* [Bug debuginfod/25370] New: container image/registry scanning
@ 2020-01-11 0:36 fche at redhat dot com
0 siblings, 0 replies; only message in thread
From: fche at redhat dot com @ 2020-01-11 0:36 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25370
Bug ID: 25370
Summary: container image/registry scanning
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: debuginfod
Assignee: unassigned at sourceware dot org
Reporter: fche at redhat dot com
CC: elfutils-devel at sourceware dot org, lberk at redhat dot com
Target Milestone: ---
There may be a use case where debuginfo-carrying container images are available
on registries or filesystems, and where extracting that content could serve
container debugging tasks.
hypothetical algorithm:
- given a list of image names
- periodically make contact with designated registry across
https://docs.docker.com/registry/spec/api/
- fetch authentication token if needed
- download image manifest json, thence layer fs-delta files (tarballs)
- scan resulting tarballs as ordinary libarchive inputs
- use fs-delta blob hexid as archive path key - need only ever scan once!
- https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
or podman-intermediated:
- given a list of image names
- perform periodic "podman pull"s
- podman mount
- scan contents in -F mode
- "podman unmount" afterwards
- ... or podman save; scan the resulting tarball's contents as sub tarballs
- one problem is how to scan only new layers (and not waste time
instantiating old at all)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-01-11 0:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-11 0:36 [Bug debuginfod/25370] New: container image/registry scanning fche at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).