Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to download Debian and Redhat vulnerabilities #171

Closed
nlamirault opened this issue May 11, 2016 · 5 comments
Closed

Unable to download Debian and Redhat vulnerabilities #171

nlamirault opened this issue May 11, 2016 · 5 comments
Labels
kind/question something that couldn't be answered in the docs

Comments

@nlamirault
Copy link

I try to use Clair using this docker-compose file :

version: '2'
services:
  postgres:
    container_name: clair_postgres
    image: postgres:latest
    environment:
      POSTGRES_PASSWORD: password

  clair:
    container_name: clair_clair
    image: quay.io/coreos/clair:v1.2.0
    depends_on:
      - postgres
    ports:
      - "6060-6061:6060-6061"
    links:
      - postgres
    volumes:
      - /tmp:/tmp
      - ./clair_config:/config
    command: [-config, /config/config.yaml]

The output logs :

clair_postgres | LOG:  database system was shut down at 2016-05-11 10:57:14 UTC
clair_postgres | LOG:  MultiXact member wraparound protections are now enabled
clair_postgres | LOG:  autovacuum launcher started
clair_postgres | LOG:  database system is ready to accept connections
clair_clair    | 2016-05-11 10:57:35.407608 I | pgsql: running database migrations
clair_clair    | goose: no migrations to run. current version: 20151222113213
clair_clair    | 2016-05-11 10:57:35.420840 I | pgsql: database migration ran successfully
clair_clair    | 2016-05-11 10:57:35.421063 I | api: starting main API on port 6060.
clair_clair    | 2016-05-11 10:57:35.421177 I | notifier: notifier service is disabled
clair_clair    | 2016-05-11 10:57:35.421360 I | updater: updater service started. lock identifier: 78140553-227c-4c6b-8cc7-7dc9a9bc4081
clair_clair    | 2016-05-11 10:57:35.421378 I | api: starting health API on port 6061.
clair_clair    | 2016-05-11 10:57:35.433223 I | updater: updating vulnerabilities
clair_clair    | 2016-05-11 10:57:35.433254 I | updater: fetching vulnerability updates
clair_clair    | 2016-05-11 10:57:35.433298 I | updater/fetchers/ubuntu: fetching Ubuntu vulnerabilities
clair_clair    | 2016-05-11 10:57:35.433381 I | updater/fetchers/debian: fetching Debian vulnerabilities
clair_clair    | 2016-05-11 10:57:35.433796 I | updater/fetchers/rhel: fetching Red Hat vulnerabilities
clair_clair    | 2016-05-11 10:57:35.444150 E | updater/fetchers/debian: could not download Debian's update: Get https://security-tracker.debian.org/tracker/data/json: dial tcp: lookup security-tracker.debian.org on 127.0.0.11:53: cannot unmarshal DNS message
clair_clair    | 2016-05-11 10:57:35.444167 E | updater: an error occured when fetching update 'debian': could not download requested resource.
clair_clair    | 2016-05-11 10:57:35.510256 E | updater/fetchers/rhel: could not download RHEL's update list: Get https://www.redhat.com/security/data/oval/: dial tcp: lookup www.redhat.com on 127.0.0.11:53: cannot unmarshal DNS message
clair_clair    | 2016-05-11 10:57:35.510274 E | updater: an error occured when fetching update 'Red Hat': could not download requested resource.
@jgsqware
Copy link
Contributor

Could you ping/curl trackers urls from inside your container?

@nlamirault
Copy link
Author

Yes.

docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS              PORTS                              NAMES
380cdb058a8c        quay.io/coreos/clair:v1.2.0   "clair -config /confi"   3 hours ago         Up About a minute   0.0.0.0:6060-6061->6060-6061/tcp   clair_clair
3c8b00e4b44f        postgres:latest               "/docker-entrypoint.s"   22 hours ago        Up About a minute   5432/tcp                           clair_postgres

docker exec 380cdb058a8c wget  https://security-tracker.debian.org/tracker/data/json
converted 'https://security-tracker.debian.org/tracker/data/json' (ANSI_X3.4-1968) -> 'https://security-tracker.debian.org/tracker/data/json' (UTF-8)
--2016-05-11 14:15:18--  https://security-tracker.debian.org/tracker/data/json
Resolving security-tracker.debian.org (security-tracker.debian.org)... 128.31.0.67
Connecting to security-tracker.debian.org (security-tracker.debian.org)|128.31.0.67|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream]
Saving to: 'json.2'

     0K .......... .......... .......... .......... ..........  131K
    50K .......... .......... .......... .......... ..........  196K
   100K .......... .......... .......... .......... ..........  509K
   150K .......... .......... .......... .......... ..........  353K
   200K .......... .......... .......... .......... ..........  211K
   250K .......... .......... .......... .......... ..........  446K

@Quentin-M
Copy link
Contributor

Hi,

It looks related to golang/go#11070. Could you give golang/go@9010c2c a try?

@Quentin-M Quentin-M added kind/question something that couldn't be answered in the docs component/updater labels May 11, 2016
@Quentin-M
Copy link
Contributor

Quentin-M commented Jun 9, 2016
edited

Try to inject GODEBUG=netdns=cgo in the Dockerfile, before build time.

@jzelinskie
Copy link
Contributor

Closing this due to age, if you're still encountering this issue, please create a new one.

@AaronFriel AaronFriel mentioned this issue Feb 11, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question something that couldn't be answered in the docs
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nlamirault @jzelinskie @Quentin-M @jgsqware