-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dpkg status files have base64 filenames #787
Comments
I noticed this too, and wasn't able to fully understand it but I think it had something to do with python 2 vs 3. We use a special flag in the cloud build releases to force python 2. |
@dlorenc that's gone, there's no more building with python2 |
Ah right. @johngmyers what version of python are you using? We force 3 here: https://github.com/GoogleContainerTools/distroless/blob/main/cloudbuild.yaml#L23 |
Ah sorry I misread - you're saying this is in the default images, not ones you're building yourself? |
I see this with the official distroless java11 image, so I think that eliminates my build chain |
I see this in both the official images and the ones I'm building myself. |
So for example, I think |
has this always been an issue? |
I don't know. I didn't care. No one really complained though. It's just that it doesn't look correct. Maybe a vulnerability scanner will not be able to recognize installed packages and their versions. |
k well I'll try to fix the py2 -> py3 migration issue for now, and then have someone look at the naming issue |
IIRC, I think this comes from distroless/package_manager/dpkg_parser.py Line 114 in 5ab7f98
I suspect this is because Bazel has issues with special characters in file names (e.g. |
So this should be fixed with: bazelbuild/rules_docker#1922 (which fixes parsing metadata, not the filenames) |
@chanseokoh you wrote in #787 (comment)
That's the point I made in #741 ... basically official distroless images makeup is essentially NOT observable and IMHO this lack of observability makes them poorly suited to be used --more or less-- as base images of the whole K8S ecosystem. What can I do to help? |
Our image scanner is having trouble determining the versions of things in distroless-based images.
The files in
var/lib/dpkg/status.d
now have filenames that appear to be encoded in base64:Prior to the Python 3 PRs landing, they looked like:
Was this an intentional change?
The text was updated successfully, but these errors were encountered: