Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Syft TUI can hang when using license fetching from go modules #2653

Closed
willmurphyscode opened this issue Feb 16, 2024 · 0 comments · Fixed by #2673
Closed

Syft TUI can hang when using license fetching from go modules #2653

willmurphyscode opened this issue Feb 16, 2024 · 0 comments · Fixed by #2673
Assignees
@willmurphyscode
Labels
bug Something isn't working

Comments

@willmurphyscode
Copy link
Contributor

What happened:

Using Syft with search remote and local modules for licenses can cause the terminal to hang, first reported in #2615. I'm breaking this out into a separate issue since this doesn't seem Windows specific.

What you expected to happen:

Syft TUI should not hang

Steps to reproduce the issue:

Create a syft config with the following contents

# try-repro.yaml
golang:
   # search for go package licences in the GOPATH of the system running Syft, note that this is outside the
   # container filesystem and potentially outside the root of a local directory scan
   # SYFT_GOLANG_SEARCH_LOCAL_MOD_CACHE_LICENSES env var
   search-local-mod-cache-licenses: true

   # specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod
   # SYFT_GOLANG_LOCAL_MOD_CACHE_DIR env var
   local-mod-cache-dir: ""

   # search for go package licences by retrieving the package from a network proxy
   # SYFT_GOLANG_SEARCH_REMOTE_LICENSES env var
   search-remote-licenses: true

   # remote proxy to use when retrieving go packages from the network,
   # if unset this defaults to $GOPROXY followed by https://proxy.golang.org
   # SYFT_GOLANG_PROXY env var
   proxy: ""

   # specifies packages which should not be fetched by proxy
   # if unset this defaults to $GONOPROXY
   # SYFT_GOLANG_NOPROXY env var
   no-proxy: ""

Run Syft pointing at a directory with several Go dependencies. For this we'll use anchore/clio:

syft -o json -c try-repro.yaml dir:clio > /tmp/sbom.json

Anything else we need to know?:

Running with -v (or any other verbosity level) prevents this, which probably means that the fancy TUI code is what's hanging the terminal.

This has been repro'd on Windows powershell, and on m1 mac zshell.

We probably don't need a TUI element for each attempt to resolve the license of a go module.

Environment:

  • Output of syft version:
❯ syft version
Application: syft
Version:    0.103.1
BuildDate:  2024-01-31T16:58:24Z
GitCommit:  Homebrew
GitDescription: [not provided]
Platform:   darwin/arm64
GoVersion:  go1.21.6
Compiler:   gc
  • OS (e.g: cat /etc/os-release or similar): M1 mac
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@willmurphyscode willmurphyscode

Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: stop emitting bus events on go mod events anchore/syft
1 participant
@willmurphyscode