Unable Xray an target image #693
Comments
|
@gnought are you using Orbstack instead of Docker Desktop? |
|
@kcq yes, you are right. |
|
@gnought Still need to verify this... but it appears it should be straightforward to fix. Looks like Orbstack doesn't like missing sha256 prefix in image IDs, at least, in some of the Docker API calls. Will need your help verifying the enhancement. |
|
@kcq sure, tag me and let me know how to test the fix. :) |
|
@gnought try this new release and see if you get different results with it |
|
Hi @kcq, I got a similar error for v1.41.4 |
|
The error comes from |
|
thanks for checking @gnought ! that's odd that the fix got lost... need to restore it |
|
hi @kcq gnought:~/tmp/dist_mac_m1 √ % ./slim --version
mint version darwin/arm64|Aurora|1.41.5|4cc2b185c9cdcd6d0586246e21d8aecc5d847feb|2024-07-01_04:36:47AM
gnought:~/tmp/dist_mac_m1 √ % ./slim x nginx:latest --debug --verbose
cmd=xray state=started
cmd=xray info=cmd.input.params add-image-config='false' rm-file-artifacts='false' target='nginx:latest' add-image-manifest='false'
cmd=xray state=image.api.inspection.start
cmd=xray info=image id='sha256:1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b' size.bytes='67669989' size.human='68 MB' architecture='arm64'
cmd=xray info=image.stack name='nginx:latest' id='sha256:1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b' instructions='17' message='see report file for details' index='0'
cmd=xray info=image.exposed_ports list='80/tcp'
cmd=xray state=image.api.inspection.done
cmd=xray state=image.data.inspection.start
cmd=xray info=image.data.inspection.save.image.start
cmd=xray info=image.data.inspection.save.image.end
cmd=xray info=image.data.inspection.process.image.start
time="2024-07-03T01:08:22+08:00" level=error msg="layerFromStream: error reading layer(3239ea84a00d153b5b8f81b47548275701d325537ee211a15719a09589e90ec0) - archive/tar: invalid tar header"
time="2024-07-03T01:08:22+08:00" level=error msg="dockerimage.LoadPackage: error reading oci layer from archive(/Users/gnought/tmp/dist_mac_m1/.mint-state/images/1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b/image/1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b.tar/blobs/sha256/3239ea84a00d153b5b8f81b47548275701d325537ee211a15719a09589e90ec0) - archive/tar: invalid tar header"
time="2024-07-03T01:08:22+08:00" level=fatal msg="slim: failure" error="archive/tar: invalid tar header" stack="goroutine 1 [running]:\nruntime/debug.Stack()\n\truntime/debug/stack.go:24 +0x64\ngithub.com/mintoolkit/mint/pkg/util/errutil.FailOn({0x1023e9df8, 0x103650430})\n\tgithub.com/mintoolkit/mint/pkg/util/errutil/errutil.go:32 +0x38\ngithub.com/mintoolkit/mint/pkg/app/master/command/xray.OnCommand(0x140004d0aa8, 0x140001a3860, 0x140004d0ac8, {0x16fc62c39, 0xc}, 0x1, {0x0, 0x0}, {0x0, 0x0}, ...)\n\tgithub.com/mintoolkit/mint/pkg/app/master/command/xray/handler.go:412 +0x2398\ngithub.com/mintoolkit/mint/pkg/app/master/command/xray.glob..func1(0x14000614780)\n\tgithub.com/mintoolkit/mint/pkg/app/master/command/xray/cli.go:340 +0x1754\ngithub.com/urfave/cli/v2.(*Command).Run(0x1036704a0, 0x14000614780, {0x140006147c0, 0x4, 0x4})\n\tgithub.com/urfave/cli/[email protected]/command.go:279 +0x754\ngithub.com/urfave/cli/v2.(*Command).Run(0x14000626160, 0x14000614140, {0x140001d2000, 0x5, 0x5})\n\tgithub.com/urfave/cli/[email protected]/command.go:272 +0x964\ngithub.com/urfave/cli/v2.(*App).RunContext(0x1400061c200, {0x10240cbe8?, 0x1036f2280}, {0x140001d2000, 0x5, 0x5})\n\tgithub.com/urfave/cli/[email protected]/app.go:337 +0x534\ngithub.com/urfave/cli/v2.(*App).Run(...)\n\tgithub.com/urfave/cli/[email protected]/app.go:311\ngithub.com/mintoolkit/mint/pkg/app/master.Run()\n\tgithub.com/mintoolkit/mint/pkg/app/master/app.go:15 +0x4c\nmain.main()\n\tgithub.com/mintoolkit/mint/cmd/mint/main.go:15 +0x194\n" version="darwin/arm64|Aurora|1.41.5|4cc2b185c9cdcd6d0586246e21d8aecc5d847feb|2024-07-01_04:36:47AM"
gnought:~/tmp/dist_mac_m1 ?1 % ./mint x nginx:latest --debug --verbose
cmd=xray state=started
cmd=xray info=cmd.input.params target='nginx:latest' add-image-manifest='false' add-image-config='false' rm-file-artifacts='false'
cmd=xray state=image.api.inspection.start
cmd=xray info=image id='sha256:1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b' size.bytes='67669989' size.human='68 MB' architecture='arm64'
cmd=xray info=image.stack index='0' name='nginx:latest' id='sha256:1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b' instructions='17' message='see report file for details'
cmd=xray info=image.exposed_ports list='80/tcp'
cmd=xray state=image.api.inspection.done
cmd=xray state=image.data.inspection.start
cmd=xray info=image.data.inspection.process.image.start
time="2024-07-03T01:08:34+08:00" level=error msg="layerFromStream: error reading layer(3239ea84a00d153b5b8f81b47548275701d325537ee211a15719a09589e90ec0) - archive/tar: invalid tar header"
time="2024-07-03T01:08:34+08:00" level=error msg="dockerimage.LoadPackage: error reading oci layer from archive(/Users/gnought/tmp/dist_mac_m1/.mint-state/images/1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b/image/1aaa8180df68200fd41f9066cf62155e3b71183c04b2895a7388d5fd84ef3c8b.tar/blobs/sha256/3239ea84a00d153b5b8f81b47548275701d325537ee211a15719a09589e90ec0) - archive/tar: invalid tar header"
time="2024-07-03T01:08:34+08:00" level=fatal msg="slim: failure" error="archive/tar: invalid tar header" stack="goroutine 1 [running]:\nruntime/debug.Stack()\n\truntime/debug/stack.go:24 +0x64\ngithub.com/mintoolkit/mint/pkg/util/errutil.FailOn({0x103109df8, 0x104370430})\n\tgithub.com/mintoolkit/mint/pkg/util/errutil/errutil.go:32 +0x38\ngithub.com/mintoolkit/mint/pkg/app/master/command/xray.OnCommand(0x14000698aa8, 0x14000720460, 0x14000698ac8, {0x16ef42c39, 0xc}, 0x1, {0x0, 0x0}, {0x0, 0x0}, ...)\n\tgithub.com/mintoolkit/mint/pkg/app/master/command/xray/handler.go:412 +0x2398\ngithub.com/mintoolkit/mint/pkg/app/master/command/xray.glob..func1(0x140000a25c0)\n\tgithub.com/mintoolkit/mint/pkg/app/master/command/xray/cli.go:340 +0x1754\ngithub.com/urfave/cli/v2.(*Command).Run(0x1043904a0, 0x140000a25c0, {0x140000a2600, 0x4, 0x4})\n\tgithub.com/urfave/cli/[email protected]/command.go:279 +0x754\ngithub.com/urfave/cli/v2.(*Command).Run(0x140002adce0, 0x1400014fa80, {0x14000152000, 0x5, 0x5})\n\tgithub.com/urfave/cli/[email protected]/command.go:272 +0x964\ngithub.com/urfave/cli/v2.(*App).RunContext(0x14000522200, {0x10312cbe8?, 0x104412280}, {0x14000152000, 0x5, 0x5})\n\tgithub.com/urfave/cli/[email protected]/app.go:337 +0x534\ngithub.com/urfave/cli/v2.(*App).Run(...)\n\tgithub.com/urfave/cli/[email protected]/app.go:311\ngithub.com/mintoolkit/mint/pkg/app/master.Run()\n\tgithub.com/mintoolkit/mint/pkg/app/master/app.go:15 +0x4c\nmain.main()\n\tgithub.com/mintoolkit/mint/cmd/mint/main.go:15 +0x194\n" version="darwin/arm64|Aurora|1.41.5|4cc2b185c9cdcd6d0586246e21d8aecc5d847feb|2024-07-01_04:36:47AM"
gnought:~/tmp/dist_mac_m1 ?1 % |
|
it's possible that Orbstack's docker save API call is different... need to repro the steps manually to confirm |
|
I can reproduce it when trying to x-ray: |
|
@rfilgueiras thanks for sharing your report! I'll use |
I just ran into this same issue with latest version is there a fix or option I can set to get it working? I am not using orbstack just standard Docker. I am using it inside of WSL 2.0 on windows though so I am not sure if that is causing the issue or not. |
