fix: Podman image inspect digest for local images#4298
Open
mihalyr wants to merge 1 commit intoGoogleContainerTools:masterfrom
Open
fix: Podman image inspect digest for local images#4298mihalyr wants to merge 1 commit intoGoogleContainerTools:masterfrom
mihalyr wants to merge 1 commit intoGoogleContainerTools:masterfrom
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
When using `docker://` prefix to use a base image from the local docker
daemon, Jib expects the `{{.Id}}` field from the `docker image inspect`
output to contain a valid image digest prefixed with `sha256:`. However,
with Podman this is not the case and such builds fail with an "Invalid
digest" exception, because Podman returns only the 64-char hash value in
the `{{.Id}}` field without the `sha256:` prefix.
`CliDockerClient` already has the functionality to deal with the hashes
without the `sha256:` prefix. A new method, `fromDigestOrgHash` has
beend added to `DescriptorDigest` which first checks for the digest
prefix and then checks for the hash. This allows full backwards
compatibility and accepts the Podman version of the image Ids.
mihalyr
force-pushed
the
jib-podman-digest-fix
branch
from
bb58dbc to
a3689c7
Compare
|
In my company, we also need this fix. For security reasons, we have to use podman instead of docker. |
|
Hey folks, I just ran into this issue as well in Quarkus. Is there any chance we can get a fix? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When using
docker://prefix to use a base image from the local docker daemon, Jib expects the{{.Id}}field from thedocker image inspectoutput to contain a valid image digest prefixed withsha256:. However, with Podman this is not the case and such builds fail with an "Invalid digest" exception, because Podman returns only the 64-char hash value in the{{.Id}}field without thesha256:prefix.CliDockerClientalready has the functionality to deal with the hashes without thesha256:prefix. A new method,fromDigestOrgHashhas beend added toDescriptorDigestwhich first checks for the digest prefix and then checks for the hash. This allows full backwards compatibility and accepts the Podman version of the image Ids.Fixes #4134 🛠️