Skip to content

chore(scanner): bump claircore to v1.5.48#18341

Closed
guzalv wants to merge 1 commit intomasterfrom
fix-claircore-file-uri-scheme
Closed

chore(scanner): bump claircore to v1.5.48#18341
guzalv wants to merge 1 commit intomasterfrom
fix-claircore-file-uri-scheme

Conversation

@guzalv
Copy link
Contributor

@guzalv guzalv commented Dec 29, 2025
edited
Loading

Description

This PR bumps claircore from v1.5.44 to v1.5.48 and preemptively adds file:// URI scheme prefix to filesystem layer paths in the node indexer.

Context:
Currently, everything works fine with claircore v1.5.44. However, testing revealed that future bumps to claircore v1.5.45+ would break roxagent because claircore commit 989d2f7c introduced URI scheme validation requiring file:// prefixes for filesystem layers.

Changes:

  • Prepend file:// to hostPath when creating LayerDescription in compliance/node/index/indexer.go
  • Bump claircore from v1.5.44 to v1.5.48

Why v1.5.48:

  • Includes URI validation (commit 989d2f7c from v1.5.45)
  • Adds filterfs wrapper that gracefully handles filesystem access errors (e.g., zombie processes in /proc)
  • 33 commits of bug fixes and improvements between v1.5.44 and v1.5.48

User-facing documentation

  • CHANGELOG.md is updated OR update is not needed
  • documentation PR is created and is linked above OR is not needed

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

No new tests added - existing node indexer tests cover this code path.

How I validated my change

  • Built scanner with claircore v1.5.48 locally
  • Verified node indexer works with file:// URI scheme
  • Confirmed the change is forward-compatible with future claircore versions

@openshift-ci
Copy link

openshift-ci bot commented Dec 29, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@guzalv guzalv changed the title fix(scanner): add file:// URI scheme for claircore filesystem layers chore(scanner): bump claircore to v1.5.48 Dec 29, 2025
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Dec 29, 2025
edited
Loading

Images are ready for the commit at 66afecb.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.10.x-676-g66afecb5c1.

@guzalv
chore(scanner): bump claircore to v1.5.48
66afecb 
This bumps claircore from v1.5.44 to v1.5.48 and preemptively adds the
file:// URI scheme prefix to filesystem layer paths in the node indexer.

Context:
Currently, everything works fine with claircore v1.5.44. However, testing
revealed that future bumps to claircore v1.5.45+ would break roxagent
because claircore commit 989d2f7c introduced URI scheme validation
requiring file:// prefixes for filesystem layers.

Changes:
- Prepend "file://" to hostPath when creating LayerDescription
- Bump claircore from v1.5.44 to v1.5.48

The v1.5.48 bump also includes filterfs improvements that handle
zombie processes in /proc and other filesystem access errors more
gracefully.

This change was partially generated by AI.
@guzalv guzalv force-pushed the fix-claircore-file-uri-scheme branch from f6e4d49 to 66afecb Compare December 29, 2025 13:52
@guzalv guzalv closed this Feb 23, 2026
@vikin91
Copy link
Contributor

vikin91 commented Mar 11, 2026

@guzalv what was the reason for closing this? The PR description says it was working, wasn't it?
I was pointed here from ROX-32459 and I am wondering why the fix was abandoned.

@guzalv
Copy link
Contributor Author

guzalv commented Mar 11, 2026

@guzalv what was the reason for closing this? The PR description says it was working, wasn't it? I was pointed here from ROX-32459 and I am wondering why the fix was abandoned.

I closed this because it introduced behavior that was not expected, and at the time I found the problem I could not prioritize understanding it properly.

I hoped that the future us handling that ticket could take the useful bits from here and the ticket description/comments to make a proper fix.

Feel free to reopen this and take over!

@vikin91 vikin91 mentioned this pull request Mar 13, 2026
Draft
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai-assisted do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@guzalv @rhacs-bot @vikin91