Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Annotations in the apko yaml file aren't picked up. #481

Closed
found-it opened this issue Jan 27, 2023 · 12 comments
Closed

Annotations in the apko yaml file aren't picked up. #481

found-it opened this issue Jan 27, 2023 · 12 comments
Assignees
@amouat
Labels
images chainguard images wolfi OS and packaging tools

Comments

@found-it
Copy link

It seems that annotations inside an apko yaml file aren't picked up when the image is built. My manifest is

contents:
  keyring:
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
    - https://packages.wolfi.dev/os
  packages:
    - wolfi-baselayout
    - busybox

accounts:
  groups:
    - groupname: inky
      gid: 1001
  users:
    - username: inky
      uid: 1001
      gid: 1001
  run-as: inky

environment:
  VERSION: v0.0.1

entrypoint:
  command: sh

archs:
  - x86_64

annotations:
  foo: bar

When I run apko build it seems to get picked up (by looking at the log). However when I look at the image manifest, the annotations don't exist. I tried loading the image and pushing it to a registry then using crane manifest to check the manifest and still no annotations.

apko build log 
Jan 27 22:29:48.807 [INFO] loading config file: /work/configs/latest.apko.yaml
Jan 27 22:29:48.808 [DEBUG] [arch:x86_64] failed to probe VCS URL: opening git repository: directory /work/configs is not in a git repository
Jan 27 22:29:48.808 [INFO] [arch:x86_64] WARNING: ignoring archs in config, only building for current arch (amd64)
Jan 27 22:29:48.808 [INFO] [arch:x86_64] building image 'myreg/inky:build'
Jan 27 22:29:48.808 [INFO] [arch:x86_64] build context:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   working directory: /tmp/apko-799989857
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   tarball path:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   use proot: false
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   source date: 1970-01-01 00:00:00 +0000 UTC
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   Docker mediatypes: false
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   SBOM output path: /work
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   arch: x86_64
Jan 27 22:29:48.808 [INFO] [arch:x86_64] image configuration:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   contents:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     repositories: [https://packages.wolfi.dev/os]
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     keyring:      [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub]
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     packages:     [wolfi-baselayout busybox]
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   entrypoint:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     type:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     command:     /usr/bin/inky
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     service: map[]
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     shell fragment:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]   accounts:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     runas:  inky
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     users:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]       - uid=1001(inky) gid=1001
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     groups:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]       - gid=1001(inky) members=[]
Jan 27 22:29:48.808 [INFO] [arch:x86_64]     annotations:
Jan 27 22:29:48.808 [INFO] [arch:x86_64]       foo: bar
Jan 27 22:29:48.808 [INFO] [arch:x86_64] doing pre-flight checks
Jan 27 22:29:48.808 [INFO] [arch:x86_64] building image fileystem in /tmp/apko-799989857
Jan 27 22:29:48.808 [INFO] [arch:x86_64] initializing apk database
Jan 27 22:29:48.808 [INFO] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] running: /sbin/apk add --initdb --arch x86_64 --root /tmp/apko-799989857
Jan 27 22:29:48.810 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] OK: 0 MiB in 0 packages
Jan 27 22:29:48.811 [INFO] [arch:x86_64] initializing apk world
Jan 27 22:29:48.811 [INFO] [arch:x86_64] initializing apk keyring
Jan 27 22:29:48.811 [INFO] [arch:x86_64] initializing apk repositories
Jan 27 22:29:48.811 [DEBUG] [arch:x86_64] appending 1 extra keys to keyring
Jan 27 22:29:48.811 [DEBUG] [arch:x86_64] installing key /github/workspace/melange.rsa.pub
Jan 27 22:29:48.811 [DEBUG] [arch:x86_64] installing key https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
Jan 27 22:29:48.949 [INFO] [arch:x86_64] synchronizing with desired apk world
Jan 27 22:29:48.949 [INFO] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] running: /sbin/apk fix --root /tmp/apko-799989857 --no-scripts --no-cache --update-cache --arch x86_64
Jan 27 22:29:48.955 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
Jan 27 22:29:49.080 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (1/4) Installing glibc-locale-posix (2.36-r5)
Jan 27 22:29:49.194 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (2/4) Installing wolfi-baselayout (20221118-r1)
Jan 27 22:29:49.303 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (3/4) Installing glibc (2.36-r5)
