Comments (3)
Thanks for your report.
(What happens here is that this adds an artifact with a subject
field that refers to the dev:test
image, per https://github.com/opencontainers/image-spec/blob/main/artifact.md / https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-referrers ).
- Use cp to copy this oci image to another oci image
This really does nothing relevant; Skopeo is completely unaware of the attached artifact, but because this copy within the same oci:
repository does not change the manifest digest, the artifact seems to stay attached.
The real issue is that Skopeo, and c/image in general, just does not support the concept of OCI artifacts indirectly attached using the subject
field.
If you can identify those artifacts manually, you can probably copy them manually with skopeo copy
, one artifact at a time, but a skopeo copy
of an currently does not find nor copy any of such artifacts automatically.
We have some parts of the infrastructure for this now in c/image, for use-sigstore-attachments
(which is a somewhat similar concept); but not exactly this.
This would have to be implemented in c/image, then Skopeo would automatically inherit the support. So, moving this RFE there.
from image.
Okay thanks for your answer
If you can identify those artifacts manually, you can probably copy them manually with skopeo copy, one artifact at a time, but a skopeo copy of an currently does not find nor copy any of such artifacts automatically.
But if I do this, the sbom file will not be attached to my oci image, or did I miss something?
from image.
The “attachment” is not a separate physical link that needs to be copied; it is a semantic feature purely caused by the artifact having a subject
, and the registry, or the consumer of the OCI directory, looking for that link.
So you can upload that artifact to any registry (possibly having to invent a tag for that upload); once it is uploaded, registries that understand the “referrer” concept from the OCI distribution spec are expected to notice the reference, and allow querying it. Registries that don’t understand the “referrer” context would just store the artifact, and it would not be found, or it would have to be found by iterating all tags in that repo.
from image.
Related Issues (20)
- podman search seems not to use registries.conf mirror for docker.io HOT 3
- Support copying nested image indices HOT 1
- Copies don’t set OCI1InstanceAnnotationCompressionZSTD on Zstd:chunked HOT 1
- Allow configuring a registry as http-only HOT 3
- Copy fails with "use of closed network connection" error when using a slow proxy HOT 9
- Use OCI Go constants in the OCI transport
- [doc] fix warning when generating man pages with go-md2man HOT 3
- support for url path's in registries.conf unqualified-search-registries HOT 9
- containers-policy.json: provide default config in /usr/ HOT 6
- Conversion to schema1 does not fail with Zstd layers, making it uncertain we correctly convert to OCI HOT 1
- Copies of originally-compressed images from c/storage to uncompressed destinations don’t trigger MIME type updates HOT 1
- Converting a SIF image should not require fakeroot HOT 4
- Zstd(:chunked) work tracking checklist HOT 2
- Copies with Zstd compression to schema-agnostic transports don’t trigger schema conversion HOT 2
- TemporaryDirectoryForBigFiles() can still ignore $TMPDIR HOT 3
- isManifestUnknownError fails against Harbor registries, breaking sigstore signature upload HOT 15
- Blob reuse decisions do not take into account manifest support HOT 1
- Cannot copy buildkit cache images HOT 2
- Support for structured logging (using `log/slog`) HOT 5
- proposal: Support append images into docker archive HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image.