Comments (4)
xelalexv
commented on June 8, 2024
@voje Great find! Thanks for taking the time to investigate & report this!
Workaround: use registry.hub.docker.com instead of docker.io. This does not get shortened.
For the issue itself, I'm afraid it is a bit more involved: Image references from docker.io/library are even shortened to just the image name, e.g. docker.io/library/busybox, is shortened to just busybox. I think the more or less cleanest way to fix this would be to canonicalize image references in the match function in docker.go:
--- a/internal/pkg/relays/docker/docker.go
+++ b/internal/pkg/relays/docker/docker.go
@@ -13,6 +13,7 @@ import (
"strings"
"time"
+ "github.com/docker/distribution/reference"
"github.com/docker/docker/api/types"
"github.com/docker/docker/client"
"github.com/docker/docker/pkg/jsonmessage"
@@ -146,7 +147,11 @@ func (dc *dockerClient) listImages(ref string) ([]*image, error) {
for _, img := range imgs {
var i *image
for _, rt := range img.RepoTags {
- if match(fRepo, fPath, fTag, rt) {
+ matched, err := match(fRepo, fPath, fTag, rt)
+ if err != nil {
+ return ret, err
+ }
+ if matched {
repo, path, tag := SplitRef(rt)
if i == nil {
i = &image{
@@ -168,11 +173,15 @@ func (dc *dockerClient) listImages(ref string) ([]*image, error) {
}
//
-func match(filterRepo, filterPath, filterTag, ref string) bool {
- repo, path, tag := SplitRef(ref)
+func match(filterRepo, filterPath, filterTag, ref string) (bool, error) {
+ refCanon, err := reference.ParseAnyReference(ref)
+ if err != nil {
+ return false, fmt.Errorf("malformed image ref: %v\n", err)
+ }
+ repo, path, tag := SplitRef(refCanon.String())
return (filterRepo == "" || filterRepo == repo) &&
(filterPath == "" || filterPath == path) &&
- (filterTag == "" || filterTag == tag)
+ (filterTag == "" || filterTag == tag), nil
}
//However, there is a caveat: It is impossible to distinguish between a shortened docker.io image ref and the ref to a purely local image. E.g. if you build a local image busybox, then that would get canonicalized to docker.io/library/busybox, and clash with the genuine image. Currently, I don't see any solution for this, other than adding an according notice in the documentation, e.g. "don't use your Docker relay for building local images". Given that I'm thinking about deprecating the Docker relay anyway (Skopeo is the better relay), that may be appropriate. Any thoughts?
BTW, the Skopeo relay is not affected by this issue.
from dregsy.
voje
commented on June 8, 2024
I see the problem with local images.
I'm mainly using the Skopeo relay, but wanted to have a safe backup with no dependencies (apart from Docker) and the Docker relay offers exactly that.
Your fix is clearly better than mine, so I'm closing the pull request.
from dregsy.
xelalexv
commented on June 8, 2024
@voje If you have the time, could you validate the fix? I would then close the issue. Thanks again for reporting this!
from dregsy.
xelalexv
commented on June 8, 2024
I haven't encountered any further problems with this, so closing. Please reopen if any issues remain.
from dregsy.
Related Issues (20)
- Can't use ECR without auth-refresh HOT 2
- Error syncing entire namespace HOT 9
- Allow use of skopeo's `sync` command instead of `copy` HOT 9
- Add command line flag to limit tasks HOT 4
- Support ECR public HOT 8
- Build failures on non-linux platforms HOT 1
- Add option to enable image scan on push when creating ECR repo HOT 1
- Support parallel tasks HOT 2
- Repo name duplication when using wildcards HOT 5
- unexpected end of JSON input HOT 2
- Ignore immutable registry errors when source image changed with a flag or configuration HOT 1
- Support string filtering on top of semver tag filtering HOT 9
- Build Skopeo binary as part of dregsy build HOT 1
- No output from skopeo, even with increased logging HOT 2
- unauthorized to list catalog HOT 2
- Update ubuntu sha256 to mitigate High security findings HOT 1
- GCP auth per target and source HOT 2
- [feat req/debate] adding support for image digests with the skopeo relay HOT 8
- exit status 1 when pushing to GAR HOT 3
- platform architecture destination tag labeling HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dregsy.