Jan 27 22:29:49.504 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (4/4) Installing busybox (1.35.0-r5)
Jan 27 22:29:49.620 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] OK: 6 MiB in 4 packages
Jan 27 22:29:49.623 [INFO] [arch:x86_64] creating user 1001(inky)
Jan 27 22:29:49.623 [INFO] [arch:x86_64] creating group 1001(inky)
Jan 27 22:29:49.624 [INFO] [arch:x86_64] [cmd:/bin/busybox] [use-proot:false] [use-qemu:] running: /usr/sbin/chroot /tmp/apko-799989857 /bin/busybox --install -s
Jan 27 22:29:49.631 [INFO] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] running: /usr/sbin/chroot /tmp/apko-799989857 /sbin/ldconfig -v /lib
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/local/lib: No such file or directory
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/local/lib64: No such file or directory
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:3 and <cmdline>:0)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib64' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:4 and <cmdline>:0)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib64' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:6 and /etc/ld.so.conf:5)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and <cmdline>:0)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib64' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and <cmdline>:0)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /libx32: No such file or directory
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and /etc/ld.so.conf:5)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib64' given more than once
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and /etc/ld.so.conf:5)
Jan 27 22:29:49.632 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/libx32: No such file or directory
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /lib: (from <cmdline>:0)
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libutil.so.1 -> libutil.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libthread_db.so.1 -> libthread_db.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    librt.so.1 -> librt.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libresolv.so.2 -> libresolv.so.2
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libpthread.so.0 -> libpthread.so.0
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnss_files.so.2 -> libnss_files.so.2
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnss_dns.so.2 -> libnss_dns.so.2
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnss_compat.so.2 -> libnss_compat.so.2
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnsl.so.1 -> libnsl.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libmvec.so.1 -> libmvec.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libmemusage.so -> libmemusage.so
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libm.so.6 -> libm.so.6
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libdl.so.2 -> libdl.so.2
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libcrypt.so.1 -> libcrypt.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libc_malloc_debug.so.0 -> libc_malloc_debug.so.0
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libc.so.6 -> libc.so.6
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libanl.so.1 -> libanl.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libBrokenLocale.so.1 -> libBrokenLocale.so.1
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    ld-linux-x86-64.so.2 -> ld-linux-x86-64.so.2
Jan 27 22:29:49.649 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /usr/lib: (from /etc/ld.so.conf:5)
Jan 27 22:29:49.649 [WARNING] [arch:x86_64] did not generate /etc/os-release: already present
Jan 27 22:29:49.649 [INFO] [arch:x86_64] generating supervision tree
Jan 27 22:29:49.649 [INFO] [arch:x86_64] finished building filesystem in /tmp/apko-799989857
Jan 27 22:29:49.706 [INFO] [arch:x86_64] built image layer tarball as /tmp/apko-temp-1698668403/apko-x86_64.tar.gz
Jan 27 22:29:49.706 [DEBUG] [arch:x86_64] Not generating SBOMs (WantSBOM = false)
&{ID:wolfi IDLike: Name:Wolfi PrettyName:Wolfi Version: VersionID:20221118 VersionCodename:}Jan 27 22:29:49.765 [INFO] [arch:x86_64] building OCI image from layer '/tmp/apko-temp-1698668403/apko-x86_64.tar.gz'
Jan 27 22:29:49.820 [INFO] [arch:x86_64] OCI layer digest: sha256:7e8da087bcc57c53d08347b9e9869ce354b159c97221e5c5fb4d5a71e516ee13
Jan 27 22:29:49.820 [INFO] [arch:x86_64] OCI layer diffID: sha256:844cd96e000c74f1cfdf8aa6dea6e5d999ccaaa7777a664e75f9ea219eced50e
Jan 27 22:29:49.820 [WARNING] [arch:x86_64] multiple SBOM formats requested, uploading SBOM with media type: spdx+json
Jan 27 22:29:49.828 [INFO] [arch:x86_64] output OCI image file to inky.tar

➜ crane manifest myreg/inky:build | jq
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
  "config": {
    "mediaType": "application/vnd.docker.container.image.v1+json",
    "digest": "sha256:432b230bfedbd5615aa8d8f7df5b93e37614b82bf373f9fd9322546fa0527fa2",
    "size": 437
  },
  "layers": [
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "digest": "sha256:425071e62d6eab62ec2206d4f45d8743cde1926696d547a0398b138a7f5d063f",
      "size": 41260639
    }
  ]
}

I also tried apko publish but the log seems to indicate the annotations aren't being picked up at all. I also tried crane manifest with the published image and it didn't contain any annotations.

apko publish log 
Jan 27 22:36:14.256 [INFO] loading config file: /work/configs/latest.apko.yaml
Jan 27 22:36:14.256 [DEBUG] [arch:x86_64] failed to probe VCS URL: opening git repository: directory /work/configs is not in a git repository
Jan 27 22:36:14.256 [INFO] [arch:x86_64] Publishing images for 1 architectures: [amd64]
Jan 27 22:36:14.256 [INFO] [arch:x86_64] building tags [myreg/inky:publish]
Jan 27 22:36:14.256 [INFO] [arch:x86_64] build context:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   working directory: /tmp/apko-3190829296/x86_64
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   tarball path:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   use proot: false
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   source date: 1970-01-01 00:00:00 +0000 UTC
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   Docker mediatypes: false
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   SBOM output path:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   arch: x86_64
Jan 27 22:36:14.256 [INFO] [arch:x86_64] image configuration:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   contents:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     repositories: [https://packages.wolfi.dev/os]
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     keyring:      [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub]
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     packages:     [wolfi-baselayout busybox]
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   entrypoint:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     type:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     command:     sh
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     service: map[]
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     shell fragment:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]   accounts:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     runas:  inky
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     users:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]       - uid=1001(inky) gid=1001
Jan 27 22:36:14.256 [INFO] [arch:x86_64]     groups:
Jan 27 22:36:14.256 [INFO] [arch:x86_64]       - gid=1001(inky) members=[]
Jan 27 22:36:14.256 [INFO] [arch:x86_64] doing pre-flight checks
Jan 27 22:36:14.256 [INFO] [arch:x86_64] building image fileystem in /tmp/apko-3190829296/x86_64
Jan 27 22:36:14.256 [INFO] [arch:x86_64] initializing apk database
Jan 27 22:36:14.256 [INFO] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] running: /sbin/apk add --initdb --arch x86_64 --root /tmp/apko-3190829296/x86_64
Jan 27 22:36:14.259 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] OK: 0 MiB in 0 packages
Jan 27 22:36:14.260 [INFO] [arch:x86_64] initializing apk world
Jan 27 22:36:14.260 [INFO] [arch:x86_64] initializing apk repositories
Jan 27 22:36:14.260 [INFO] [arch:x86_64] initializing apk keyring
Jan 27 22:36:14.260 [DEBUG] [arch:x86_64] appending 1 extra keys to keyring
Jan 27 22:36:14.260 [DEBUG] [arch:x86_64] installing key /github/workspace/melange.rsa.pub
Jan 27 22:36:14.260 [DEBUG] [arch:x86_64] installing key https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
Jan 27 22:36:14.347 [INFO] [arch:x86_64] synchronizing with desired apk world
Jan 27 22:36:14.348 [INFO] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] running: /sbin/apk fix --root /tmp/apko-3190829296/x86_64 --no-scripts --no-cache --update-cache --arch x86_64
Jan 27 22:36:14.353 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
Jan 27 22:36:14.502 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (1/4) Installing glibc-locale-posix (2.36-r5)
Jan 27 22:36:14.611 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (2/4) Installing wolfi-baselayout (20221118-r1)
Jan 27 22:36:14.710 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (3/4) Installing glibc (2.36-r5)
Jan 27 22:36:14.906 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] (4/4) Installing busybox (1.35.0-r5)
Jan 27 22:36:15.019 [DEBUG] [arch:x86_64] [cmd:apk] [use-proot:false] [use-qemu:] OK: 6 MiB in 4 packages
Jan 27 22:36:15.021 [INFO] [arch:x86_64] creating user 1001(inky)
Jan 27 22:36:15.022 [INFO] [arch:x86_64] creating group 1001(inky)
Jan 27 22:36:15.022 [INFO] [arch:x86_64] [cmd:/bin/busybox] [use-proot:false] [use-qemu:] running: /usr/sbin/chroot /tmp/apko-3190829296/x86_64 /bin/busybox --install -s
Jan 27 22:36:15.027 [INFO] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] running: /usr/sbin/chroot /tmp/apko-3190829296/x86_64 /sbin/ldconfig -v /lib
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/local/lib: No such file or directory
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/local/lib64: No such file or directory
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:3 and <cmdline>:0)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib64' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:4 and <cmdline>:0)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib64' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:6 and /etc/ld.so.conf:5)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and <cmdline>:0)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib64' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and <cmdline>:0)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /libx32: No such file or directory
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and /etc/ld.so.conf:5)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib64' given more than once
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and /etc/ld.so.conf:5)
Jan 27 22:36:15.028 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/libx32: No such file or directory
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /lib: (from <cmdline>:0)
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libutil.so.1 -> libutil.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libthread_db.so.1 -> libthread_db.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    librt.so.1 -> librt.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libresolv.so.2 -> libresolv.so.2
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libpthread.so.0 -> libpthread.so.0
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnss_files.so.2 -> libnss_files.so.2
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnss_dns.so.2 -> libnss_dns.so.2
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnss_compat.so.2 -> libnss_compat.so.2
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libnsl.so.1 -> libnsl.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libmvec.so.1 -> libmvec.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libmemusage.so -> libmemusage.so
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libm.so.6 -> libm.so.6
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libdl.so.2 -> libdl.so.2
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libcrypt.so.1 -> libcrypt.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libc_malloc_debug.so.0 -> libc_malloc_debug.so.0
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libc.so.6 -> libc.so.6
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libanl.so.1 -> libanl.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    libBrokenLocale.so.1 -> libBrokenLocale.so.1
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:]    ld-linux-x86-64.so.2 -> ld-linux-x86-64.so.2
Jan 27 22:36:15.043 [DEBUG] [arch:x86_64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /usr/lib: (from /etc/ld.so.conf:5)
Jan 27 22:36:15.043 [WARNING] [arch:x86_64] did not generate /etc/os-release: already present
Jan 27 22:36:15.043 [INFO] [arch:x86_64] generating supervision tree
Jan 27 22:36:15.043 [INFO] [arch:x86_64] finished building filesystem in /tmp/apko-3190829296/x86_64
Jan 27 22:36:15.102 [INFO] [arch:x86_64] built image layer tarball as /tmp/apko-temp-387851303/apko-x86_64.tar.gz
Jan 27 22:36:15.102 [DEBUG] [arch:x86_64] Not generating SBOMs (WantSBOM = false)
Jan 27 22:36:15.102 [INFO] [arch:x86_64] building OCI image from layer '/tmp/apko-temp-387851303/apko-x86_64.tar.gz'
Jan 27 22:36:15.154 [INFO] [arch:x86_64] OCI layer digest: sha256:5b4d7e1f2f7cc52de50960122c96bfae2634ef4e7c4e80c34a93e48645e66729
Jan 27 22:36:15.154 [INFO] [arch:x86_64] OCI layer diffID: sha256:5d7b4e256b9c7a17e51c07dba142605ffd842e62576ff14b873ddc3081eb57c6
Jan 27 22:36:15.154 [INFO] [arch:x86_64] publishing image tag myreg/inky:publish

