Comments (7)
bernhardreiter
commented on June 25, 2024
Analysing
There is one previous error message https://github.com/csaf-poc/csaf_distribution/actions/runs/4297499252/jobs/7490543962#step:4:159
here in context:
~/csaf_distribution ~/csaf_distribution/docs/scripts
/bin/bash: line 1: 1fef91e: value too great for base (error token is "1fef91e")
mkdir -p bin-linux-amd64/
which comes from setupProviderForITest.sh after the the pushd ../.. line, possibly from the Makefile.
from csaf_distribution.
bernhardreiter
commented on June 25, 2024
The main problem comes up in setupValidationService.sh which install Nodejs 14 by calling:
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -which is a problem as https://github.com/secvisogram/csaf-validator-service/blob/main/README.md lists >= 16 as requirement. So I'll fix that first.
from csaf_distribution.
bernhardreiter
commented on June 25, 2024
An additional problem was that the apt cache was not updated. So depending on the github runner for the latest ubuntu image, it may or may not have had a current apt cache. This makes apt install gnutls-bin fail if there is a new version on the server, but the old version in the cache.
from csaf_distribution.
bernhardreiter
commented on June 25, 2024
After those fixes in the branch, now it stops at
https://github.com/csaf-poc/csaf_distribution/actions/runs/4314860233/jobs/7528455402#step:5:811
with
2023/03/02 14:14:22 Looking for provider-metadata.json of 'localhost': https://localhost/.well-known/csaf/provider-metadata.json: Validating against JSON schema failed: jsonschema https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json compilation failed: no Loader found for https://www.first.org/cvss/cvss-v2.0.json
from csaf_distribution.
bernhardreiter
commented on June 25, 2024
Turns out, a message like
/bin/bash: line 1: 1fef91e: value too great for base (error token is "1fef91e")
was there before and can be ignored. I've added a comment to the Makefile to describe the situation.
So it is over to @s-l-teichmann for looking deeper into the validation problem.
from csaf_distribution.
tschmidtb51
commented on June 25, 2024
After those fixes in the branch, now it stops at https://github.com/csaf-poc/csaf_distribution/actions/runs/4314860233/jobs/7528455402#step:5:811 with
2023/03/02 14:14:22 Looking for provider-metadata.json of 'localhost': https://localhost/.well-known/csaf/provider-metadata.json: Validating against JSON schema failed: jsonschema https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json compilation failed: no Loader found for https://www.first.org/cvss/cvss-v2.0.json
Just to add my 5ct here:
I guess the important part is https://github.com/csaf-poc/csaf_distribution/actions/runs/4314860233/jobs/7528455402#step:5:813
provider_json_schema.json includes /properties/document/properties/publisher from csaf_json_schema.json which includes the CVSS schemes...
from csaf_distribution.
bernhardreiter
commented on June 25, 2024
This one is resolved since a while and integration tests run fine.
from csaf_distribution.
Related Issues (20)
- `csaf_checker` fails on nozominetworks.com HOT 2
- Improve GH Action checks HOT 1
- Consuming CSAF model from go v1.20 projects HOT 8
- `csaf_downloader` subfolder option not correct HOT 1
- Release 3.0.0 or 3.0.0-rc.2 HOT 1
- Time filtered advisory downloads should use the update instead of the publish date. HOT 2
- Print provider-metadata.json files per domain HOT 3
- Improve SHA* requests for downloader HOT 3
- CSAF checker: mixing domains, failing validations HOT 12
- Increase coverage to 75% HOT 6
- Make reuse conform
- Clarify if old sigs with expired keys can be okay
- changes.csv: check quoting HOT 2
- Change License to Apache 2.0 HOT 4
- Proposal: Extracting code from `main` packages into `server` and `client` packages
- Licensing of generated files HOT 3
- Improve logging for `csaf_aggregator` when no config file is present HOT 1
- Complete transition to structured logging for aggregator
- Some error messages from loading `provider-metadata.json` are dropped HOT 1
- Race condition on csaf_downloader HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf_distribution.