Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release trivy_0.51.3_Linux-64bit binary is broken #6771

Closed
2 tasks
DmitriyLewen opened this issue May 24, 2024 Discussed in #6770 · 11 comments
Closed
2 tasks

Release trivy_0.51.3_Linux-64bit binary is broken #6771

DmitriyLewen opened this issue May 24, 2024 Discussed in #6770 · 11 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@DmitriyLewen
Copy link
Contributor

Discussed in #6770

Originally posted by haskjold May 24, 2024

Description

Running the latest Trivy release results in error.

Desired Behavior

That it works :)

Actual Behavior

Running the latest Trivy release gives the following error:

$ ./trivy 
panic: 1 error occurred: checks/docker/update_instruction_alone.rego:48: rego_type_error: undefined function sh.parse_commands

goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/iac/rego.RegisterRegoRules(0xc00137eb10)
	/home/runner/work/trivy/trivy/pkg/iac/rego/embed.go:46 +0x29c
github.com/aquasecurity/trivy/pkg/iac/rego.init.1()
	/home/runner/work/trivy/trivy/pkg/iac/rego/embed.go:30 +0x185

Reproduction Steps

Execute the binary.

Target

None

Scanner

None

Output Format

None

Mode

None

Debug Output

Same as running it without as it is broken:


./trivy --debug
panic: 1 error occurred: checks/docker/update_instruction_alone.rego:48: rego_type_error: undefined function sh.parse_commands

goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/iac/rego.RegisterRegoRules(0xc0013d4810)
	/home/runner/work/trivy/trivy/pkg/iac/rego/embed.go:46 +0x29c
github.com/aquasecurity/trivy/pkg/iac/rego.init.1()
	/home/runner/work/trivy/trivy/pkg/iac/rego/embed.go:30 +0x185


### Operating System

Ubuntu 22.04

### Version

```bash
v0.51.3

Checklist
@DmitriyLewen DmitriyLewen added the kind/bug Categorizes issue or PR as related to a bug. label May 24, 2024
@knqyf263
Copy link
Collaborator

We deleted v0.51.3 for a workaround. Please downgrade to v0.51.2. Will fix it asap.

@wvdhaute
Copy link

can you retag the latest image to 0.51.2 on docker hub?

Else we need to downgrade alot of CI jobs in alot of projects until the fix is out

@sebastiandero
Copy link

Downgrade works! Thank you @knqyf263

@ayushxx7
Copy link

ayushxx7 commented May 24, 2024
edited
Loading

+1 for releasing fixed docker image #6771 (comment)

@njpluang
Copy link

Can you revert the docker images as well? we are using the latest tag.

@DmitriyLewen
Copy link
Contributor Author

v0.51.4 released 👍

@DmitriyLewen
Copy link
Contributor Author

I'm closing this issue.
Please feel free to write here if you still have problems.

@dannystaple dannystaple mentioned this issue May 24, 2024
Closed
@dannystaple
Copy link

A note on the downgrade, the deb pakcages only have the most recent version available:

/# apt-cache policy trivy
trivy:
  Installed: (none)
  Candidate: 0.51.3
  Version table:
     0.51.3 500
        500 https://aquasecurity.github.io/trivy-repo/deb jammy/main amd64 Packages

CI processes using trivy will break until a fix is made if using the repository installation described at https://aquasecurity.github.io/trivy/v0.51/getting-started/installation/.

@DmitriyLewen
Copy link
Contributor Author

DmitriyLewen commented May 24, 2024
edited
Loading

v0.51.4 is available using the generic directory - https://aquasecurity.github.io/trivy/v0.51/getting-started/installation/#debianubuntu-official

for v0.51.2 or previous versions - use OS release name or $(lsb_release -sc)
See - https://aquasecurity.github.io/trivy/v0.50/getting-started/installation/#debianubuntu-official

@dannystaple
Copy link

Hello, I just attempted those debian/ubuntu official methods. They can only install whatever the most recent package is.
I tried the following two ways. First the generic directory:

$ docker run -it --rm ubuntu:jammy
root@53f1032c9c33:/# apt-get update -y && apt-get install -y wget apt-transport-https gnupg ca-certificates --no-install-recommends
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] ...
:
:
root@53f1032c9c33:/#  wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null
root@53f1032c9c33:/# echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" |  tee -a /etc/apt/sources.list.d/trivy.list
deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main
root@53f1032c9c33:/# apt-get update -y
Get:1 https://aquasecurity.github.io/trivy-repo/deb generic InRelease [3063 B]
:
:
root@53f1032c9c33:/# apt-cache policy trivy
trivy:
  Installed: (none)
  Candidate: 0.51.4
  Version table:
     0.51.4 500
        500 https://aquasecurity.github.io/trivy-repo/deb generic/main amd64 Packages
root@53f1032c9c33:/# apt-get install trivy=0.51.2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package trivy is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Version '0.51.2' for 'trivy' was not found

As you can see, the generic only has the latest version available. Apt-cache policy only shows that version, and trying to install an earlier one will not work.

Doing the same with the OS release named version in a fresh container:

$ docker run -it --rm ubuntu:jammy
root@27da1888db8b:/#  apt-get update -y && apt-get install -y wget apt-transport-https gnupg  lsb-release ca-certificates --no-install-recommends
:
:

root@27da1888db8b:/# wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null
root@27da1888db8b:/# echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb jammy main
root@27da1888db8b:/# apt-get update -y
Get:1 https://aquasecurity.github.io/trivy-repo/deb jammy InRelease [3061 B]
:
:
root@27da1888db8b:/# apt-cache policy trivy
trivy:
  Installed: (none)
  Candidate: 0.51.4
  Version table:
     0.51.4 500
        500 https://aquasecurity.github.io/trivy-repo/deb jammy/main amd64 Packages
root@27da1888db8b:/# apt-get install trivy=0.51.2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package trivy is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Version '0.51.2' for 'trivy' was not found

In both methods, a roll back was not possible. Perhaps that deb repository could have a few versions in it?

@DmitriyLewen
Copy link
Contributor Author

Helllo @dannystaple
I was in hurry to fix problem with v0.51.3 and told you wrong information.

You are right. trivy-repo contains only latest Trivy version.

Perhaps that deb repository could have a few versions in it?

trivy-repo is already large. So i think we won't add previous versions.

But you can always download any binary version from release page.

Regards, Dmitriy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dannystaple @wvdhaute @knqyf263 @sebastiandero @ayushxx7 @DmitriyLewen @njpluang