Clair and ClairCTL Shenanigans

So last night i was experimenting with Clair and ClairCTL. main task i wanted to do was run clair and clairctl without requiring their individual containers.

Long story short, clair versions on website are different via different methods with no easy way to distiguish between them

Observations made are listed below

1. clair is doing major upgrades and master branch is breaking compatibility with previous versions.
2. Clair versions supporting v3 api do not have support for v1 api
3. All the supporting tools: claircti, claircli, Klar are dependent on v1 apis

Clair versions

• Website : https://github.com/quay/clair lists release version as 2.1.4
• for getting clair up and running official instructions are https://github.com/quay/clair/blob/master/Documentation/running-clair.md
• Options to build from source https://github.com/quay/clair/blob/master/Documentation/running-clair.md#source has no clear warning this will build from latest not release
• both docker and docker-compose gives you 2.1.4 compiled inside a alpine linux container

So lets try to get a working copy of clair which works with clairctl

Section 1: Building Clair

1. Ensure you can build go binaries
2. Download the source git clone https://github.com/quay/clair
3. Switch to specific branchgit checkout release-2.0
4. you will observe that the makefile disappeared.
5. To perform the compilation you need to move to cmd/clair directory
6. run go build this will create a clair executable in that folder
7. take that clair binary and set it in system path

Note: Why do so much effort could have copy pasted from docker container if it was working. i did tried it but the nbinary was a musl compiled binary and as such wont work in normal linux

Section 2: Setting up Postgresql

1. Install postgresql sudo apt-get install
2. configure postgresql to run with password auth
   • pg_hba.conf needs to have md5 instead of peer
   • but you cant do it till you set a password for a user
   • so su - postgres psql postgres
   • CREATE PASSWORD and set the right password
   • \q to quit and get back to shell
   • now switch the peer to md5
   • restart sudo service postgresql restart
3. ensure you change its listener mode to *
   1. postgres.conf listener_address ="*"
4. ensure you login with the created username and password and create a database

Section 3: using clairctl
1. clairctl binary can be easily downloaded
2. start clair with a config file where you need to provide all details
3. once clair is started wait for sometime before starting clairctl

Note: Article was originally published on now defunct https://til.anantshri.info/post/clair_clairctl/ a copy is preserved here

Do you like what you read, What to share it