Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid manifest for docker.io/python:3.11, docker.io/python:3.12 #953

Closed
thomoe opened this issue Aug 22, 2024 · 2 comments
Closed

Invalid manifest for docker.io/python:3.11, docker.io/python:3.12 #953

thomoe opened this issue Aug 22, 2024 · 2 comments

Comments

@thomoe
Copy link

thomoe commented Aug 22, 2024

I ran skopeo inspect --raw docker://docker.io/python:3.11 and attached the output to this issue.

According to the image index for the multi-arch image docker.io/python:3.11, the media type is mediaType: application/vnd.oci.image.index.v1+json

According to the OCI Image Index Specification, this permits the individual images to specify mediaType to be either application/vnd.oci.image.manifest.v1+json or application/vnd.oci.image.index.v1+json. However, both windows images specify the in this context invalid mediaType: application/vnd.docker.distribution.manifest.v2+json

This leads to some container registries (e.g. Quay) rejecting the image when trying to push it due to validation failure. The same issue occurs with python:12 as well, but not with python:10 (which does not support windows in the multiarch-image)

{
  "manifests": [
    {
      ....
      "digest": "sha256:babe9176d3f1d4296f983786e53627dc91d873be83947e93998d44ce1560902e",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      }
      ...
    },
    ...
    {
      ...
      "digest": "sha256:71d7cf7bf3ecde400d3afa6856c6093bab0a38f96ae0b4690a4248676aa312bc",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "amd64",
        "os": "windows",
        "os.version": "10.0.20348.2655"
      },
      ...
    },
    {
      ....
      "digest": "sha256:f7e05530967f6e8295a699148967d777c27278f4214df6860d66d7448a4fe964",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "amd64",
        "os": "windows",
        "os.version": "10.0.17763.6189"
      }
      ...
    }
  ],
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "schemaVersion": 2
}

docker_io_python_3_11.json
quay_failed_push.log

@tianon
Copy link
Member

tianon commented Aug 22, 2024

The image specification doesn't say this is invalid, only that it might cause portability issues (see opencontainers/image-spec#1150 for a much longer discussion around that).

Unfortunately, this is something we can't really "fix" right now -- the Windows images currently have to be built with Docker's "classic" builder, so they are going to be Docker media types for the foreseeable future. If this is a major blocker for some workflow you've got and you don't actually need Windows support, I would suggest choosing an explicitly Linux-only tag such as python:3.11-bookworm (which is one of the components that goes into the python:3.11 "shared" tag).

@thomoe
Copy link
Author

thomoe commented Aug 23, 2024

Thanks Tianon for your feedback and the linked reference. That should help on our side! I'll close the issue for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants