Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image Index/Manifestlist can only reference images with same package name #21954

Closed
joniw opened this issue Nov 27, 2022 · 1 comment · Fixed by #22226
Closed

Image Index/Manifestlist can only reference images with same package name #21954

joniw opened this issue Nov 27, 2022 · 1 comment · Fixed by #22226
Labels
topic/packages type/bug

Comments

@joniw
Copy link

joniw commented Nov 27, 2022
edited
Loading

Description

Hello,

in the current container registry implementation an OCI Image Index (or ManifestList for docker) can only reference images with the same image name. Referencing images with other names does not allow to add the manifest.

Example (not working)

root@dev # docker pull amd64/alpine
    Using default tag: latest
    latest: Pulling from amd64/alpine
    c158987b0551: Pull complete
    Digest: sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c
    Status: Downloaded newer image for amd64/alpine:latest
    docker.io/amd64/alpine:latest
root@dev # docker pull arm64v8/alpine
    Using default tag: latest
    latest: Pulling from arm64v8/alpine
    261da4162673: Pull complete
    Digest: sha256:af06af3514c44a964d3b905b498cf6493db8f1cde7c10e078213a89c87308ba0
    Status: Downloaded newer image for arm64v8/alpine:latest
    docker.io/arm64v8/alpine:latest
root@dev # docker tag amd64/alpine gitea-test/test-user/amd64/alpine
root@dev # docker tag arm64v8/alpine gitea-test/test-user/arm64v8/alpine
root@dev # docker push gitea-test/test-user/amd64/alpine
    Using default tag: latest
    The push refers to repository [gitea-test/test-user/amd64/alpine]
    ded7a220bb05: Pushed
    latest: digest: sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c size: 528
root@dev # docker push gitea-test/test-user/arm64v8/alpine
    Using default tag: latest
    The push refers to repository [gitea-test/test-user/arm64v8/alpine]
    1b577a8fb8ce: Pushed
    latest: digest: sha256:af06af3514c44a964d3b905b498cf6493db8f1cde7c10e078213a89c87308ba0 size: 528
root@dev # docker manifest create gitea-test/test-user/alpine gitea-test/test-user/amd64/alpine -a gitea-test/test-user/arm64v8/alpine
    Created manifest list gitea-test/test-user/alpine:latest
root@dev # docker manifest push gitea-test/test-user/alpine
    error mounting test-user/amd64/alpine@sha256:49176f190c7e9cdb51ac85ab6c6d5e4512352218190cd69b08e6fd803ffbf3da to gitea-test/test-user/alpine:latest

Working example:

root@dev # docker pull amd64/alpine
    Using default tag: latest
    latest: Pulling from amd64/alpine
    c158987b0551: Pull complete
    Digest: sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c
    Status: Downloaded newer image for amd64/alpine:latest
    docker.io/amd64/alpine:latest
root@dev # docker pull arm64v8/alpine
    Using default tag: latest
    latest: Pulling from arm64v8/alpine
    261da4162673: Pull complete
    Digest: sha256:af06af3514c44a964d3b905b498cf6493db8f1cde7c10e078213a89c87308ba0
    Status: Downloaded newer image for arm64v8/alpine:latest
    docker.io/arm64v8/alpine:latest
root@dev ~ # docker tag arm64v8/alpine gitea-test/test-user/alpine:latest-arm64v8
root@dev ~ # docker tag amd64/alpine gitea-test/test-user/alpine:latest-amd64
root@dev ~ # docker push gitea-test/test-user/alpine:latest-arm64v8
    The push refers to repository [gitea-test/test-user/alpine]
    1b577a8fb8ce: Pushed
    latest-arm64v8: digest: sha256:af06af3514c44a964d3b905b498cf6493db8f1cde7c10e078213a89c87308ba0 size: 528
root@dev ~ # docker push gitea-test/test-user/alpine:latest-amd64
    The push refers to repository [gitea-test/test-user/alpine]
    ded7a220bb05: Pushed
    latest-amd64: digest: sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c size: 528
root@dev ~ # docker manifest create gitea-test/test-user/alpine gitea-test/test-user/alpine:latest-amd64 -a gitea-test/test-user/alpine:latest-arm64v8
    Created manifest list gitea-test/test-user/alpine:latest
root@dev ~ # docker manifest push gitea-test/test-user/alpine
    sha256:4a5b8d1fa34a84569d302ab7bddd9c37bad546ee2be6a94d244d8bebb19ded3a

After a short analysis the root cause are the search options used here:

gitea/routers/api/packages/container/manifest.go

Lines 217 to 222 in f48fda8

_, err := container_model.GetContainerBlob(ctx, &container_model.BlobSearchOptions{
OwnerID: mci.Owner.ID,
Image: mci.Image,
Digest: string(manifest.Digest),
IsManifest: true,
})

The image name in the examples is always "alpine". In the not working example no blobs are returned as the names of the images are "amd64/alpine" and "arm64v8/alpine".

In my opinion a user or organisation should be allowed to reference all images/blobs in their packages. A check for the name should not be needed.

With regards
Joniw

Gitea Version

1.17.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Linux

How are you running Gitea?

Test instance in Kubernetes

Database

SQLite
@joniw joniw added the type/bug label Nov 27, 2022
@KN4CK3R KN4CK3R mentioned this issue Dec 23, 2022
Merged
@KN4CK3R
Copy link
Member

KN4CK3R commented Dec 23, 2022

Fixed in #22226

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
topic/packages type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix container blob mount KN4CK3R/gitea
2 participants
@KN4CK3R @joniw