Until https://github.com/coreos/clair/pull/193 is merged, having
vulnerabilities that are tagged both rhel and centos would duplicate in
the database or use a change that requires a migration.
But presently due to the fetcher logic, the rhel provided
vulnerabilities are labelled for centos, and then the namespace does not
match and therefore not tested against.
So until such a day that a vulnerability could have both rhel and centos
label, then hack this in. It'll accomplish the same during this interim.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
Due to the detector registration and fact that their in a non-ordered
map, it is random whether the osrelease or redhatrelease detector would
hit. And likely resulted in alternately formatted namespace strings.
This change causes the osrelease to not detect when data has
centos-release or redhat-release, which is not _great_ because if the
redhatrelease detector is not compiled in, then that would not be a
fallback that the osrelease detector could rely on. :-\
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This allows clients to specify any HTTP headers that need to be used in
order to allow Clair to download a layer, rather than just the
Authorization header.
- return 422 when layer could not be analyzed (extraction failed or layer unsupported)
- return 404 if the parent is not found or the download path leads to a 404 page
Clair will now use a YAML configuration file instead of command line
arguments as the number of parameters grows.
Also, Clair now exposes a Boot() func that allows everyone to easily
create their own project and load dynamically their own fetchers/updaters.
