So last night i was experimenting with Clair and ClairCTL. main task i wanted to do was run clair and clairctl without requiring their individual containers.
Long story short, clair versions on website are different via different methods with no easy way to distiguish between them
Observations made are listed below
- clair is doing major upgrades and master branch is breaking compatibility with previous versions.
- Clair versions supporting v3 api do not have support for v1 api
- All the supporting tools: claircti, claircli, Klar are dependent on v1 apis
Clair versions
- Website : https://github.com/quay/clair lists release version as 2.1.4
- for getting clair up and running official instructions are https://github.com/quay/clair/blob/master/Documentation/running-clair.md
- Options to build from source https://github.com/quay/clair/blob/master/Documentation/running-clair.md#source has no clear warning this will build from latest not release
- both docker and docker-compose gives you 2.1.4 compiled inside a alpine linux container
So lets try to get a working copy of clair which works with clairctl
Section 1: Building Clair
- Ensure you can build go binaries
- Download the source
git clone https://github.com/quay/clair
- Switch to specific branch
git checkout release-2.0
- you will observe that the makefile disappeared.
- To perform the compilation you need to move to cmd/clair directory
- run
go build
this will create a clair executable in that folder - take that clair binary and set it in system path
Note: Why do so much effort could have copy pasted from docker container if it was working. i did tried it but the nbinary was a musl compiled binary and as such wont work in normal linux
Section 2: Setting up Postgresql
- Install postgresql
sudo apt-get install
- configure postgresql to run with password auth
- pg_hba.conf needs to have md5 instead of peer
- but you cant do it till you set a password for a user
- so
su - postgres psql postgres
CREATE PASSWORD
and set the right password\q
to quit and get back to shell- now switch the peer to md5
- restart
sudo service postgresql restart
- ensure you change its listener mode to *
- postgres.conf
listener_address ="*"
- postgres.conf
- ensure you login with the created username and password and create a database
Section 3: using clairctl
1. clairctl binary can be easily downloaded
2. start clair with a config file where you need to provide all details
3. once clair is started wait for sometime before starting clairctl
Note: Article was originally published on now defunct https://til.anantshri.info/post/clair_clairctl/ a copy is preserved here