Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inaccurate descriptors returned when discovering referrers #20187

Closed
nathan-joslin opened this issue Mar 28, 2024 · 3 comments
Closed

Inaccurate descriptors returned when discovering referrers #20187

nathan-joslin opened this issue Mar 28, 2024 · 3 comments
Assignees
@MinerYang
Labels
kind/bug kind/distribution-spec needs/follow-up target/2.11.0

Comments

@nathan-joslin
Copy link

Expected Behavior and Actual Behavior:

When discovering referrers of an image, harbor does not accurately report the size of referring manifests in the descriptors it returns. Instead of returning the size of the manifest it appears to return a size equal to the sum of the manifest and all successors, i.e. sum of manifest, config, and layers.

See OCI distribution spec listing referrers

Actual Behavior

  1. Request: GET /v2/project/repo/image/referrers/sha256:1880b485da1f81cf70b18b836e2c49544e83f4305dedfafbe71d25fbd1a63c51

  2. Response: HTTP/2.0 200 OK\r\nContent-Length: 297

Looking at a descriptor in the returned index manifest:

{
  "mediaType":"application/vnd.oci.image.manifest.v1+json",
  "digest":"sha256:917e5c9e09f810dfa7dc4ae4d4c54b8505a052f91d837e02d0b469e46954923c",
  "size":2621,
  "artifactType":"application/vnd.cncf.notary.signature"
  }

The size in this returned descriptor appears to be the sum of the referring manifest itself as well as its successors:

Referring Manifest: 1433
Config: 2 (empty config)
Layer: 1263 (single layer)
Total: 2621

Expected Behavior

The returned descriptors should have a size equal to the referring manifest, not the sum of the manifest and successors. In the example above one would expect a size of 1433.

Result of Bug

The inaccurate descriptor results in "mismatch Content-Length" errors from more strict tools such as the Oras CLI or oras-go.

Steps to Reproduce

  • Push an image to a harbor registry
$ oras push OCI_REF PATH_TO_ARBITRARY_FILE
  • Sign the image with the notation cli
$ notation cert generate-test example
$ notation sign OCI_REF --key example
  • Copy the image to another repository in harbor, to another registry, or locally
$ oras copy OCI_REF DEST_OCI_REF -r
Error: GET OCI_REF/manifests/REFERRER_DIGEST: mismatch Content-Length
  • harbor version: [2.10.0]
@MinerYang
Copy link
Contributor

Which notation version you are using?

@nathan-joslin
Copy link
Author

@MinerYang

$ notation version
Notation - a tool to sign and verify artifacts.

Version:     v1.1.0+Homebrew
Go version:  go1.21.6

As a side note it appears that sum of the manifest and successors is the same as what's displayed in the UI (although converted to KiB).

@wy65701436 wy65701436 self-assigned this Apr 1, 2024
@wy65701436
Copy link
Contributor

@nathan-joslin good catch, we will fix it in the coming release, v2.11, thanks.

@wy65701436 wy65701436 assigned MinerYang and unassigned wy65701436 Apr 2, 2024
This was referenced Apr 2, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MinerYang MinerYang

Labels
kind/bug kind/distribution-spec needs/follow-up target/2.11.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wy65701436 @MinerYang @nathan-joslin