➜ crane manifest myreg/inky:publish | jq
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 437,
    "digest": "sha256:a2380aa80eb0160d35d7ffc516fd3e605f8ae723b0d6fede2ef875c32ed6cc7f"
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 41260637,
      "digest": "sha256:9a8b58c376643ebce62caa31e51a4ed585a5bb3a30a2df5cc91f9682ad6f5af7"
    }
  ]
}
@kaniini
Copy link
Contributor

kaniini commented Feb 9, 2023

My guess is that the annotations are going to the wrong place. Have you tried with a single-arch build?

@found-it
Copy link
Author

found-it commented Feb 9, 2023

Thanks for the response @kaniini, sorry if I'm misunderstanding but I thought these lines in the apko manifest indicated a single-arch build? Or is there something else I need to do?

archs:
  - x86_64

@amouat
Copy link
Contributor

amouat commented Feb 20, 2023

Not working here either. To recreate:

❯ cat latest.apko.yaml
contents:
  keyring:
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
    - https://packages.wolfi.dev/os
  packages:
    - wolfi-base

archs:
  - aarch64

annotations:
  foo: bar
  "org.opencontainers.image.url": "https://chainguard.dev"

Build step with debug, note annotations are picked up at the start:

❯ docker run --platform linux/aarch64 --rm -v "${PWD}":/work cgr.dev/chainguard/apko build --debug latest.apko.yaml apko-test out.tar
Feb 20 10:58:28.095 [INFO] loading config file: latest.apko.yaml
Feb 20 10:58:28.098 [DEBUG] [arch:aarch64] failed to probe VCS URL: opening git repository: directory /work is not in a git repository
Feb 20 10:58:28.098 [INFO] [arch:aarch64] WARNING: ignoring archs in config, only building for current arch (arm64)
Feb 20 10:58:28.098 [INFO] [arch:aarch64] building image 'apko-test'
Feb 20 10:58:28.098 [INFO] [arch:aarch64] build context:
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   working directory: /tmp/apko-3416258004
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   tarball path:
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   use proot: false
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   source date: 1970-01-01 00:00:00 +0000 UTC
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   Docker mediatypes: false
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   SBOM output path: /work
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   arch: aarch64
Feb 20 10:58:28.098 [INFO] [arch:aarch64] image configuration:
Feb 20 10:58:28.098 [INFO] [arch:aarch64]   contents:
Feb 20 10:58:28.098 [INFO] [arch:aarch64]     repositories: [https://packages.wolfi.dev/os]
Feb 20 10:58:28.098 [INFO] [arch:aarch64]     keyring:      [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub]
Feb 20 10:58:28.098 [INFO] [arch:aarch64]     packages:     [wolfi-base]
Feb 20 10:58:28.098 [INFO] [arch:aarch64]     annotations:
Feb 20 10:58:28.098 [INFO] [arch:aarch64]       foo: bar
Feb 20 10:58:28.098 [INFO] [arch:aarch64]       org.opencontainers.image.url: https://chainguard.dv
Feb 20 10:58:28.098 [INFO] [arch:aarch64] doing pre-flight checks
Feb 20 10:58:28.098 [INFO] [arch:aarch64] building image fileystem in /tmp/apko-3416258004
Feb 20 10:58:28.098 [INFO] [arch:aarch64] initializing apk database
Feb 20 10:58:28.098 [INFO] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] running: /sbin/apk add --initdb --arch aarch64 --root /tmp/apko-3416258004
Feb 20 10:58:28.102 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] OK: 0 MiB in 0 packages
Feb 20 10:58:28.103 [INFO] [arch:aarch64] initializing apk world
Feb 20 10:58:28.103 [INFO] [arch:aarch64] initializing apk repositories
Feb 20 10:58:28.103 [INFO] [arch:aarch64] initializing apk keyring
Feb 20 10:58:28.103 [DEBUG] [arch:aarch64] installing key https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
Feb 20 10:58:29.008 [INFO] [arch:aarch64] synchronizing with desired apk world
Feb 20 10:58:29.008 [INFO] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] running: /sbin/apk fix --root /tmp/apko-3416258004 --no-scripts --no-cache --update-cache --arch aarch64
Feb 20 10:58:29.018 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] fetch https://packages.wolfi.dev/os/aarch64/APKINDEX.tar.gz
Feb 20 10:58:29.357 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (1/11) Installing ca-certificates-bundle (20220614-r4)
Feb 20 10:58:29.670 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (2/11) Installing glibc-locale-posix (2.36-r6)
Feb 20 10:58:29.967 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (3/11) Installing wolfi-baselayout (20230201-r0)
Feb 20 10:58:30.233 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (4/11) Installing glibc (2.36-r6)
Feb 20 10:58:30.676 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (5/11) Installing libcrypto3 (3.0.8-r0)
Feb 20 10:58:31.446 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (6/11) Installing libssl3 (3.0.8-r0)
Feb 20 10:58:31.778 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (7/11) Installing zlib (1.2.13-r3)
Feb 20 10:58:32.057 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (8/11) Installing apk-tools (2.12.11-r2)