@igloo15 can you try the |
|
@kcq I got a different error this time related to invalid tar header |
|
@igloo15 thank you for sharing the updated results with the extra context it! i'll help with the repro! |
|
Wanted to chime in to note that I seem to be running into the same issue but on a M4 Macbook Pro using Docker Desktop (Same error with Docker VMM or Apple Virtualisation Framework). $ Projects mint --version
mint version darwin/arm64|Aurora|1.41.7|a2a53d2348aeedf0d650d47debf477a2cad47111|2024-09-25_03:14:07PM
$ mint --verbose xray nginx:1.27
cmd=xray state=started
cmd=xray info=cmd.input.params runtime='auto/docker' target='nginx:1.27' add-image-manifest='false' add-image-config='false' rm-file-artifacts='false'
cmd=xray state=image.api.inspection.start
time="2024-12-25T11:30:05+10:00" level=info msg="inspecting 'fat' image metadata..." app=mint cmd=xray
cmd=xray info=image id='sha256:90babf6ca20a03b57f1ecabb39163d95842e6c8e010cebca9eb4b6ffa277b955' size.bytes='68524807' size.human='68 MB' architecture='arm64'
time="2024-12-25T11:30:05+10:00" level=info msg="processing 'fat' image info..." app=mint cmd=xray
cmd=xray info=image.stack id='sha256:90babf6ca20a03b57f1ecabb39163d95842e6c8e010cebca9eb4b6ffa277b955' instructions='17' message='see report file for details' index='0' name='nginx:1.27'
cmd=xray info=image.exposed_ports list='80/tcp'
cmd=xray state=image.api.inspection.done
cmd=xray state=image.data.inspection.start
cmd=xray info=image.data.inspection.process.image.start
time="2024-12-25T11:30:05+10:00" level=error msg="layerFromStream: error reading layer(261c6a94b398bd46eee583da22742a4b92e207fa4d8512f3988d873898599b74) - archive/tar: invalid tar header"
time="2024-12-25T11:30:05+10:00" level=error msg="dockerimage.LoadPackage: error reading oci layer from archive(/tmp/mint-state/.mint-state/images/90babf6ca20a03b57f1ecabb39163d95842e6c8e010cebca9eb4b6ffa277b955/image/90babf6ca20a03b57f1ecabb39163d95842e6c8e010cebca9eb4b6ffa277b955.tar/blobs/sha256/261c6a94b398bd46eee583da22742a4b92e207fa4d8512f3988d873898599b74) - archive/tar: invalid tar header"
time="2024-12-25T11:30:05+10:00" level=fatal msg="slim: failure" error="archive/tar: invalid tar header" stack="goroutine 1 [running]:\nruntime/debug.Stack()\n\truntime/debug/stack.go:26 +0x64\ngithub.com/mintoolkit/mint/pkg/util/errutil.FailOn({0x104b97bc8, 0x10616d8e0})\n\tgithub.com/mintoolkit/mint/pkg/util/errutil/errutil.go:32 +0x38\ngithub.com/mintoolkit/mint/pkg/app/master/command/xray.OnCommand(0x140006d7920, 0x14000130640, 0x140006d73e8, {0x16dad754c, 0xa}, 0x1, {0x0, 0x0}, {0x0, 0x0}, ...)\n\tgithub.com/mintoolkit/mint/pkg/app/master/command/xray/handler.go:495 +0x30f8\ngithub.com/mintoolkit/mint/pkg/app/master/command/xray.init.func1(0x140006b4480)\n\tgithub.com/mintoolkit/mint/pkg/app/master/command/xray/cli.go:343 +0x17d4\ngithub.com/urfave/cli/v2.(*Command).Run(0x1061ab980, 0x140006b4480, {0x1400046ab00, 0x2, 0x2})\n\tgithub.com/urfave/cli/[email protected]/command.go:279 +0x600\ngithub.com/urfave/cli/v2.(*Command).Run(0x140006a8160, 0x140001581c0, {0x14000158040, 0x4, 0x4})\n\tgithub.com/urfave/cli/[email protected]/command.go:272 +0x83c\ngithub.com/urfave/cli/v2.(*App).RunContext(0x140006a2000, {0x104bc1ae8, 0x10622ddc0}, {0x14000158040, 0x4, 0x4})\n\tgithub.com/urfave/cli/[email protected]/app.go:337 +0x514\ngithub.com/urfave/cli/v2.(*App).Run(...)\n\tgithub.com/urfave/cli/[email protected]/app.go:311\ngithub.com/mintoolkit/mint/pkg/app/master.Run()\n\tgithub.com/mintoolkit/mint/pkg/app/master/app.go:15 +0x4c\nmain.main()\n\tgithub.com/mintoolkit/mint/cmd/mint/main.go:15 +0x194\n" version="darwin/arm64|Aurora|1.41.7|a2a53d2348aeedf0d650d47debf477a2cad47111|2024-09-25_03:14:07PM" |
|
@Shard thank you for the additional context! It would be great to inspect the tar file for the target nginx image the app saved. The tar file itself should still be there after the failure. In your case it's |
|
Can do @kcq, I have uploaded it via fastmail and sent you an email containing the tarfile in question. Feel free to poke if I can be of any assistance 👍🏻 |
Thank you @Shard ! Got it and it confirmed what I was thinking about... The layer decode failure in xray happened because the layer is compressed and it wasn't handled correctly. There must be an extra Docker config option... Maybe it's the Containerd image store. Wasn't getting the same behavior in my M1 test environment. |
$ docker info
Client:
Version: 27.4.0
Context: desktop-linux
Debug Mode: false
Plugins:
ai: Ask Gordon - Docker Agent (Docker Inc.)
Version: v0.5.1
buildx: Docker Buildx (Docker Inc.)
Version: v0.19.2-desktop.1
compose: Docker Compose (Docker Inc.)
Version: v2.31.0-desktop.2
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.37
desktop: Docker Desktop commands (Beta) (Docker Inc.)
Version: v0.1.0
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.27
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.4.0
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
scout: Docker Scout (Docker Inc.)
Version: v1.15.1
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 14
Server Version: 27.4.0
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.10.14-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 12
Total Memory: 9.704GiB
Name: docker-desktop
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/user/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: true
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: falseThis is my I couldn't find any option that seems to directly relate to storage compression and I haven't installed any extra extensions myself that im aware of. |
|
@Shard do you have the |
|
Ah yes I do! Apologies for not noticing that one. Turned it off and mint seems happy to xray nginx now 🎉 : $ mint xray nginx:latest
cmd=xray state=started
cmd=xray info=cmd.input.params runtime='auto/docker' target='nginx:latest' add-image-manifest='false' add-image-config='false' rm-file-artifacts='false'
cmd=xray state=image.api.inspection.start
cmd=xray info=image size.bytes='197054395' size.human='197 MB' architecture='arm64' id='sha256:5e0fa356e6f4a996ca452b017c81aca3d087ae38f873ed8314af16126423b21f'
cmd=xray info=image.stack index='0' name='nginx:latest' id='sha256:5e0fa356e6f4a996ca452b017c81aca3d087ae38f873ed8314af16126423b21f' instructions='17' message='see report file for details'
cmd=xray info=image.exposed_ports list='80/tcp'
cmd=xray state=image.api.inspection.done
cmd=xray state=image.data.inspection.start
cmd=xray info=image.data.inspection.save.image.start
cmd=xray info=image.data.inspection.save.image.end
cmd=xray info=image.data.inspection.process.image.start
cmd=xray info=image.data.inspection.process.image.end
cmd=xray state=image.data.inspection.done
...
cmd=xray state=completed
cmd=xray state=done |
|
@Shard good to have a work around :-) Testing the new version where it's not necessary... I'll share an update when it's ready for use |
|
@Shard by the way, it's a good idea to use additional flags for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
run
slim x nginx:latest --debug --verboseshould return xray reports
Actual Behavior
It gives an API error(500)
Specifications
slim version darwin/arm64|Transformer|1.40.11|latest|latestThe text was updated successfully, but these errors were encountered: