Comments (7)
Analysing
There is one previous error message https://github.com/csaf-poc/csaf_distribution/actions/runs/4297499252/jobs/7490543962#step:4:159
here in context:
~/csaf_distribution ~/csaf_distribution/docs/scripts
/bin/bash: line 1: 1fef91e: value too great for base (error token is "1fef91e")
mkdir -p bin-linux-amd64/
which comes from setupProviderForITest.sh
after the the pushd ../..
line, possibly from the Makefile.
from csaf_distribution.
The main problem comes up in setupValidationService.sh
which install Nodejs 14 by calling:
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
which is a problem as https://github.com/secvisogram/csaf-validator-service/blob/main/README.md lists >= 16 as requirement. So I'll fix that first.
from csaf_distribution.
An additional problem was that the apt cache was not updated. So depending on the github runner for the latest ubuntu image, it may or may not have had a current apt cache. This makes apt install gnutls-bin
fail if there is a new version on the server, but the old version in the cache.
from csaf_distribution.
After those fixes in the branch, now it stops at
https://github.com/csaf-poc/csaf_distribution/actions/runs/4314860233/jobs/7528455402#step:5:811
with
2023/03/02 14:14:22 Looking for provider-metadata.json of 'localhost': https://localhost/.well-known/csaf/provider-metadata.json: Validating against JSON schema failed: jsonschema https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json compilation failed: no Loader found for https://www.first.org/cvss/cvss-v2.0.json
from csaf_distribution.
Turns out, a message like
/bin/bash: line 1: 1fef91e: value too great for base (error token is "1fef91e")
was there before and can be ignored. I've added a comment to the Makefile to describe the situation.
So it is over to @s-l-teichmann for looking deeper into the validation problem.
from csaf_distribution.
After those fixes in the branch, now it stops at https://github.com/csaf-poc/csaf_distribution/actions/runs/4314860233/jobs/7528455402#step:5:811 with
2023/03/02 14:14:22 Looking for provider-metadata.json of 'localhost': https://localhost/.well-known/csaf/provider-metadata.json: Validating against JSON schema failed: jsonschema https://docs.oasis-open.org/csaf/csaf/v2.0/provider_json_schema.json compilation failed: no Loader found for https://www.first.org/cvss/cvss-v2.0.json
Just to add my 5ct here:
I guess the important part is https://github.com/csaf-poc/csaf_distribution/actions/runs/4314860233/jobs/7528455402#step:5:813
provider_json_schema.json
includes /properties/document/properties/publisher
from csaf_json_schema.json
which includes the CVSS schemes...
from csaf_distribution.
This one is resolved since a while and integration tests run fine.
from csaf_distribution.
Related Issues (20)
- `csaf_checker` fails on nozominetworks.com HOT 2
- Improve GH Action checks HOT 1
- Consuming CSAF model from go v1.20 projects HOT 8
- `csaf_downloader` subfolder option not correct HOT 1
- Release 3.0.0 or 3.0.0-rc.2 HOT 1
- Time filtered advisory downloads should use the update instead of the publish date. HOT 2
- Print provider-metadata.json files per domain HOT 3
- Improve SHA* requests for downloader HOT 3
- CSAF checker: mixing domains, failing validations HOT 12
- Increase coverage to 75% HOT 6
- Make reuse conform
- Clarify if old sigs with expired keys can be okay
- changes.csv: check quoting HOT 2
- Change License to Apache 2.0 HOT 4
- Proposal: Extracting code from `main` packages into `server` and `client` packages
- Licensing of generated files HOT 3
- Improve logging for `csaf_aggregator` when no config file is present HOT 1
- Complete transition to structured logging for aggregator
- Some error messages from loading `provider-metadata.json` are dropped HOT 1
- Race condition on csaf_downloader HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf_distribution.