Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

attest panic on MacOS #1210

Closed
telelvis opened this issue Sep 16, 2022 · 3 comments · Fixed by #1214
Closed

attest panic on MacOS #1210

telelvis opened this issue Sep 16, 2022 · 3 comments · Fixed by #1214
Labels
bug Something isn't working

Comments

@telelvis
Copy link

What happened:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x28 pc=0x101f13fbc]

goroutine 1 [running]:
github.com/anchore/syft/cmd/syft/cli/attest.formatPredicateType(...)
	/Users/runner/work/syft/syft/cmd/syft/cli/attest/attest.go:323
github.com/anchore/syft/cmd/syft/cli/attest.Run({0x1029367a8, _}, _, {0x0, {0x0, 0x0}, {0x16f7b7ac2, 0x19}, {0x101f8a33d, 0x1b}, ...}, ...)
	/Users/runner/work/syft/syft/cmd/syft/cli/attest/attest.go:75 +0x9c
github.com/anchore/syft/cmd/syft/cli.Attest.func2(0x14001219680?, {0x1400122fc20?, 0x1?, 0x6?})
	/Users/runner/work/syft/syft/cmd/syft/cli/attest.go:70 +0x130
github.com/spf13/cobra.(*Command).execute(0x14001219680, {0x1400122fbc0, 0x6, 0x6})
	/Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:872 +0x4d0
github.com/spf13/cobra.(*Command).ExecuteC(0x14001246000)
	/Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x354
github.com/spf13/cobra.(*Command).Execute(...)
	/Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
main.main()
	/Users/runner/work/syft/syft/cmd/syft/main.go:15 +0x60

What you expected to happen:
SBOM produced and signed as attestation stored locally
How to reproduce it (as minimally and precisely as possible):
syft attest --key release.key --no-upload -o sdpx-json myregistry.net/my-api:latest
Anything else we need to know?:
release.key was generated by cosign generate-key, although I don't think it matters
Environment:

  • Output of syft version:
syft version
Application:        syft
Version:            0.56.0
JsonSchemaVersion:  3.3.2
BuildDate:          2022-09-12T16:36:53Z
GitCommit:          c5dca001e267d2a91ff82e53ca72535ceef6af02
GitDescription:     v0.56.0
Platform:           darwin/arm64
GoVersion:          go1.18.5
Compiler:           gc

syft is installed with brew

  • OS (e.g: cat /etc/os-release or similar):
 sw_vers 
ProductName:	macOS
ProductVersion:	12.4
BuildVersion:	21F79
@telelvis telelvis added the bug Something isn't working label Sep 16, 2022
@tgerla
Copy link
Contributor

tgerla commented Sep 17, 2022

Hi @telelvis, sorry for the trouble. A couple of questions: do you see this panic happen for any image, or just "myregistry.net/my-api:latest"? Would it be possible for you to share the image that is crashing so that we can attempt to reproduce the problem? Thanks!

@telelvis
Copy link
Author

Hello @tgerla , thanks for looking into this.
I think i managed to pinpoint when it goes panic and it's due to easy to make typo.
Notice these two commands

syft attest --key release.key -o spdx-json --no-upload docker.io/library/redis
syft attest --key release.key -o spdx-jsonx --no-upload docker.io/library/redis 

Second does throw a panic message and it's indeed just -o output specified as spdx-jsonx. Turns out I can specify any kind of value not in the list [table syft-json spdx-json cyclonedx-json] and it crashes

@spiffcs spiffcs added this to OSS Sep 19, 2022
@tgerla
Copy link
Contributor

tgerla commented Sep 19, 2022

Hi @telelvis, thanks for the additional information. I've reproduced the problem here, so we'll hopefully have a fix soon. We appreciate your report!

Tim

@spiffcs spiffcs moved this to In Progress (Actively Resolving) in OSS Sep 19, 2022
Repository owner moved this from In Progress (Actively Resolving) to Done in OSS Sep 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants