8000 syft 1.24.0 debug container - wget fails TLS · Issue #3891 · anchore/syft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

syft 1.24.0 debug container - wget fails TLS #3891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
b00ga opened this issue May 14, 2025 · 1 comment · Fixed by #3915
Closed

syft 1.24.0 debug container - wget fails TLS #3891

b00ga opened this issue May 14, 2025 · 1 comment · Fixed by #3915
Labels
bug Something isn't working

Comments

@b00ga
Copy link
b00ga commented May 14, 2025

What happened:
Our local CI pipeline pulled latest syft container and syft job failed.
We were pulling debug tag (so, latest debug) so that CI could call busybox wget to download our private Root CA file for use by syft. wget now fails.

What you expected to happen:
busybox wget succeeds downloading root CA so syft can use to verify local registry downloads.

Steps to reproduce the issue:
Running with latest debug (v1.24.0)
docker run -it --rm --entrypoint /busybox/wget anchore/syft:v1.24.0-debug --no-check-certificate --spider https://website.signed.with.untrusted.cert.example.com
Returns:

wget: TLS error from peer (alert code 40): handshake failure
wget: error getting response: Connection reset by peer

However previous version debug (v1.23.1):
docker run -it --rm --entrypoint /busybox/wget anchore/syft:v1.23.1-debug --no-check-certificate --spider https://website.signed.with.untrusted.cert.example.com
returns:

remote file exists

Anything else we need to know?:
This appears to be an upstream issue in busybox. I couldn't quite find a specific issue in their tracker, but can reproduce with the upstream busybox containers and appears to be fixed in latest busybox.

Works:

  • docker run -it --rm busybox:1.35 /bin/wget --no-check-certificate --spider https://mysite.example.com
  • docker run -it --rm busybox:1.37 /bin/wget --no-check-certificate --spider https://mysite.example.com
    Fails:
  • docker run -it --rm busybox:1.36 /bin/wget --no-check-certificate --spider https://mysite.example.com

And note the associated busybox version in the syft containers:

$ docker run -it --rm --entrypoint wget  anchore/syft:v1.24.0-debug | head -1
BusyBox v1.36.1 (2024-01-18 03:21:25 UTC) multi-call binary.
$ docker run -it --rm --entrypoint wget  anchore/syft:v1.23.1-debug | head -1
BusyBox v1.35.0 (2023-03-03 23:47:31 UTC) multi-call binary.

Environment:
Tested with syft containers:

docker run -it --rm anchore/syft:v1.23.1-debug --version
syft 1.23.1
$ docker run -it --rm anchore/syft:v1.24.0-debug --version
syft 1.24.0
@b00ga b00ga added the bug Something isn't working label May 14, 2025
@BioSs54
Copy link
BioSs54 commented May 19, 2025

Hi,

Same issue Issue with wget Command (TLS Handshake Failure) Since Anchor Syft Version 1.24.0

Since upgrading to Anchor Syft version 1.24.0, I encounter a consistent error when using the wget command for HTTPS requests with authentication. This command worked flawlessly in previous versions (e.g., 1.23.x).

Observed Behavior:
When running the following command:

wget --quiet --proxy=off --header="Authorization: Basic XXXXXXXX" --no-check-certificate -O - "https://XXXXX"

I receive the following error:

wget: TLS error from peer (alert code 40): handshake failure
wget: error getting response: Connection reset by peer

@spiffcs spiffcs mentioned this issue May 19, 2025
Merged
2 tasks
@github-project-automation github-project-automation bot moved this to Done in OSS May 19, 2025
@BrewTestBot BrewTestBot mentioned this issue May 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: update dockerfile base images to latest rolling tags anchore/syft
2 participants
@BioSs54 @b00ga
0