Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crane copy does not work with non-distributable layers #741

Closed
dvob opened this issue Jul 16, 2020 · 3 comments
Closed

crane copy does not work with non-distributable layers #741

dvob opened this issue Jul 16, 2020 · 3 comments

Comments

@dvob
Copy link
Contributor

dvob commented Jul 16, 2020

Since docker distribution version 2.7 validation is enabled by default. As far as I understand this makes it impossible to copy images with non-distributable layers, since these layers are not uploaded (

go-containerregistry/pkg/v1/remote/write.go

Line 76 in 72597da

if !mt.IsDistributable() {
).

Steps to reproduce:

$ docker run -it --rm -p 443:5000 --name registry -v "$(pwd)"/tls.key:/certs/tls.key -v "$(pwd)"/tls.crt:/certs/tls.crt -e REGISTRY_HTTP_TLS_CERTIFICA=/certs/tls.crt -e REGISTRY_HTTP_TLS_KEY=/certs/tls.key registry:2.7

$ crane copy mongo@sha256:1b29fbe615ce2f0a91e8973a1aa6fca59b4aaa21bc5d6c8311e6a55cc6ff6b18 my.reg/mongo:latest
...
failed to copy index: PUT https://my.reg/v2/mongo/manifests/sha256:2487bc12c2f0933de86100d72b213e37d0ff2ef5c4419288a03e50778505a3be: multiple errors returned: UNKNOWN: unknown error; UNKNOWN: unknown error; map[]; MANIFEST_BLOB_UNKNOWN: blob unknown to registry; sha256:3889bb8d808bbae6fa5a33e07093e65c31371bcf9e4c38c21be6b9af52ad1548; UNKNOWN: unknown error; UNKNOWN: unknown error; map[]; MANIFEST_BLOB_UNKNOWN: blob unknown to registry; sha256:bf261bf8d7bc7faa62a55474c337e0c2bf6e7d24df25e7737fa97ace46a2cd9a

I think this is mainly a problem for windows images which I don't need either way. So for me a solution for this problem would be if one could only copy images from a certain platform. For example skopeo supports this. By default skopeo only copies the image which matches the current platform. Another benefit of specifying the platform is that copy runs faster since images which are not needed are not copied.
@dvob dvob mentioned this issue Jul 16, 2020
Merged
@jonjohnsonjr
Copy link
Collaborator

This is upsetting. I can't believe how poorly the non-distributable layers stuff was implemented :/

Specifying platform seems like a good thing to add. I'd also be fine adding a --allow-nondistributable-artifacts flag to allow pushing the blobs anyway... maybe both.

@dvob
Copy link
Contributor Author

dvob commented Oct 20, 2020
edited
Loading

Since #742 is merged we now have a solution for this problem.
@jonjohnsonjr Shall I close this issue or would you like to keep it open for a potential allow-nondistributable-artificats option?

@jonjohnsonjr
Copy link
Collaborator

Let's close it for now -- if someone wants to add --allow-nondistributable-artifacts, we can open a separate bug.

@dvob dvob mentioned this issue Jan 8, 2021
Closed
@gcheadle-vmware gcheadle-vmware mentioned this issue Jan 28, 2021
Closed
5 tasks
@StevenLocke StevenLocke mentioned this issue Feb 4, 2021
Merged
@imjasonh imjasonh mentioned this issue Feb 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonjohnsonjr @dvob