arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add imageFormt to API.md; add xz to Dockerfile; fix bugs

Browse Source 
Signed-off-by: Liang Chenye <liangchenye@huawei.com>
This commit is contained in:
Liang Chenye 2015-12-15 20:29:53 -08:00
parent 8b649af666
commit 41509ccd3e
5 changed files with 32 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,7 +1,7 @@
FROM golang:1.5 FROM golang:1.5
MAINTAINER Quentin Machu <quentin.machu@coreos.com> MAINTAINER Quentin Machu <quentin.machu@coreos.com>
RUN apt-get update && apt-get install -y bzr rpm && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* RUN apt-get update && apt-get install -y bzr rpm xz && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN mkdir /db RUN mkdir /db
VOLUME /db VOLUME /db

9
docs/API.md
View File

@ -112,7 +112,8 @@ It processes and inserts a new Layer in the database.
|------|-----|-------------| |------|-----|-------------|
|ID|String|Unique ID of the Layer| |ID|String|Unique ID of the Layer|
|Path|String|Absolute path or HTTP link pointing to the Layer's tar file| |Path|String|Absolute path or HTTP link pointing to the Layer's tar file|
|ParentID|String|(Optionnal) Unique ID of the Layer's parent |ParentID|String|(Optional) Unique ID of the Layer's parent|
|ImageFormat|String|Image format of the Layer ('Docker' or 'ACI')|
If the Layer has not parent, the ParentID field should be omitted or empty. If the Layer has not parent, the ParentID field should be omitted or empty.
@ -346,7 +347,7 @@ It returns the lists of vulnerabilities which affect a given Layer.
|Name|Type|Description| |Name|Type|Description|
|------|-----|-------------| |------|-----|-------------|
|ID|String|Unique ID of the Layer| |ID|String|Unique ID of the Layer|
|minimumPriority|Priority|(Optionnal) The minimum priority of the returned vulnerabilities. Defaults to High| |minimumPriority|Priority|(Optional) The minimum priority of the returned vulnerabilities. Defaults to High|
### Example ### Example
@ -389,7 +390,7 @@ It returns the lists of vulnerabilities which are introduced and removed by the
|Name|Type|Description| |Name|Type|Description|
|------|-----|-------------| |------|-----|-------------|
|ID|String|Unique ID of the Layer| |ID|String|Unique ID of the Layer|
|minimumPriority|Priority|(Optionnal) The minimum priority of the returned vulnerabilities| |minimumPriority|Priority|(Optional) The minimum priority of the returned vulnerabilities|
### Example ### Example
@ -436,7 +437,7 @@ Counterintuitively, this request is actually a POST to be able to pass a lot of
|Name|Type|Description| |Name|Type|Description|
|------|-----|-------------| |------|-----|-------------|
|LayersIDs|Array of strings|Unique IDs of Layers| |LayersIDs|Array of strings|Unique IDs of Layers|
|minimumPriority|Priority|(Optionnal) The minimum priority of the returned vulnerabilities. Defaults to High| |minimumPriority|Priority|(Optional) The minimum priority of the returned vulnerabilities. Defaults to High|
### Example ### Example

9
worker/detectors/data/aci.go
View File

@ -30,17 +30,12 @@ func init() {
} }
func (detector *ACIDataDetector) Supported(path string, format string) bool { func (detector *ACIDataDetector) Supported(path string, format string) bool {
switch format { if strings.EqualFold(format, "ACI") {
case "":
if strings.HasSuffix(path, ".aci") {
return true
}
case "aci":
return true return true
} }
return false return false
} }
func (detector *ACIDataDetector) Detect(layerReader io.ReadCloser, toExtract []string, maxFileSize int64) (map[string][]byte, error) { func (detector *ACIDataDetector) Detect(layerReader io.ReadCloser, toExtract []string, maxFileSize int64) (map[string][]byte, error) {
return utils.SelectivelyExtractArchive(layerReader, "./rootfs/", toExtract, maxFileSize) return utils.SelectivelyExtractArchive(layerReader, "rootfs/", toExtract, maxFileSize)
} }

17
worker/detectors/data/tar.go → worker/detectors/data/docker.go
View File

@ -22,25 +22,20 @@ import (
"github.com/coreos/clair/worker/detectors" "github.com/coreos/clair/worker/detectors"
) )
// TarDataDetector implements DataDetector and detects layer data in 'tar' format // DockerDataDetector implements DataDetector and detects layer data in 'Docker' format
type TarDataDetector struct{} type DockerDataDetector struct{}
func init() { func init() {
detectors.RegisterDataDetector("tar", &TarDataDetector{}) detectors.RegisterDataDetector("Docker", &DockerDataDetector{})
} }
func (detector *TarDataDetector) Supported(path string, format string) bool { func (detector *DockerDataDetector) Supported(path string, format string) bool {
switch format { if strings.EqualFold(format, "Docker") {
case "":
if strings.HasSuffix(path, ".tar") || strings.HasSuffix(path, ".tar.gz") {
return true
}
case "tar":
return true return true
} }
return false return false
} }
func (detector *TarDataDetector) Detect(layerReader io.ReadCloser, toExtract []string, maxFileSize int64) (map[string][]byte, error) { func (detector *DockerDataDetector) Detect(layerReader io.ReadCloser, toExtract []string, maxFileSize int64) (map[string][]byte, error) {
return utils.SelectivelyExtractArchive(layerReader, "", toExtract, maxFileSize) return utils.SelectivelyExtractArchive(layerReader, "", toExtract, maxFileSize)
} }

19
worker/worker.go
View File

@ -49,6 +49,9 @@ var (
// SupportedOS is the list of operating system names that the worker supports. // SupportedOS is the list of operating system names that the worker supports.
SupportedOS = []string{"debian", "ubuntu", "centos"} SupportedOS = []string{"debian", "ubuntu", "centos"}
// SupportedImageFormat is the list of image formats that the worker supports.
SupportedImageFormat = []string{"Docker", "ACI"}
) )
// Process detects the OS of a layer, the packages it installs/removes, and // Process detects the OS of a layer, the packages it installs/removes, and
@ -60,8 +63,22 @@ func Process(ID, parentID, path string, imageFormat string) error {
if path == "" { if path == "" {
return cerrors.NewBadRequestError("could not process a layer which does not have a path") return cerrors.NewBadRequestError("could not process a layer which does not have a path")
} }
if imageFormat == "" {
return cerrors.NewBadRequestError("could not process a layer which does not have a specified format")
} else {
isSupported := false
for _, format := range SupportedImageFormat {
if strings.EqualFold(imageFormat, format) {
isSupported = true
break
}
}
if !isSupported {
return cerrors.NewBadRequestError("could not process a layer which does not have a supported format")
}
}
log.Debugf("layer %s: processing (Location: %s, Engine version: %d, Parent: %s, format: %s)", ID, utils.CleanURL(path), Version, parentID, imageFormat) log.Debugf("layer %s: processing (Location: %s, Engine version: %d, Parent: %s, Format: %s)", ID, utils.CleanURL(path), Version, parentID, imageFormat)
// Check to see if the layer is already in the database. // Check to see if the layer is already in the database.
layer, err := database.FindOneLayerByID(ID, []string{database.FieldLayerEngineVersion}) layer, err := database.FindOneLayerByID(ID, []string{database.FieldLayerEngineVersion})