Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to skopeo copy from multi platform oci-archive to registry. #2463

Open
kaovilai opened this issue Nov 21, 2024 · 11 comments
Open

Unable to skopeo copy from multi platform oci-archive to registry. #2463

kaovilai opened this issue Nov 21, 2024 · 11 comments
Labels
kind/feature A request for, or a PR adding, new functionality

Comments

@kaovilai
Copy link

Came from paketo-buildpacks/builder-jammy-tiny#425

❯ skopeo copy --insecure-policy -a oci-archive:/Users/tiger/git/jammy-tiny-stack/build/run.oci docker://ttl.sh/tiny-jammy:1h
FATA[0000] initializing source oci-archive:/Users/tiger/git/jammy-tiny-stack/build/run.oci:: more than one image in oci, choose an image

dunno way out here..
the archive is multi-platform IIUC.

Originally posted by @kaovilai in #1136
@mtrmac
Copy link
Contributor

mtrmac commented Nov 21, 2024

Thanks for reaching out.

Can you paste the full contents of the index.json file at the root of the archive, maybe formatted with python3 -mjson.tool, please?

The oci-archive:/oci: transports only support some shapes of indices / manifests — as a guess, a multi-platform image directly stored in the OCI format as a top-level index is not supported; it needs to be an index which contains a nested multi-platform image index.

@kaovilai
Copy link
Author

index.json from build/run.oci generated from ./scripts/create.sh in above repo

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.oci.image.index.v1+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 755,
         "digest": "sha256:7e3d4631e9c027d3eb5083b1d261a40235caf7470565d08a741e4072e048fa85",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 755,
         "digest": "sha256:4c58342e4e45fe40e4a51112d497b92fc5af9853af0af2fd4457fbb59d263938",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}

@kaovilai
Copy link
Author

is not supported

not working yet, but never will, or not now but maybe?

@kaovilai
Copy link
Author

If I am presented with an oci archive from a build, do you have any suggestions on how to get it running on macOS?

tl;dr: my root issue is I am unable to run this oci archive with docker run or podman run on macos
containers/podman#24634

And one way is to skopeo copy to remote registry in a way that will allow podman run to work.

@mtrmac
Copy link
Contributor

mtrmac commented Nov 21, 2024

“not now but maybe”.

How was that OCI archive created? Is that some widely-available software?

In general I’d strongly recommend using registries over plain-file archives: using registries means that the redundant/unchanged layers, incl. all of the base image, can be reused instead of copied every single time.

@mtrmac
Copy link
Contributor

mtrmac commented Nov 21, 2024

as a guess, a multi-platform image directly stored in the OCI format as a top-level index is not supported

For the record, yes, this is the case here.

@kaovilai
Copy link
Author

kaovilai commented Nov 21, 2024
edited
Loading

How was that OCI archive created?

from ./scripts/create.sh in #2463 (comment) repo

This dockerfile essentially.
https://github.com/paketo-buildpacks/jammy-tiny-stack/blob/main/stack/run/run.Dockerfile

Paketo Buildpacks

Paketo are Modular Buildpacks written in Go that leverage and contribute to the Cloud Native Buildpacks framework. They provide different packaging flavors for different kind of systems, written using different programming languages, for different purposes.

A customized CNCF Buildpacks essentially.

blogpost about paketo buildpacks

I would not claim to know the details of how buildpacks work.. but I am trying to fix false positive CVE and testing if the scanners no longer report false positive.

@kaovilai
Copy link
Author

I’d strongly recommend using registries over plain-file archives

not my choice, it's not meant to be used this way tho. these archive would eventually push to https://hub.docker.com/r/paketobuildpacks/run

@kaovilai
Copy link
Author

Seems like oci archive is required by jam CLI, which they used in the script. I think it's not going be an easy suggestion to purely rely on registries.

@kaovilai
Copy link
Author

kaovilai commented Nov 21, 2024
edited
Loading

paketobuildpacks are part of the linux foundation with over 10M docker pulls on the run image alone.

https://hub.docker.com/search?q=paketobuildpacks shows other more popular buildpacks one of which has over 50M pulls

So I hope that it's considered widely-available software

@kaovilai
Copy link
Author

Looks like docker import command works.. and I was able to supposedly push something to ttl.sh

@mtrmac mtrmac added the kind/feature A request for, or a PR adding, new functionality label Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature A request for, or a PR adding, new functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mtrmac @kaovilai