tern: Error if Tern calls Scancode-Toolkit
Describe the bug
Tern is unable to scan using Scancode-Toolkit.
With Tern only the image can be scanned and results in an report.
To Reproduce
Scan Alpine based image using Tern + Scancode-Toolkit
tern report -f spdxjson -w "container.tar" -o "result.spdx.json" -x scancode
Error in terminal
2022-12-21 20:48:28,485 - DEBUG - __main__ - Starting...
2022-12-21 20:48:28,485 - DEBUG - prep - Setting up...
2022-12-21 20:48:28,486 - DEBUG - rootfs - Running command: chmod +x /usr/local/lib/python3.9/dist-packages/tern/tools/fs_hash.sh
2022-12-21 20:48:28,488 - DEBUG - run - Starting analysis...
2022-12-21 20:48:28,496 - DEBUG - rootfs - Running command: tar -tf /workspace/workspace/9a44489b-96c1-49f7-a627-cbffc58e366b/upload/extracted/binaries/test.tar
2022-12-21 20:48:28,498 - DEBUG - rootfs - Running command: tar -x -f /workspace/workspace/9a44489b-96c1-49f7-a627-cbffc58e366b/upload/extracted/binaries/test.tar -C /root/.tern/temp
2022-12-21 20:48:28,504 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp/3e571912155d9bac1a5285bf1c21105bea53585f77a159316eed491882710ab2/layer.tar
2022-12-21 20:48:28,507 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp/3e571912155d9bac1a5285bf1c21105bea53585f77a159316eed491882710ab2/layer.tar -C /root/.tern/temp/3e571912155d9bac1a5285bf1c21105bea53585f77a159316eed491882710ab2/contents
2022-12-21 20:48:28,528 - DEBUG - rootfs - Running command: /usr/local/lib/python3.9/dist-packages/tern/tools/fs_hash.sh /root/.tern/temp/3e571912155d9bac1a5285bf1c21105bea53585f77a159316eed491882710ab2/contents
2022-12-21 20:48:28,632 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp/eb2f2a3b73763d543b7256e39e4a42ea190bd18a1e1c8197aaefa6ae5005ae94/layer.tar
2022-12-21 20:48:28,634 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp/eb2f2a3b73763d543b7256e39e4a42ea190bd18a1e1c8197aaefa6ae5005ae94/layer.tar -C /root/.tern/temp/eb2f2a3b73763d543b7256e39e4a42ea190bd18a1e1c8197aaefa6ae5005ae94/contents
2022-12-21 20:48:28,635 - DEBUG - rootfs - Running command: /usr/local/lib/python3.9/dist-packages/tern/tools/fs_hash.sh /root/.tern/temp/eb2f2a3b73763d543b7256e39e4a42ea190bd18a1e1c8197aaefa6ae5005ae94/contents
2022-12-21 20:48:28,639 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp/cf9a1a27ba287bed93e131f5cb5831b706905811bf91d5e6b5b323187d7cac92/layer.tar
2022-12-21 20:48:28,641 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp/cf9a1a27ba287bed93e131f5cb5831b706905811bf91d5e6b5b323187d7cac92/layer.tar -C /root/.tern/temp/cf9a1a27ba287bed93e131f5cb5831b706905811bf91d5e6b5b323187d7cac92/contents
2022-12-21 20:48:28,643 - DEBUG - rootfs - Running command: /usr/local/lib/python3.9/dist-packages/tern/tools/fs_hash.sh /root/.tern/temp/cf9a1a27ba287bed93e131f5cb5831b706905811bf91d5e6b5b323187d7cac92/contents
2022-12-21 20:48:28,646 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp/ac1cc3694703233d4731e335b6bd4cedc7bd6fe00dead7b76068f1653b147d3a/layer.tar
2022-12-21 20:48:28,647 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp/ac1cc3694703233d4731e335b6bd4cedc7bd6fe00dead7b76068f1653b147d3a/layer.tar -C /root/.tern/temp/ac1cc3694703233d4731e335b6bd4cedc7bd6fe00dead7b76068f1653b147d3a/contents
2022-12-21 20:48:28,649 - DEBUG - rootfs - Running command: /usr/local/lib/python3.9/dist-packages/tern/tools/fs_hash.sh /root/.tern/temp/ac1cc3694703233d4731e335b6bd4cedc7bd6fe00dead7b76068f1653b147d3a/contents
2022-12-21 20:48:28,652 - DEBUG - common - Loading packages from cache: layer "d1a00b82ba"
2022-12-21 20:48:28,654 - DEBUG - common - Loading files from cache: layer "d1a00b82ba"
2022-12-21 20:48:28,657 - DEBUG - rootfs - Running command: /usr/local/bin/scancode -ilpcu --quiet --timeout 300 -n 5 --json - /root/.tern/temp/3e571912155d9bac1a5285bf1c21105bea53585f77a159316eed491882710ab2/contents
Traceback (most recent call last):
File "/usr/local/bin/tern", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.9/dist-packages/tern/__main__.py", line 311, in main
do_main(args)
File "/usr/local/lib/python3.9/dist-packages/tern/__main__.py", line 123, in do_main
crun.execute_image(args)
File "/usr/local/lib/python3.9/dist-packages/tern/analyze/default/container/run.py", line 80, in execute_image
cimage.default_analyze(full_image, args)
File "/usr/local/lib/python3.9/dist-packages/tern/analyze/default/container/image.py", line 70, in default_analyze
passthrough.run_extension_layer(image_obj.layers[0], options.extend,
File "/usr/local/lib/python3.9/dist-packages/tern/analyze/passthrough.py", line 92, in run_extension_layer
