Giters

project-copacetic / copacetic

🧵 CLI tool for directly patching container images using reports from vulnerability scanners

Home Page:https://project-copacetic.github.io/copacetic/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[QUESTION] Getting error when running copa patch

josephlim75 opened this issue · comments

commented

What is your question?

I would like to know what am I missing in my patch command below. I get error when running copa patch .... Some help is very much appreciated. Thank you.

Copa Version

copa version 0.5.1

Docker Version

Client:
 Cloud integration: v1.0.35+desktop.5
 Version:           24.0.6
 API version:       1.43
 Go version:        go1.20.7
 Git commit:        ed223bc
 Built:             Mon Sep  4 12:28:49 2023
 OS/Arch:           darwin/amd64
 Context:           default

Server: Docker Desktop 4.25.2 (129061)
 Engine:
  Version:          24.0.6
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.7
  Git commit:       1a79695
  Built:            Mon Sep  4 12:32:16 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.22
  GitCommit:        8165feabfdfe38c65b599c4993d227328c231fca
 runc:
  Version:          1.1.8
  GitCommit:        v1.1.8-0-g82f18fe
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Buildx Version

github.com/docker/buildx v0.11.2-desktop.5 f20ec1393426619870066baba9618cf999063886

Execution Error

copa patch --debug -i docker.io/bitnami/python:3.11.5 -r /tmp/py.json -t 3.11.5-patch
DEBU[0000] updates to apply: &{{{debian 11.7} {amd64}} [{curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10 CVE-2023-38545} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27533} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27534} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27535} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27536} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27538} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9 CVE-2023-28321} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9 CVE-2023-28322} {curl 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10 CVE-2023-38546} {libc-bin 2.31-13+deb11u6 2.31-13+deb11u7 CVE-2023-4911} {libc-dev-bin 2.31-13+deb11u6 2.31-13+deb11u7 CVE-2023-4911} {libc6 2.31-13+deb11u6 2.31-13+deb11u7 CVE-2023-4911} {libc6-dev 2.31-13+deb11u6 2.31-13+deb11u7 CVE-2023-4911} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10 CVE-2023-38545} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27533} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27534} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27535} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27536} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27538} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9 CVE-2023-28321} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9 CVE-2023-28322} {libcurl3-gnutls 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10 CVE-2023-38546} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10 CVE-2023-38545} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27533} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27534} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27535} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27536} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u8 CVE-2023-27538} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9 CVE-2023-28321} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u9 CVE-2023-28322} {libcurl4 7.74.0-1.3+deb11u7 7.74.0-1.3+deb11u10 CVE-2023-38546} {libgssapi-krb5-2 1.18.3-6+deb11u3 1.18.3-6+deb11u4 CVE-2023-36054} {libk5crypto3 1.18.3-6+deb11u3 1.18.3-6+deb11u4 CVE-2023-36054} {libkrb5-3 1.18.3-6+deb11u3 1.18.3-6+deb11u4 CVE-2023-36054} {libkrb5support0 1.18.3-6+deb11u3 1.18.3-6+deb11u4 CVE-2023-36054} {libncurses6 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2 CVE-2023-29491} {libncursesw6 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2 CVE-2023-29491} {libnghttp2-14 1.43.0-1 1.43.0-1+deb11u1 CVE-2023-44487} {libssl-dev 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1 CVE-2023-3446} {libssl-dev 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1 CVE-2023-3817} {libssl1.1 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1 CVE-2023-3446} {libssl1.1 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1 CVE-2023-3817} {libtinfo6 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2 CVE-2023-29491} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-45871} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-1989} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-4244} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-42753} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-4622} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-4623} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-4921} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-6176} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-20588} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-37453} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-3772} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-3773} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-39189} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-39192} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-39193} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-39194} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-42754} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-42755} {linux-libc-dev 5.10.191-1 5.10.197-1 CVE-2023-42756} {ncurses-base 6.2+20201114-2+deb11u1 6.2+20201114-2+deb11u2 CVE-2023-29491} {openssl 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1 CVE-2023-3446} {openssl 1.1.1n-0+deb11u5 1.1.1v-0~deb11u1 CVE-2023-3817}]} 
DEBU[0000] Trying docker driver                         
DEBU[0000] serving grpc connection                      
DEBU[0000] stopping session                             
DEBU[0000] Could not use docker driver                   error="failed to solve: requested experimental feature mergeop  has been disabled on the build server: only enabled with containerd image store backend\nrequested experimental feature diffop  has been disabled on the build server: only enabled with containerd image store backend\nmissing required buildkit functionality"
DEBU[0000] Trying buildx driver                         
DEBU[0000] Could not use buildx driver                   error="listing workers for Build: failed to list workers: Unavailable: connection error: desc = \"transport: Error while dialing: read /Users/jlim/.docker/buildx/instances: is a directory\""
DEBU[0000] Trying default buildkit addr                 
DEBU[0000] Could not use buildkitd driver                error="<nil>"
WARN[0000] --debug specified, working folder at /var/folders/yy/k0b7rymj0235v51zmhd5qwt40000gp/T/copa-1804197243 needs to be manually cleaned up 
Error: could not use docker driver: failed to solve: requested experimental feature mergeop  has been disabled on the build server: only enabled with containerd image store backend
requested experimental feature diffop  has been disabled on the build server: only enabled with containerd image store backend
missing required buildkit functionality
could not use buildx driver: listing workers for Build: failed to list workers: Unavailable: connection error: desc = "transport: Error while dialing: read /Users/jlim/.docker/buildx/instances: is a directory"
could not use buildkitd driver: %!w(<nil>)
commented

@josephlim75 do you have a buildx builder running already? you can list with docker buildx ls

since you are already on docker v24, alternatively you can also enable containerd image store (containerd snapshotter)

please see https://project-copacetic.github.io/copacetic/website/quick-start#buildkit-connection-examples for usage

commented

@sozercan , thanks. It works now after specifying the --addr endpoint to point to the buildx instance.