-31-36-53 ~]$ sudo dive nginx
Image Source: docker://nginx
Fetching image... (this can take a while for large images)
cannot fetch image
could not find image config
[ec2-user@ip-172-31-36-53 ~]$
Could you please let me know how to scan an image using dive?
Anything else we need to know?: I am interested to know how to include the dive into jenkins CI/CD pipeline. like we are using Free style jobs so need to include the configuration in the "execute shell"
Environment: RHEL9
OS version:
- [ec2-user@ip-172-31-36-53 ~]$ uname -a
Linux ip-172-31-36-53.ec2.internal 5.14.0-362.8.1.el9_3.x86_64 List layers #1 SMP PREEMPT_DYNAMIC Tue Oct 3 11:12:36 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux
[ec2-user@ip-172-31-36-53 ~]$
Docker version (if applicable)
- [ec2-user@ip-172-31-36-53 ~]$ docker --version
Docker version 25.0.0, build e758fe5
[ec2-user@ip-172-31-36-53 ~]$
The text was updated successfully, but these errors were encountered: