Comments (12)
Hmm, strange. I tested v2.0.0-beta.0 with GCR, but my normal test image uses repos not tags for differentiating the platforms. I'll have to test with tags in case that changes behavior in some way.
Just tried again to make sure:
$ ./manifest-tool --version
./manifest-tool version 2.0.0-beta.0 (commit: ff5aefe0f43b89efc21373c5514ef98a62c63e8a)
[long push from-args command]
.... response.status="201 Created" size=966 url="https://gcr.io/v2/[REDACTED]/alpine/manifests/latest"
Digest: sha256:493661ff8ba145bbe641dc56c6da3071b7761dbb22cd42fdf15b31b6f170eaa8 966
from manifest-tool.
Any chance you've been able to try this again? Especially now that maybe you are using v2 :) I have never been able to reproduce an issue pushing to GCR.
from manifest-tool.
from manifest-tool.
Just released v2.0.0 and it seems to be working fine with GCR in my tests. Going to close this for now but feel free to re-open if you are able to reproduce.
from manifest-tool.
I'm baaaaaack
platforms=$(echo linux/amd64 linux/arm linux/arm64 linux/ppc64le linux/s390x | sed 's/ /,/g'); \
manifest-tool \
--username=oauth2accesstoken \
--password=$(gcloud auth print-access-token) \
push from-args \
--platforms "$platforms" \
--template gcr.io/k8s-staging-git-sync/git-sync:v3.5.0__OS_ARCH \
--target gcr.io/k8s-staging-git-sync/git-sync:v3.5.0
FATA[0004] Error pushing manifest list/index to registry: sha256:98821a216b62b6ee5dccdc2682c87f85d64e905d61872d0ab19073f9c4463623: failed commit on ref "manifest-sha256:6850b0792b249e2562a2b622e1938cb35747174030aef27d5274319811d9f150": cannot reuse body, request must be retried
I have no idea where to even start
from manifest-tool.
FWIW manifest-tool 1.0.3 still works:
platforms=$(echo linux/amd64 linux/arm linux/arm64 linux/ppc64le linux/s390x | sed 's/ /,/g'); \
manifest-tool \
--username=oauth2accesstoken \
--password=$(gcloud auth print-access-token) \
push from-args \
--platforms "$platforms" \
--template gcr.io/k8s-staging-git-sync/git-sync:v3.5.0__OS_ARCH \
--target gcr.io/k8s-staging-git-sync/git-sync:v3.5.0
Digest: sha256:d16f5b2bca94cdbb4e40b256bfe639450a6f0577dbd8b3fcaf126a2261822fcd 1665
from manifest-tool.
You may not be alone; looks like this might be a codepath my testing just isn't hitting (and we have a recent report in containerd proper as well); also #156 (comment)
In the #156 issue, I see a 404 response that my tries with Quay aren't getting, and that potentially is trying to reuse the body on the response asking for auth? Need to dig deeper now that it doesn't seem to be a random one-off.
from manifest-tool.
from manifest-tool.
Thanks; just found a reproduce scenario and found that, aside from the fact containerd is working on fixing the "body reuse" problem, there is a different flow of registry interaction when the source repos are != target repo (e.g. use "names" not "tags" to differentiate OS/arch).
When all source images are in the same repo namespace as the target manifest list, that flow ends in a 404 existence check on the final target name:tag
which appears to cause a 401 Unauthorized
, which leads to the retry with same body error in the auth flow. Digging into that now; I think it's related to registry token scopes (which are set at the library/auth level, not in my code, but need to find out why it's causing different behavior)
from manifest-tool.
Not sure if you have the chance to test the changes in #159, but I'm 99% convinced this will workaround the issue until containerd has a solution to the req/resp retry with a 401. I've verified it fixes the same issue hit on Quay. Interestingly it requires that you have a public repo for all the sources; if your repo is private or any of the sources come from a private repo, then you don't hit the bug as the 401 auth challenge comes during a "fetch" which means you don't get the body reuse error.
from manifest-tool.
from manifest-tool.
from manifest-tool.
Related Issues (20)
- Provide a way to add a tag to an existing image HOT 2
- Push support for types.OCI HOT 5
- FR: add `ocify` to convert between OCI and Docker mediaTypes
- unsupported os/arch or os/arch/variant combination: linux/amd64/v8 HOT 5
- `invalid character 'c' looking for beginning of value ` HOT 1
- Nexus Docker Registry not support. HOT 2
- Error pushing manifest list/index HOT 8
- Image doesnt include docker-credential-ecr-login for AWS credential helper HOT 4
- Cannot include an image in a manifest list/index which is already a multi-platform image HOT 6
- New release for Golang CVE HOT 9
- Scope issue on push with multiple sub-repositories in GCR HOT 10
- [request] Support cred helpers in the mplatform/manifest-tool container HOT 5
- [feature request] allow to display OCI image manifest HOT 1
- --raw flag doesn't show the same data as non-raw output HOT 2
- I
- manifest-tool can't merge images with buildit attestation enabled: Cannot include an image in a manifest list/index which is already a multi-platform image HOT 3
- github.com/docker/docker/cli/config no longer exists, but is used by v2/cmd/manifest-tool/main.go HOT 2
- Guide or Usage for AWS Private ECR HOT 4
- `manifest-tool -v` return 2.1.2 on instead 2.1.3
- Multiple targets HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from manifest-tool.