Skip to content

ROX-32459: Bump claircore to v1.5.50 to fix node/vm indexing #19422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
vikin91 wants to merge 2 commits into
base: master
Choose a base branch
from
+65 −34
Draft

ROX-32459: Bump claircore to v1.5.50 to fix node/vm indexing #19422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bcf84ea
chore(scanner): bump claircore to v1.5.50 for node indexing
vikin91 Mar 13, 2026
f710db5
Run go mod tidy
vikin91 Mar 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions compliance/node/index/indexer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ import (
"encoding/json"
"fmt"
"net/http"
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
"time"
Expand Down Expand Up @@ -195,14 +197,27 @@ func (l *localNodeIndexer) IndexNode(ctx context.Context) (*v4.IndexReport, erro

func layer(ctx context.Context, digest string, hostPath string) (*claircore.Layer, error) {
log.Debugf("Realizing mount path: %s", hostPath)
if hostPath == "" {
return nil, errors.New("host path is empty")
}

absoluteHostPath, err := filepath.Abs(hostPath)
if err != nil {
return nil, errors.Wrapf(err, "resolving absolute host path %q", hostPath)
}
hostURI := (&url.URL{
Scheme: "file",
Path: filepath.ToSlash(absoluteHostPath),
}).String()

desc := &claircore.LayerDescription{
Digest: digest,
URI: hostPath,
URI: hostURI,
MediaType: layerMediaType,
}

l := &claircore.Layer{}
err := l.Init(ctx, desc, nil)
err = l.Init(ctx, desc, nil)
return l, errors.Wrap(err, "failed to init layer")
}

Expand Down
19 changes: 18 additions & 1 deletion compliance/node/index/indexer_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"crypto/x509"
"net/http"
"net/http/httptest"
"net/url"
"os"
"path/filepath"
"strings"
Expand Down Expand Up @@ -102,7 +103,23 @@ func (s *nodeIndexerSuite) TestLayer() {

func (s *nodeIndexerSuite) TestLayerNoURI() {
_, err := layer(context.Background(), layerDigest, "")
s.ErrorContains(err, "no URI provided")
s.ErrorContains(err, "host path is empty")
}

func (s *nodeIndexerSuite) TestLayerUsesFileURI() {
layer, err := layer(context.Background(), layerDigest, "testdata")
s.Require().NoError(err)
s.T().Cleanup(func() {
s.Require().NoError(layer.Close())
})

parsedURI, err := url.Parse(layer.URI)
s.Require().NoError(err)
s.Equal("file", parsedURI.Scheme)

expectedPath, err := filepath.Abs("testdata")
s.Require().NoError(err)
s.Equal(filepath.ToSlash(expectedPath), parsedURI.Path)
}

func (s *nodeIndexerSuite) TestLayerIllegalDigest() {
Expand Down
16 changes: 8 additions & 8 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ require (
github.com/prometheus/client_golang v1.23.2
github.com/prometheus/client_model v0.6.2
github.com/prometheus/common v0.67.5
github.com/quay/claircore v1.5.44
github.com/quay/claircore v1.5.50
github.com/quay/claircore/toolkit v1.4.0
github.com/quay/zlog v1.1.9
github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319
Expand Down Expand Up @@ -227,7 +227,7 @@ require (
github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
github.com/aliyun/credentials-go v1.3.2 // indirect
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/anchore/go-struct-converter v0.1.0 // indirect
github.com/andybalholm/brotli v1.1.0 // indirect
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
Expand Down Expand Up @@ -411,7 +411,7 @@ require (
github.com/mschoch/smat v0.2.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/ncruces/go-strftime v0.1.9 // indirect
github.com/ncruces/go-strftime v1.0.0 // indirect
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
github.com/np-guard/models v0.5.7 // indirect
github.com/nwaples/rardecode v1.1.3 // indirect
Expand All @@ -424,7 +424,7 @@ require (
github.com/openshift-online/ocm-api-model/model v0.0.453 // indirect
github.com/openshift/custom-resource-status v1.1.2 // indirect
github.com/operator-framework/operator-lib v0.17.0 // indirect
github.com/package-url/packageurl-go v0.1.3 // indirect
github.com/package-url/packageurl-go v0.1.4 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
Expand Down Expand Up @@ -452,7 +452,7 @@ require (
github.com/sirupsen/logrus v1.9.4 // indirect
github.com/skeema/knownhosts v1.3.1 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/spdx/tools-golang v0.5.5 // indirect
github.com/spdx/tools-golang v0.5.7 // indirect
github.com/spf13/afero v1.15.0 // indirect
github.com/spf13/cast v1.10.0 // indirect
github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
Expand Down Expand Up @@ -499,7 +499,7 @@ require (
go.opentelemetry.io/proto/otlp v1.7.1 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.yaml.in/yaml/v2 v2.4.3 // indirect
golang.org/x/exp v0.0.0-20250813145105-42675adae3e6 // indirect
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
Expand All @@ -516,10 +516,10 @@ require (
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
kubevirt.io/containerized-data-importer-api v1.63.1 // indirect
kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect
modernc.org/libc v1.66.10 // indirect
modernc.org/libc v1.67.6 // indirect
modernc.org/mathutil v1.7.1 // indirect
modernc.org/memory v1.11.0 // indirect
modernc.org/sqlite v1.40.1 // indirect
modernc.org/sqlite v1.46.1 // indirect
oras.land/oras-go/v2 v2.6.0 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
Expand Down
45 changes: 22 additions & 23 deletions go.sum
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading