B
BlueBuild2w ago
Robert

setup on Gitlab with build --push: how to extract files from local image?

I jump through several loops to get my images scanned with trivy and data visualised with gitlab. 1) trivy image fails to scan because the rpmdb.sqlite is in the wrong place and trivy does not follow symlinks: https://github.com/aquasecurity/trivy/discussions/9188#discussioncomment-14162815 2) I run rpm -qa in the image and pipe the output outside the image to construct an SBOM file that can be read with trivy sbom The option 2) breaks currently for a reason I do not know. Logs: https://gitlab.com/eu-os/workspace-images/eu-os-base-demo/-/jobs/11086286906 I notice that after bluebuild build --push ... registry.gitlab.com/..., my call to docker run ... registry.gitlab.com/... leads to a new download of the image. That leads to a slow down. How can I call docker run or podman run without re-downloading the image?
GitLab
build_image (#11086286906) · Jobs · EU OS / EU OS Workspace Image...
GitLab.com
GitHub
distro alma/10 (newest release) does not deliver rpm findings · aq...
Description I use the bootc almalinux 10 kde image to test scanning with trivy: trivy image --scanners vuln quay.io/almalinuxorg/atomic-desktop-kde Note that this image may be x84_64 and my Fedora ...
5 Replies
Luke Skywunker
Luke Skywunker2w ago
The docker driver when --push is used doesn't end up loading the image into the local docker registry becuase the build runs in a buildkit container
Luke Skywunker
Luke Skywunker2w ago
You could use the podman build driver, but since you're running in gitlab, that might not work atm until I can find out what's causing that issue
GitHub
device or resource busy when trying to rechunk the image in GitLa...
I wanted to try GitLab CI for building my own images and pushing the result in gitlab.com container registry. However, when doing so with BB_BUILD_RECHUNK environment variable defined as "true...
Robert
RobertOP2w ago
I tried with buildah, but got errors during the build already. 
[09:26:59 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => --> Pushing cache [registry.gitlab.com/eu-os/workspace-images/eu-os-base-demo/eu-os-demo-almalinux]:fc9274ce1a95b435a1f3f456ab71f6a6103e76b1ff0b09bee9e0df6939f38541
[09:27:04 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => --> 5a4011bffca8
[09:27:04 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => [5/5] STEP 11/32: RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys   mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => error running container: did not get container start message from parent: EOF
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => Error: building at STEP "RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/": setup network: netavark: nftables error: "nft" did not return successfully while applying ruleset
[09:27:06 ERROR blue_build::commands:32] => Failed:
  × Failed to build registry.gitlab.com/eu-os/workspace-images/eu-os-base-
  │ demo/eu-os-demo-almalinux:br-almalinux-10
[09:26:59 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => --> Pushing cache [registry.gitlab.com/eu-os/workspace-images/eu-os-base-demo/eu-os-demo-almalinux]:fc9274ce1a95b435a1f3f456ab71f6a6103e76b1ff0b09bee9e0df6939f38541
[09:27:04 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => --> 5a4011bffca8
[09:27:04 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => [5/5] STEP 11/32: RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys   mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => error running container: did not get container start message from parent: EOF
[09:27:06 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => Error: building at STEP "RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/": setup network: netavark: nftables error: "nft" did not return successfully while applying ruleset
[09:27:06 ERROR blue_build::commands:32] => Failed:
  × Failed to build registry.gitlab.com/eu-os/workspace-images/eu-os-base-
  │ demo/eu-os-demo-almalinux:br-almalinux-10
logs: https://gitlab.com/eu-os/workspace-images/eu-os-base-demo/-/jobs/11091144933
GitLab
build_image (#11091144933) · Jobs · EU OS / EU OS Workspace Image...
GitLab.com
Robert
RobertOP2w ago
I also hit an error with podman: 
[18:01:56 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => [5/5] STEP 11/32: RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys   mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => error running container: did not get container start message from parent: EOF
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => Error: building at STEP "RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/": setup network: netavark: nftables error: "nft" did not return successfully while applying ruleset
[18:01:58 ERROR blue_build::commands:32] => Failed:
  × Failed to build registry.gitlab.com/eu-os/workspace-images/eu-os-base-
  │ demo/eu-os-demo-almalinux:br-almalinux-10
[18:01:56 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => [5/5] STEP 11/32: RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys   mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => internal:0:0-0: Error: Could not process rule: No such file or directory
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => 
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => error running container: did not get container start message from parent: EOF
[18:01:58 r.g.c/e/w/e/eu-os-demo-almalinux:br-almalinux-10] => Error: building at STEP "RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/": setup network: netavark: nftables error: "nft" did not return successfully while applying ruleset
[18:01:58 ERROR blue_build::commands:32] => Failed:
  × Failed to build registry.gitlab.com/eu-os/workspace-images/eu-os-base-
  │ demo/eu-os-demo-almalinux:br-almalinux-10
logs: https://gitlab.com/eu-os/workspace-images/eu-os-base-demo/-/jobs/11098685600
GitLab
build_image (#11098685600) · Jobs · EU OS / EU OS Workspace Image...
GitLab.com
Luke Skywunker
Luke Skywunker2w ago
Mind adding this info to the ticket I linked above?

Did you find this page helpful?