Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible 401 Unauthorized when base image is referred to by a digest and manifest is cached #2220

Closed
chanseokoh opened this issue Jan 7, 2020 · 1 comment

Comments

@chanseokoh
Copy link
Member

chanseokoh commented Jan 7, 2020

Observed this in #2215.

If the Jib cache is empty, Docker Hub returns 404 (and fail) in the first run. Interestingly, subsequent runs return 401. Worth understanding why.

When a base image is referred to by a digest, we first look into the manifest cache. If the manifest is in the cache, we return it along with no (i.e., null) base image credentials.

    if (buildContext.isOffline() || imageReference.isTagDigest()) {
      Optional<Image> image = getCachedBaseImage();
      if (image.isPresent()) {
        return new ImageAndAuthorization(image.get(), null);
      }

However, if the base image cache is missing some layers (e.g., pulling base image layers failed for some reason after caching the manifest), Jib will go out and try to download the missing layers. But it may fail because we didn't return base image credentials above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants