Clair 2.x does not parse xml.bz2 files from rhel

Question

Clair 2.x does not parse xml.bz2 files from rhel

mouradxmt opened this issue 3 years ago · comments

Mourad Mtouaa commented 3 years ago

Description of Problem / Feature Request

Expected Outcome

Download the XML files. parse them, build the database with the new updater

Actual Outcome

{"Event":"could not decode RHEL's XML","Level":"error","Location":"rhel.go:158","Time":"2021-12-07 12:01:54.628764","error":"XML syntax error on line 1: invalid character entity \u0026SY\ufffd\ufffd˶ (no semicolon)"}
and it fails to continue

Environment

Clair version/image: 2.1.7 (also in 2.1.6)
Clair client name/version: 1.2.8
Host OS:
Kernel (e.g. uname -a):
Kubernetes version (use kubectl version):
Network/Firewall setup:

Hank Donnay · Answer 1 · Wed Dec 08 2021 09:33:31 GMT+0800 (China Standard Time)

Patches welcome.

Muzaffar Makhkamov · Answer 2 · Tue Dec 14 2021 01:29:04 GMT+0800 (China Standard Time)

The RedHat server appears to be redirecting a request to https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL%d.xml to https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL%d.xml.bz2

where %d is 4,5,6,7 or 8.

rhel.go needs to be patched to handle this.

Kilz78 · Answer 3 · Thu Dec 23 2021 22:00:53 GMT+0800 (China Standard Time)

Hello @hdonnay and @mmahkamov,

We got exactly the same situation with clair-scanner. It seems that the file rhel.go has been deleted ?

do you know when you will release with this fix?

Mourad Mtouaa · Answer 4 · Thu Dec 23 2021 22:17:43 GMT+0800 (China Standard Time)

Hi @Kilz78 ,
as per #1459 (comment) it seems that the release will happen in a week or two.

Mourad Mtouaa · Answer 5 · Fri Jan 21 2022 09:37:08 GMT+0800 (China Standard Time)

Hi @hdonnay ,
Can you trigger the release for 2.1.8, the tag is already there.

Hank Donnay · Answer 6 · Sat Jan 22 2022 01:28:08 GMT+0800 (China Standard Time)

I don't know what you mean, the container has been built: quay.io/coreos/clair:v2.1.8