Broken symlinks cc-debian /usr/share/doc

[black-snow]

There seem to be some broken symlinks in /usr/share/doc. I guess that is why trivy won't give me licenses for libgcc, libgomp1 and libstdc++.

Repro:

FROM busybox:uclibc AS alp
FROM gcr.io/distroless/cc-debian12:latest@sha256:2fb69596e692931f909c4c69ab09e50608959eaf8898c44fa64db741a23588b0

COPY --from=alp /bin/sh /bin/sh
COPY --from=alp /bin/cat /bin/cat
COPY --from=alp /bin/less /bin/less
COPY --from=alp /bin/find /bin/find
COPY --from=alp /bin/ls /bin/ls

ENTRYPOINT [ "/bin/sh" ]

docker build -t test .
docker run -it --rm test

/ # ls -la /usr/share/doc/
total 32
drwxr-xr-x    1 root     root          4096 Jan  8  2023 .
drwxr-xr-x    1 root     root          4096 Jan  8  2023 ..
drwxr-xr-x    2 root     root          4096 Oct 31 11:04 base-files
drwxr-xr-x    2 root     root          4096 Jan  1  2000 ca-certificates
drwxr-xr-x    2 root     root          4096 Nov  1 12:42 libc6
lrwxrwxrwx    1 root     root            11 Jan  8  2023 libgcc-s1 -> gcc-12-base
lrwxrwxrwx    1 root     root            11 Jan  8  2023 libgomp1 -> gcc-12-base
drwxr-xr-x    2 root     root          4096 Oct 27 14:16 libssl3
lrwxrwxrwx    1 root     root            11 Jan  8  2023 libstdc++6 -> gcc-12-base
drwxr-xr-x    2 root     root          4096 Oct 18  2022 netbase
drwxr-xr-x    2 root     root          4096 Feb  3  2024 tzdata

Because when we look at libc6, for example:

-rw-r--r--    1 root     root         25467 Apr 10  2024 copyright

There we find the copyright file.

The effect is that in my license compliance checks libgcc-s1, libgomp1, and libstdc++6 always get flagged.

[black-snow]

Btw, this could also mean that it's acutally not okay to distribute this image - I think all three are actually GPL 3 and you have to pass along the copyright. But I'd have to dig into this to verify. Just a side note at this point.