Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM generation fails on Windows #535

Open
imjasonh opened this issue Dec 13, 2021 · 6 comments
Open

SBOM generation fails on Windows #535

imjasonh opened this issue Dec 13, 2021 · 6 comments
Assignees
@imjasonh
Labels
lifecycle/frozen sbom Related to generation of SBOMs windows Issues related to building Windows images

Comments

@imjasonh
Copy link
Member

https://github.com/google/ko/runs/4508967288?check_suite_focus=true#step:4:91

++ go run ./ publish ./ --platform=windows/amd64 --preserve-import-paths
2021/12/13 16:28:50 Using base mcr.microsoft.com/windows/nanoserver:1809 for github.com/google/ko
2021/12/13 16:28:50 Building github.com/google/ko for windows/amd64
C:\Users\RUNNER~1\AppData\Local\Temp\ko2792353245\out: not executable file
2021/12/13 16:29:33 Loading ko.local/github.com/google/ko:f16f6b389d4d4ccfc1db0524e5f8ec6b315fc6a4e080f0ffe17f5074aa4a6d2a
2021/12/13 16:29:34 Loaded ko.local/github.com/google/ko:f16f6b389d4d4ccfc1db0524e5f8ec6b315fc6a4e080f0ffe17f5074aa4a6d2a
2021/12/13 16:29:34 Adding tag latest
2021/12/13 16:29:34 Added tag latest

The binary built by go build on Windows doesn't seem to be executable when we run go version -m on it, which causes SBOM generation to fail. Interestingly, this doesn't seem to block pushing the rest of the image.

cc @mattmoor
@imjasonh imjasonh self-assigned this Dec 13, 2021
@mattmoor
Copy link
Collaborator

Why didn't CI catch this? 🤔

@imjasonh
Copy link
Member Author

ko publish doesn't fail, so e2e tests on Windows didn't care.

This sounds like it may also be a gap in e2e tests, we should consider adding a cosign download sbom to the mix. That would probably require us to also push to a local registry, instead of just to ko.local like we do today.

@imjasonh imjasonh mentioned this issue Dec 14, 2021
Closed
@mattmoor mattmoor added this to the 0.10 milestone Dec 14, 2021
@imjasonh imjasonh removed this from the 0.10 milestone Feb 16, 2022
@mattn
Copy link
Contributor

mattn commented Mar 24, 2022

Container image does not exists in the registory at the first time. So cosigin download sbom will fail.

@mattn
Copy link
Contributor

mattn commented Mar 24, 2022

Ah, sorry. It is registory of base image. However I don't know why this fail always.

C:\>cosign download sbom gcr.io/distroless/static:latest
Error: image not found in registry
main.go:46: error during command execution: image not found in registry

@imjasonh
Copy link
Member Author

The distroless image doesn't currently push SBOMs to the registry, so cosign download sbom is expected to fail for that image.

@imjasonh imjasonh added the sbom Related to generation of SBOMs label Mar 28, 2022
@imjasonh imjasonh mentioned this issue Jun 8, 2022
Merged
@github-actions
Copy link

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Keep fresh with the 'lifecycle/frozen' label.

@imjasonh imjasonh added lifecycle/frozen windows Issues related to building Windows images and removed lifecycle/stale labels Jun 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@imjasonh imjasonh

Labels
lifecycle/frozen sbom Related to generation of SBOMs windows Issues related to building Windows images
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chmod the Go binary before SBOMing it imjasonh/ko
3 participants
@mattn @imjasonh @mattmoor