https://sourceware.org/bugzilla/show_bug.cgi?id=25370
Bug ID: 25370
Summary: container image/registry scanning
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: debuginfod
Assignee: unassigned at sourceware dot org
Reporter: fche at redhat dot com
CC: elfutils-devel at sourceware dot org, lberk at redhat dot
com
Target Milestone: ---
There may be a use case where debuginfo-carrying container images are available
on registries or filesystems, and where extracting that content could serve
container debugging tasks.
hypothetical algorithm:
- given a list of image names
- periodically make contact with designated registry across
https://docs.docker.com/registry/spec/api/
- fetch authentication token if needed
- download image manifest json, thence layer fs-delta files (tarballs)
- scan resulting tarballs as ordinary libarchive inputs
- use fs-delta blob hexid as archive path key - need only ever scan once!
- https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
or podman-intermediated:
- given a list of image names
- perform periodic "podman pull"s
- podman mount
- scan contents in -F mode
- "podman unmount" afterwards
- ... or podman save; scan the resulting tarball's contents as sub tarballs
- one problem is how to scan only new layers (and not waste time
instantiating old at all)
--
You are receiving this mail because:
You are on the CC list for the bug.
