Error while loading local image #213
Description
Description
Error while attempting to run a report on a locally saved container image (via docker save ... in my case):
❯ docker run --rm -it --platform linux/amd64 -v $PWD/clair:/clair quay.io/projectquay/clair-action:v0.0.11 clair-action report --db-path=/clair/db.sqlite --image-path=/clair/poc.tar
2025-03-27T21:27:31Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"}]
2025-03-27T21:27:31Z INF libvuln initialized component=libvuln/New
2025/03/27 21:27:31 error creating manifest: unable to decode digest as hex
It appears this is what the caller saves to be parsed by claircore:
img.imageDigest = "blobs/sha256/0e6b08777d615aadd3edfed5bbacf2b942bfa32ea3d507402e1e630c64bb9c43"
Here's the manifest.json that's causing the error:
[
{
"Config": "blobs/sha256/0e6b08777d615aadd3edfed5bbacf2b942bfa32ea3d507402e1e630c64bb9c43",
"RepoTags": [
"poc:local"
],
"Layers": [
"blobs/sha256/9c742cd6c7a5752ee36be8ecb14be45c0885e10e6dd34f26a9ae3eb096c5d492",
"blobs/sha256/03127cdb479b0f1eb8a9b0df8e8d72ead24979728d3c84ff645611b9d8790f94",
"blobs/sha256/293d5db30c9fcf33b65fa033e427fdd118464f9ea0c2a343a478a6e89c29140e",
"blobs/sha256/9b55156abf262eac3e6bd3ae60e7277ab4f9c69543650d7ecefc8c26ee889873",
"blobs/sha256/b626401ef603dd383fc3a43cf474186827db1875591bfc84b178177ca010015b",
"blobs/sha256/53a0b163e9955ffb80569ef37e13fbf5d1074ddd67bc5ad09d7bd874b800396a",
"blobs/sha256/6b5aaff4425423d122ebe4f1514a1994ae60954fc8a2299787df0ddb1a12f6b9",
"blobs/sha256/0e15f3ffb70dd75b481c31d596022474f55897711c5f702e9e23d91d7fc09e77",
"blobs/sha256/e3653496cd51db5aa92887669a53172738c7162704da35c081e5505963b03fb8",
"blobs/sha256/fbda8d202630bc99231252f5d9da69b04cf4429d2cf5adaf7a6bb842ff5cb066",
"blobs/sha256/da5794b7afcdd5e8a3e600013b4fc197081dfbb753ad0e84e36ce4b8c11d8118"
],
"LayerSources": {
"sha256:03127cdb479b0f1eb8a9b0df8e8d72ead24979728d3c84ff645611b9d8790f94": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 11301376,
"digest": "sha256:03127cdb479b0f1eb8a9b0df8e8d72ead24979728d3c84ff645611b9d8790f94"
},
"sha256:0e15f3ffb70dd75b481c31d596022474f55897711c5f702e9e23d91d7fc09e77": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 1536,
"digest": "sha256:0e15f3ffb70dd75b481c31d596022474f55897711c5f702e9e23d91d7fc09e77"
},
"sha256:293d5db30c9fcf33b65fa033e427fdd118464f9ea0c2a343a478a6e89c29140e": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 19311616,
"digest": "sha256:293d5db30c9fcf33b65fa033e427fdd118464f9ea0c2a343a478a6e89c29140e"
},
"sha256:53a0b163e9955ffb80569ef37e13fbf5d1074ddd67bc5ad09d7bd874b800396a": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 3584,
"digest": "sha256:53a0b163e9955ffb80569ef37e13fbf5d1074ddd67bc5ad09d7bd874b800396a"
},
"sha256:6b5aaff4425423d122ebe4f1514a1994ae60954fc8a2299787df0ddb1a12f6b9": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 209758208,
"digest": "sha256:6b5aaff4425423d122ebe4f1514a1994ae60954fc8a2299787df0ddb1a12f6b9"
},
"sha256:9b55156abf262eac3e6bd3ae60e7277ab4f9c69543650d7ecefc8c26ee889873": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 156534784,
"digest": "sha256:9b55156abf262eac3e6bd3ae60e7277ab4f9c69543650d7ecefc8c26ee889873"
},
"sha256:9c742cd6c7a5752ee36be8ecb14be45c0885e10e6dd34f26a9ae3eb096c5d492": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 129195520,
"digest": "sha256:9c742cd6c7a5752ee36be8ecb14be45c0885e10e6dd34f26a9ae3eb096c5d492"
},
"sha256:b626401ef603dd383fc3a43cf474186827db1875591bfc84b178177ca010015b": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 11739648,
"digest": "sha256:b626401ef603dd383fc3a43cf474186827db1875591bfc84b178177ca010015b"
},
"sha256:da5794b7afcdd5e8a3e600013b4fc197081dfbb753ad0e84e36ce4b8c11d8118": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 40300544,
"digest": "sha256:da5794b7afcdd5e8a3e600013b4fc197081dfbb753ad0e84e36ce4b8c11d8118"
},
"sha256:e3653496cd51db5aa92887669a53172738c7162704da35c081e5505963b03fb8": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 214016,
"digest": "sha256:e3653496cd51db5aa92887669a53172738c7162704da35c081e5505963b03fb8"
},
"sha256:fbda8d202630bc99231252f5d9da69b04cf4429d2cf5adaf7a6bb842ff5cb066": {
"mediaType": "application/vnd.oci.image.layer.v1.tar",
"size": 291604992,
"digest": "sha256:fbda8d202630bc99231252f5d9da69b04cf4429d2cf5adaf7a6bb842ff5cb066"
}
}
}
]