Comments (1)
This affects not just @id
references, but also all tagged references (where a manifest digest is not provided by the caller).
The original report is about a multi-arch manifest where we have only pulled a non-default architecture and consuming the multi-arch manifest the usual way would look for a manifest which we don’t have.
There’s another problematic case: if we are validating signatures for a specific name, we need to find the manifest that is signed under that name (if multiple manifests, some signed, some not, end up being stored in the same deduplicated image). We don’t currently, by default validate signatures in c/storage during ordinary Podman operation, but CRI-O wants to introduce that around cri-o/cri-o#7046 .
In that case we probably need to maintain native RepoTags records (name:tag → digest, not just name@digest) to be able to find “the right” manifest without having to parse signatures. But that would also make handling the non-default-architecture case even harder, because we would explicitly record that we want to refer to the multi-arch manifest. ?!
I.e. users who pull an image with a non-default architecture option would have to also later consume it with a non-default architecture option. That’s somewhat plausible for a single-image operation, but it completely breaks down for podman images
and similar operations which want to work with all images.
So, I guess, instead of “the obvious RepoTags” we would need to record “resolved RepoTags”, where we don’t point at the multi-arch manifest list, but only at the per-arch manifest. Or, possibly, record both, one for reporting to users in inspect
, and one for actual image lookups?!
from image.
Related Issues (20)
- Copies don’t set OCI1InstanceAnnotationCompressionZSTD on Zstd:chunked HOT 1
- Allow configuring a registry as http-only HOT 3
- Copy fails with "use of closed network connection" error when using a slow proxy HOT 9
- Use OCI Go constants in the OCI transport
- [doc] fix warning when generating man pages with go-md2man HOT 3
- support for url path's in registries.conf unqualified-search-registries HOT 9
- containers-policy.json: provide default config in /usr/ HOT 6
- Conversion to schema1 does not fail with Zstd layers, making it uncertain we correctly convert to OCI HOT 1
- Copies of originally-compressed images from c/storage to uncompressed destinations don’t trigger MIME type updates HOT 1
- Converting a SIF image should not require fakeroot HOT 4
- Zstd(:chunked) work tracking checklist HOT 2
- Copies with Zstd compression to schema-agnostic transports don’t trigger schema conversion HOT 2
- TemporaryDirectoryForBigFiles() can still ignore $TMPDIR HOT 3
- isManifestUnknownError fails against Harbor registries, breaking sigstore signature upload HOT 15
- Blob reuse decisions do not take into account manifest support HOT 1
- Cannot copy buildkit cache images HOT 2
- Support for structured logging (using `log/slog`) HOT 5
- proposal: Support append images into docker archive HOT 1
- Make a new release HOT 2
- Docker client code can no longer talk to the latest verson of the docker daemon 25.0.0 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image.