Clair 2.x does not parse xml.bz2 files from rhel
mouradxmt opened this issue · comments
Description of Problem / Feature Request
Expected Outcome
Download the XML files. parse them, build the database with the new updater
Actual Outcome
{"Event":"could not decode RHEL's XML","Level":"error","Location":"rhel.go:158","Time":"2021-12-07 12:01:54.628764","error":"XML syntax error on line 1: invalid character entity \u0026SY\ufffd\ufffd˶ (no semicolon)"}
and it fails to continue
Environment
- Clair version/image: 2.1.7 (also in 2.1.6)
- Clair client name/version: 1.2.8
- Host OS:
- Kernel (e.g.
uname -a
): - Kubernetes version (use
kubectl version
): - Network/Firewall setup:
Patches welcome.
The RedHat server appears to be redirecting a request to https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL%d.xml to https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL%d.xml.bz2
where %d is 4,5,6,7 or 8.
rhel.go needs to be patched to handle this.
Hello @hdonnay and @mmahkamov,
We got exactly the same situation with clair-scanner. It seems that the file rhel.go has been deleted ?
do you know when you will release with this fix?
Hi @Kilz78 ,
as per #1459 (comment) it seems that the release will happen in a week or two.
Hi @hdonnay ,
Can you trigger the release for 2.1.8, the tag is already there.
I don't know what you mean, the container has been built: quay.io/coreos/clair:v2.1.8