Feb 20 10:58:32.380 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (9/11) Installing busybox (1.36.0-r0)
Feb 20 10:58:32.752 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (10/11) Installing wolfi-keys (1-r5)
Feb 20 10:58:32.999 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] (11/11) Installing wolfi-base (1-r3)
Feb 20 10:58:33.268 [DEBUG] [arch:aarch64] [cmd:apk] [use-proot:false] [use-qemu:] OK: 10 MiB in 11 packages
Feb 20 10:58:33.279 [INFO] [arch:aarch64] [cmd:/bin/busybox] [use-proot:false] [use-qemu:] running: /usr/sbin/chroot /tmp/apko-3416258004 /bin/busybox --install -s
Feb 20 10:58:33.288 [INFO] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] running: /usr/sbin/chroot /tmp/apko-3416258004 /sbin/ldconfig -v /lib
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/local/lib: No such file or directory
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/local/lib64: No such file or directory
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:3 and <cmdline>:0)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib64' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:4 and <cmdline>:0)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib64' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from /etc/ld.so.conf:6 and /etc/ld.so.conf:5)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and <cmdline>:0)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/lib64' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and <cmdline>:0)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /libilp32: No such file or directory
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and /etc/ld.so.conf:5)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Path `/usr/lib64' given more than once
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] (from <builtin>:0 and /etc/ld.so.conf:5)
Feb 20 10:58:33.289 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /sbin/ldconfig: Can't stat /usr/libilp32: No such file or directory
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /lib: (from <cmdline>:0)
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libdl.so.2 -> libdl.so.2
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libnss_files.so.2 -> libnss_files.so.2
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libapk.so.3.12.0 -> libapk.so.3.12.0
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libnss_dns.so.2 -> libnss_dns.so.2
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libBrokenLocale.so.1 -> libBrokenLocale.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libnss_compat.so.2 -> libnss_compat.so.2
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libz.so.1 -> libz.so.1.2.13
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libanl.so.1 -> libanl.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libm.so.6 -> libm.so.6
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	librt.so.1 -> librt.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libcrypt.so.1 -> libcrypt.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libnsl.so.1 -> libnsl.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libpthread.so.0 -> libpthread.so.0
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libc.so.6 -> libc.so.6
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libutil.so.1 -> libutil.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libc_malloc_debug.so.0 -> libc_malloc_debug.so.0
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libmemusage.so -> libmemusage.so
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libresolv.so.2 -> libresolv.so.2
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libthread_db.so.1 -> libthread_db.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	ld-linux-aarch64.so.1 -> ld-linux-aarch64.so.1
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] /usr/lib: (from /etc/ld.so.conf:5)
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libcrypto.so.3 -> libcrypto.so.3
Feb 20 10:58:33.292 [DEBUG] [arch:aarch64] [cmd:/sbin/ldconfig] [use-proot:false] [use-qemu:] 	libssl.so.3 -> libssl.so.3
Feb 20 10:58:33.292 [WARNING] [arch:aarch64] did not generate /etc/os-release: already present
Feb 20 10:58:33.292 [INFO] [arch:aarch64] generating supervision tree
Feb 20 10:58:33.292 [INFO] [arch:aarch64] finished building filesystem in /tmp/apko-3416258004
Feb 20 10:58:33.358 [INFO] [arch:aarch64] built image layer tarball as /tmp/apko-temp-911633541/apko-aarch64.tar.gz
Feb 20 10:58:33.358 [DEBUG] [arch:aarch64] Not generating SBOMs (WantSBOM = false)
&{ID:wolfi IDLike: Name:Wolfi PrettyName:Wolfi Version: VersionID:20230201 VersionCodename:}Feb 20 10:58:33.429 [INFO] [arch:aarch64] building OCI image from layer '/tmp/apko-temp-911633541/apko-aarch64.tar.gz'
Feb 20 10:58:33.494 [INFO] [arch:aarch64] OCI layer digest: sha256:dcdd5a40123e09ffd90b005a112bf4154d9e303881b8145442cca72218f29997
Feb 20 10:58:33.494 [INFO] [arch:aarch64] OCI layer diffID: sha256:0846a88216ee9093a8740ab0831898df4cb28cd317fae5554b69a92c1a1ba7a9
Feb 20 10:58:33.494 [WARNING] [arch:aarch64] multiple SBOM formats requested, uploading SBOM with media type: spdx+json
Feb 20 10:58:33.607 [INFO] [arch:aarch64] output OCI image file to out.tar

If we search the tar file, the string isn't present:

> tar xvf  out.tar -O | grep "foo"
x sha256:7abc1ecf82c4f77c397a16901afb9b958edbeaa1d7481b78e586dc3e0dd558aa
x dcdd5a40123e09ffd90b005a112bf4154d9e303881b8145442cca72218f29997.tar.gz
x manifest.json

❯ echo $?
1

@amouat amouat added images chainguard images wolfi OS and packaging tools q123 labels Feb 20, 2023
@amouat
Copy link
Contributor

amouat commented Feb 20, 2023

If someone looks at this, there may be design questions to answer. OCI annotations are not the same thing as Docker labels, but Docker labels are the only thing that is commonly exposed to tooling. I suggest we set both labels and OCI annotations. https://github.com/opencontainers/image-spec/blob/main/annotations.md

@amouat amouat mentioned this issue Feb 20, 2023
Open
@patflynn patflynn added the p1 Very important and will be addressed within the team planning window (weeks/months) label Mar 10, 2023
@dlorenc
Copy link
Member

dlorenc commented Mar 29, 2023

Is this one fixed? we've been adding annotations for awhile now.

@dlorenc
Copy link
Member

dlorenc commented Mar 31, 2023 

% crane manifest --platform=linux/amd64 cgr.dev/chainguard/go | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 476,
    "digest": "sha256:2a8c2e25422b48ebd1fc2c04f6fae356fe0c46c7b6ae41ddd67a7e166206c88c"
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 187965818,
      "digest": "sha256:f5d46be78e5ee5007db174a73235169653a99894c71ab54a3409c6602846c551"
    }
  ],
  "annotations": {
    "org.opencontainers.image.revision": "1dcbc451e8783ee8cef562f23bf9af6ad8887950",
    "org.opencontainers.image.source": "https://github.com/chainguard-images/images"
  }
}

@dlorenc
Copy link
Member

dlorenc commented Mar 31, 2023

I'll close this for now.

@dlorenc dlorenc closed this as completed Mar 31, 2023
@amouat
Copy link
Contributor

amouat commented Mar 31, 2023

I think those annotations are special-cased. For example if we look at the terraform image it sets:

annotations:
  "org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/"
  "org.opencontainers.image.url": https://edu.chainguard.dev/chainguard/chainguard-images/reference/terraform/
  "org.opencontainers.image.source": https://github.com/chainguard-images/images/tree/main/images/terraform

But this is what we get:

crane manifest --platform=linux/amd64 cgr.dev/chainguard/terraform | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 562,
    "digest": "sha256:4d52ed817ff416640367d1a4450cfaa4c0e625b1a5dd1f2c9700eb5634a045da"
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "size": 21898812,
      "digest": "sha256:110f671782bd324fd996f9b3905109b2442ae01e29bcaf3ce76682df64a63967"
    }
  ],
  "annotations": {
    "org.opencontainers.image.revision": "1dcbc451e8783ee8cef562f23bf9af6ad8887950",
    "org.opencontainers.image.source": "https://github.com/chainguard-images/images"
  }
}

@amouat amouat reopened this Mar 31, 2023
@amouat amouat self-assigned this Mar 31, 2023
@amouat
Copy link
Contributor

amouat commented Mar 31, 2023

I'll try to take a look at this. I see @imjasonh started on it and there's some comments in the code.

@patflynn patflynn added q223 and removed q123 q223 p1 Very important and will be addressed within the team planning window (weeks/months) labels Apr 3, 2023
@amouat
Copy link
Contributor

amouat commented May 22, 2023
edited
Loading

I've gone down a rabbit-hole trying to figure this out. Locally, it seems annotations are being generated and added to the platform specific manifest. I'm not sure if we just need to update the version of apko used in builds.

However, Docker does not support annotations in docker inspect. Meaning that to find annotation values, I have to do horrible things with tar files or use a tool like crane to get them from a remote registry. I'm thinking that a better solution would be to also set annotations as labels in the config.json, which would add them to docker inspect.

I'll leave this issue open to track the above problem with our builds not including annotations (although it is working locally for me) and I'll open a separate issue for adding labels.

@amouat
Copy link
Contributor

amouat commented May 22, 2023

Fixed the build not including annotations issue in #690 so will close this.

@amouat amouat closed this as completed May 22, 2023
@amouat
Copy link
Contributor

amouat commented May 22, 2023

Also opened #692 to track label support

@imjasonh imjasonh mentioned this issue Jun 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amouat amouat

Labels
images chainguard images wolfi OS and packaging tools
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@amouat @kaniini @dlorenc @patflynn @found-it