updating with example, and fixing bug

Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
singularityhub · Jun 26, 2019 · 5d0d659 · 5d0d659
1 parent da1e2a3
commit 5d0d659
Show file tree

Hide file tree

Showing 6 changed files with 918 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -54,3 +54,6 @@ Scan a local image in $PWD mapped to /code in the container. If you didn't clone
 $ singularity pull shub://vsoch/singularity-images
 $ docker exec -it clair-scanner sclair singularity-images_latest.sif
 ```
+
+For a full example (using a container with a known vulnerability) see
+the [example test](test) folder.
diff --git a/stools/clair/__init__.py b/stools/clair/__init__.py
@@ -22,6 +22,7 @@
 from stools.version import __version__
 from stools.clair.image import export_to_targz
 from stools.clair.api import Clair
+from stools.clair.server import start
 from multiprocessing import Process
 import argparse
 import os
@@ -103,14 +104,12 @@ def help(retval=0):
 
     # Local Server
     webroot = '/var/www/images'
-    server = 'http://%s:%s/' %(args.host, args.port)
 
     # Start the server and serve static files from root
 
     if args.server is True:
-        from stools.clair.server import start
         print('\n1. Starting server...')
-        webroot = tempfile.mkdtemp()
+        server = 'http://%s:%s/' %(args.host, args.port)
         process = Process(target=start, args=(args.port, args.host, webroot))
         # start(port=args.port, host=args.host, static_folder=webroot)
         process.daemon = True
@@ -128,7 +127,7 @@ def help(retval=0):
     for image in args.images:
 
         # 1. decompress to sandbox --> tar.gz
-        targz = export_to_targz(image, via_build=True)
+        targz = export_to_targz(image)
         print("...exported %s to %s" %(image, targz))
 
         # 2. Move to webroot

diff --git a/stools/clair/api.py b/stools/clair/api.py
@@ -47,7 +47,7 @@ def scan(self, targz_url, name):
                 'Parentname': '',
                 'Format': 'Docker' }
 
-        response = requests.post(url, json={'Layer': data })
+        response = requests.post(url, json={'Layer': data})
 
         if response.status_code != 201:
             print('Error creating %s at %s' %(data['Path'], url))

diff --git a/stools/clair/image.py b/stools/clair/image.py
@@ -22,11 +22,12 @@
 from stools.utils import get_temporary_name
 import hashlib
 import tempfile
+import tarfile
 import shutil
 import os
 
 
-def export_to_targz(image, tmpdir=None, via_build=True):
+def export_to_targz(image, tmpdir=None):
     '''export a Singularity image to a .tar.gz file. If run within a docker
        image, you should set via_build to false (as sudo will work under
        priviledged). Outside of Docker as regular user, via_build works
@@ -38,33 +39,24 @@ def export_to_targz(image, tmpdir=None, via_build=True):
        tmpdir: a temporary directory to export to.
 
     '''
-    print("Exporting %s to targz..." %image)
+    print("Exporting %s to targz..." % image)
 
     if tmpdir == None:
         tmpdir = tempfile.mkdtemp()
 
     # We will build into this directory (sandbox) to export without sudo
     export_dir = get_temporary_name(tmpdir, 'singularity-clair')
-    tar = "%s.tar" %export_dir
-    targz = "%s.gz" %tar
+    targz = "%s.gz" % export_dir
 
-    if via_build is True:
-
-        sandbox = Client.build(image, export_dir, sandbox=True, sudo=False)
+    sandbox = Client.build(image, export_dir, 
+                           sandbox=True, 
+                           sudo=False)
 
-        # Create the .tar, then .tar.gz 
-
-        cmd = ["tar", "-cf", tar, sandbox]
-        Client._run_command(cmd)
-        shutil.rmtree(sandbox)
-
-    else:
-
-        # Requires sudo
-        Client.image.export(image, tar)
+    # Write the tarfile
+    with tarfile.open(targz, "w:gz") as tar:       
+        tar.add(sandbox, arcname='/')
 
-    cmd = ["gzip", tar]
-    Client._run_command(cmd)
+    shutil.rmtree(sandbox)
 
     if os.path.exists(targz):
         return targz