Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure New Layers Match Image Media Type #2700

Merged
merged 1 commit into from
Aug 29, 2023
Merged

Ensure New Layers Match Image Media Type #2700

merged 1 commit into from
Aug 29, 2023

Conversation

loganprice
Copy link
Contributor

@loganprice loganprice commented Aug 26, 2023
edited
Loading

Fixes #1836 in case of a bug fix, this should point to a bug and any other related issue(s)

Description

Before adding a layer to an image check the images manifest media type and then add the layer with the corresponding media type.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes unit tests
  • Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

  • The code flow looks good.
  • Unit tests and or integration tests added.

Release Notes

Describe any changes here so maintainer can include it in the release notes, or delete this block.

@loganprice loganprice force-pushed the ensure_mediatypes_match branch from 90b78ef to feea05e Compare August 26, 2023 02:42
@aaron-prindle
Copy link
Collaborator

aaron-prindle commented Aug 29, 2023
edited
Loading

Thanks for the PR here @loganprice! Just tested this using the repro identified in #1836 and looks like it’s working great! Adding my testing results below for others who might be looking at this:

Build an OCI base image named [gcr.io/<repo-name>/base-image:latest](http://gcr.io/<repo-name>/base-image:latest) using podman with the below Containerfile:

Containerfile

FROM docker.io/alpine
RUN touch file.txt
RUN echo "hello world"

Results in the following layers[i].mediaType: application/vnd.oci.image.layer.v1.tar+gzip

$ skopeo inspect --raw docker://gcr.io/<repo-name>/base-image:latest | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "digest": "sha256:082ee62d11b7c4331131e2cd1b522b72b5904511112a0f3087785100428cd9e8",
    "size": 1030
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:97d7b294855ea22919bd873ce14c0bde0ba6702a2324133153d589153d96bd93",
      "size": 3494996
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:74acd493e8f8a8c3228561a31428b7cb0960e5dbc2abce49fa7e46f4a63b721e",
      "size": 164
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d",
      "size": 34
    }
  ],
  "annotations": {
    "org.opencontainers.image.base.digest": "sha256:17e69582475dc2e805ddda4d09c2c089349a6f8d5cb11b2ff632edcd6587b981",
    "org.opencontainers.image.base.name": "docker.io/library/alpine:latest"
  }
}

Then an image is built FROM that OCI image using kaniko w/ the following Dockerfile:

Dockerfile

FROM ubuntu:20.04 as installer
ADD installer.sh .
RUN bash installer.sh
######################
FROM gcr.io/<repo-name>/base-image:latest
COPY --from=installer /opt/application /opt/application
RUN ln -s /opt/application/1.0.0 /opt/application/stable
CMD ["/bin/bash"]

Where [installer.sh](http://installer.sh/) is

mkdir -p /opt/application/1.0.0
touch /opt/application/1.0.0/file.txt
touch /opt/application/1.0.0/file2.txt
touch /opt/application/1.0.0/file3.txt

Using kaniko @ HEAD (w/o this PR) the results incorrectly have layers[i].mediaType values of both application/vnd.oci.image.layer.v1.tar+gzip and application/vnd.docker.image.rootfs.diff.tar.gzip

$ skopeo inspect --raw docker://gcr.io/<repo-name>/kaniko-test:latest | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 1429,
    "digest": "sha256:84e146bb9a534436347a6d049fc9cfeac220953643eb4129ab6b9f483c370b9d"
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 3494996,
      "digest": "sha256:97d7b294855ea22919bd873ce14c0bde0ba6702a2324133153d589153d96bd93"
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 164,
      "digest": "sha256:74acd493e8f8a8c3228561a31428b7cb0960e5dbc2abce49fa7e46f4a63b721e"
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 34,
      "digest": "sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 496,
      "digest": "sha256:7a82e9349afca5356b19dee04d8e277cf6170b43db5582e373f40adfc6ad80a2"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 437,
      "digest": "sha256:f540484ad5d323a207c600052483ac30177ed3ad08620b249c6e8b5981897d4c"
    }
  ],
  "annotations": {
    "org.opencontainers.image.base.digest": "sha256:17e69582475dc2e805ddda4d09c2c089349a6f8d5cb11b2ff632edcd6587b981",
    "org.opencontainers.image.base.name": "docker.io/library/alpine:latest"
  }
}

Using kaniko w/ this PR the results corretly have a layers[i].mediaType of application/vnd.oci.image.layer.v1.tar+gzip

$ skopeo inspect --raw docker://gcr.io/<repo-name>/kaniko-test:latest | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 1429,
    "digest": "sha256:9600df3e927f23d9bb1fd158be7051a5b0949b89010ced63100b9b52738f337a"
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 3494996,
      "digest": "sha256:97d7b294855ea22919bd873ce14c0bde0ba6702a2324133153d589153d96bd93"
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 164,
      "digest": "sha256:74acd493e8f8a8c3228561a31428b7cb0960e5dbc2abce49fa7e46f4a63b721e"
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 34,
      "digest": "sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d"
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 501,
      "digest": "sha256:aa79049a3805626f7d09dc2acef48525fc0e4922df5f953377c7b083043ab9bb"
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 433,
      "digest": "sha256:b59c2d0b1062f64dc3f00ef2ebf9d6691ff4d6139a649ecd75f95fc2235d8e4c"
    }
  ],
  "annotations": {
    "org.opencontainers.image.base.digest": "sha256:17e69582475dc2e805ddda4d09c2c089349a6f8d5cb11b2ff632edcd6587b981",
    "org.opencontainers.image.base.name": "docker.io/library/alpine:latest"
  }
}

aaron-prindle
aaron-prindle approved these changes Aug 29, 2023
View reviewed changes
Copy link
Collaborator

@aaron-prindle aaron-prindle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the PR here @loganprice!

@aaron-prindle aaron-prindle merged commit e9787f8 into GoogleContainerTools:main Aug 29, 2023
@pditommaso pditommaso mentioned this pull request Aug 31, 2023
Closed
This was referenced Feb 6, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaron-prindle aaron-prindle aaron-prindle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Image built with Kaniko claims to be OCI but in reality is not
2 participants
@loganprice @aaron-prindle