return mgr.driver.execute_layer(image_layer, redo)
File "/usr/local/lib/python3.9/dist-packages/tern/extensions/scancode/executor.py", line 219, in execute_layer
file_list, package_list = collect_layer_data(image_layer)
File "/usr/local/lib/python3.9/dist-packages/tern/extensions/scancode/executor.py", line 162, in collect_layer_data
files.append(get_scancode_file(f))
File "/usr/local/lib/python3.9/dist-packages/tern/extensions/scancode/executor.py", line 65, in get_scancode_file
fd.copyrights = [c['value'] for c in file_dict['copyrights']]
File "/usr/local/lib/python3.9/dist-packages/tern/extensions/scancode/executor.py", line 65, in <listcomp>
fd.copyrights = [c['value'] for c in file_dict['copyrights']]
KeyError: 'value'
Expected behavior
Tern can call Scancode-Toolkit without errors.
Environment you are running Tern on
- Tern version 2.11.0
- ScanCode version: 31.2.1
- Debian 11
- Python 3.9.2
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 1
- Comments: 25 (12 by maintainers)
Commits related to this issue
- Accomodate updated Scancode attribute names Scancode v31.0.0 includes changes[1] to JSON output attribute names which was causing processing KeyErrors when Tern would run with Scancode. This commit a... — committed to rnjudge/tern by rnjudge a year ago
- Accomodate updated Scancode attribute names Scancode v31.0.0 includes changes[1] to JSON output attribute names which was causing processing KeyErrors when Tern would run with Scancode. Scancode v32.... — committed to rnjudge/tern by rnjudge a year ago
- Accomodate updated Scancode attribute names Scancode v31.0.0 includes changes[1] to JSON output attribute names which was causing processing KeyErrors when Tern would run with Scancode. Scancode v32.... — committed to rnjudge/tern by rnjudge a year ago
- Accomodate updated Scancode attribute names Scancode v31.0.0 includes changes[1] to JSON output attribute names which was causing processing KeyErrors when Tern would run with Scancode. Scancode v32.... — committed to rnjudge/tern by rnjudge a year ago
- Accomodate updated Scancode attribute names Scancode v31.0.0 includes changes[1] to JSON output attribute names which was causing processing KeyErrors when Tern would run with Scancode. Scancode v32.... — committed to tern-tools/tern by rnjudge a year ago
@Jeeppler Working on this today. Should be out EOD.
Thanks, @rnjudge, it works now with the branch you provided! 😃
Confirmed that there was a big change to license_detection reporting which was causing the error difference in v31 vs v32.
@Jeeppler @armintaenzertng Hopefully this fixes all the errors you are seeing. Please give it a try: https://github.com/rnjudge/tern/tree/issue-1202
I still have some parsing to fix from the scancode updates but if it fixes your issues I’d like to get a new release cut with the fixes.
Ok, working on this. What version of scancode are you running here? I can’t reproduce the error with
31.2.6and my latest changes, but let me try upgrading to 32.0 to see if they changed their data model again.UPDATE: I can reproduce with 32.0.4 so scancode dictionary key names have changed again. Sigh.
I was able to reproduce the issue by using the example commands from the readme. That is,
results in
Image:
image.zip
Tern command used:
Alpine Dockerfile:
Data is a folder with some source files with licenses annotations: https://github.com/mercedes-benz/sechub/tree/develop/sechub-pds-solutions/tern/tests/data
run.sh
In general, you can find all the test images/files for the containers here: https://github.com/mercedes-benz/sechub/tree/develop/sechub-pds-solutions/tern/tests.
@Jeeppler thanks. Can you provide the image you’re working with so I can reproduce? The alpine base image doesn’t fail.
Once I get confirmation from you that it’s fixed, I’ll cut a release.
@Jeeppler I still cannot install scanacode which is quite concerning for me wrt Tern’s integration with the library. I will try to setup a linux environment to debug on my old mac. Stay tuned.
@Jeeppler let me try to install the latest release of scancode. It’s hard for me to debug and fix this when I can’t install scancode 😕
@rnjudge It seems only some images produce this error, I wonder what do they have in common:
@Jeeppler I have not forgot about this. The issue I am trying to workaround right now is simply installing scancode on my VM on my Mac M1 so I can debug and fix. I opened an issue for it with Scancode here. What I’ve been told is that they are re-releasing Scancode with fixes for some of the dependent libraries so I’ll have to wait for that…