-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI: ubi8 considered harmful (the "0x3c" bug) #16695
Comments
A friendly reminder that this issue had no activity for 30 days. |
Well, quay.io has been pretty bad the last two weeks, but I have hopes that it will recover after the holidays. Filed #17017. |
Red Hat registry is too unreliable. (As of this writing in January 2023, quay.io is not much better, but this is a new flake. Ubi has been flaking for a year or more). Instead of UBI, use the new systemd-image added to system tests in containers#16814. Since this reduces the number of cached images, a few unrelated tests (image count) need to be tweaked. And, sigh, Fedora systemd colorizes boot messages by default, causing a failure where we don't see an expected Reached Target message. I don't want to rely on ASCII formatting codes, so I've updated the build-systemd-image script so it disables systemd colors, and have built a new systemd-image:20230106. Made a few small usability improvements to the script as well. Closes: containers#16695 Signed-off-by: Ed Santiago <[email protected]>
The "unrecognized signature format, starting with binary 0x3c" error message in Podman usually occurs when you try to pull an image that is not a valid Docker or OCI (Open Container Initiative) image. The error message indicates that Podman is interpreting the image as an HTML file, which is not a valid container image format. To fix this issue, you should check the image source and ensure that it is a valid Docker or OCI image. Here are some steps you can take to troubleshoot the issue: Check the image source: Make sure that you are pulling the image from a valid container image registry, such as Docker Hub or Quay.io. Corrupted or incomplete image or container file: If the file you are trying to load is corrupted or incomplete, it may not be recognized by Podman. Try downloading the file again or verifying that it is not corrupted. Verify the image format: Check that the image format is a valid Docker or OCI image format. You can verify the image format by downloading the image using curl and checking its file type. For example, the following command downloads the "nginx" image from Docker Hub and checks its file type. The output should indicate that the file type is a Docker image or OCI image, depending on the format of the image. File encoding issue: If the file you are trying to load has a different encoding than expected, this could also cause the error. Try converting the file to the correct encoding before running the podman load command. Use the correct command: If you are trying to pull an image from a non-standard registry or using a different image format, you may need to use a different command to pull the image. For example, you can use the skopeo command to pull images from non-standard registries or in different image formats. This copies the image from the private registry to the local file system in the dir directory. By following these steps, you can troubleshoot the "unrecognized signature format" error message in Podman and ensure that you are pulling valid container images. Configuring Linux container tools to check image signatures: The Linux container tools (Podman, Skopeo, and Buildah) have built-in support for detached signatures, as well as the CRI-O container engine from Kubernetes and the Red Hat OpenShift Container Platform. https://developers.redhat.com/blog/2019/10/29/verifying-signatures-of-red-hat-container-images Check the image signature: If the image file is signed, check the signature to ensure that it is valid and matches the image file. Podman uses GPG (GNU Privacy Guard) signatures to verify the authenticity of signed images. You can use the podman trust inspect command to check the signature status of an image. Use a different image source: If none of the above solutions work, try using a different image source or registry to obtain the image. The issue may be related to a specific registry or image file, and switching to a different source may help to resolve the problem. |
@MehdiSellamiAdministrator thanks for taking the time to follow up with helpful advice. Unfortunately, in this case, none of that is applicable: the error we were seeing was a flake, meaning, exactly the same command will fail in nondeterministic, seemingly random ways. My recollection was that the failures were time-dependent, such that multiple independent tests would fail at close times; this strongly suggests a problem with the registry itself. That is beyond our control. |
The redhat registry is unreliable. We see these flakes in podman frequently:
We already fixed buildah to not use it. And we keep adding workarounds elsewhere for registry bugs. It's time to just give up.
Some recent failure logs:
int podman fedora-36 root container: unknown failure
int podman fedora-37 rootless host: unknown failure
The text was updated successfully, but these errors were encountered: