Fix for image spec

[runcom]

opencontainers/image-spec#411 removed the MediaType field in Manifest[List] causing builds error here. Fix that by teaching docker v2s2 to convert to OCI and remove that ugly manifest conversion in OCI image destination.

@mtrmac @cyphar PTAL

[runcom]

created a skopeo PR to validate this containers/skopeo#294

[mtrmac]

I very much like moving the conversion to image/; the piece in docker.newImageSource really does not belong there I think, though.

[mtrmac]

This is ugly and suprising for an ImageSource to do (consider a caller who does not expect to use image.Image). Can we instead add the v2s1→OCI conversion? It might well be possible to do by creating a temporary v2s2 memoryImage (using the existing code) and then using the existing v2s2→OCI conversion.

[mtrmac]

(We haven’t supported a v2s1→OCI conversion before, so AFAICT this is not an essential part of this PR.)

[runcom]

makes sense to have v2s1 -> OCI at this point, so yeah, I'll implement this.

[mtrmac]

Considering the failing tests, could we merge a version without that conversion now, and deal with the v2s1→OCI conversion as a separate issue or PR?

[runcom]

sure

[runcom]

wait, tests will fail w/o this mime type check, shall I leave this here?

[mtrmac]

What is the failure / code path?

[runcom]

basic skopeo copy docker://busybox oci:something, we need this to ask for at least v2s2 if we want OCI conversion (since we cannot convert from v2s1 which is the default when the registry doesn't understand the media type, see the comment, the test failure is in skopeo tests)

[mtrmac]

What is the failure / code path?

Let me guess: ociDest.SupportedManifestMIMETypes returns OCI only, and so copy.Image asks for unsupported manifest MIME type, and that gets sent to the registry.

Adding the OCI conversion is the long-term fix.

Short-term, can we:

• move the array from dockerImageDestinationSupportedManifestMIMETypes into a global variable (shared by src and dest)
• in newImageSource, ignore requestedManifestMIMETypes if it has no value common with the known supported MIME types (as defined by the variable from above)?

That’s still kind of a hack, but at least it is conceptually clean: dockerImage* knows what it supports/accepts, and does not need to know about OCI.

[mtrmac]

(*shrug*, if you want to merge it with the existing hack instead, feel free. Just please make sure to file an issue to have this cleaned up in the future.)

[mtrmac]

Is this really necessary to read the config here? It would perhaps be preferable to preserve the ImageSource and pass a nil configBlob, the way manifestOCI1.convertToManifestSchema2 does it.

[mtrmac]

This …NonDistributable conversion is not present in the new conversion code, is that intentional?

[runcom]

I missed it somehow

[runcom]

fixed

[mtrmac]

I am tempted no to try at all… But if we should, I think it would be much cleaner to have the caller supply a mimeType as a parameter than guessing by parsing contents in an unknown format in here.

[runcom]

let's skip this altogether for now and re-iterate on adding an optional mime type, but then, ppl might cheat on mime type as well no?

[mtrmac]

A lying caller will get what is coming to it :)

Right now we do do this wrong, because copy.determineManifestConversion can decide to keep an unsupported type anyway (it is treating SupportedManifestMIMETypes as a best-effort request), and PutManifest isn’t told about that. But we would be sending the correct MIME type to PutManifest if there was a way to do that.

[mtrmac]

Also, docker_schema2.go has (unlike …schema1.go) a reasonable test coverage, and it would be nice to preserve that (the conversions happen frequently enough for users to care but perhaps not frequently enough to prevent us from breaking them without noticing). This should be just a pretty trivial variant of TestConvertToManifestSchema2.

[runcom]

yup, have it on my todo, just wanted to bring this PR up for general consensus on the way I'm fixing this.

[runcom]

@mtrmac PTAL (warning, wrote it really fast just to prove it)

[runcom]

No, wait, we need the conversion, otherwise, the old createManifest in oci_dest.go can't work since OCI isn't defining the MediaType field anymore...

[mtrmac]

I think a map[string]struct{} is more idiomatic, but I really don’t care enough.

[runcom]

arg, that's how it was, then changed my mind, I'll put it back with struct{}

[runcom]

on a second though, I like comparing with just ! - we change this any time though...

[mtrmac]

Sure, whatever works.

[mtrmac]

This is still O(N^2): move the call supportedManifestMIMETypesMap outside the loop, save it in a variable. Then it is O(N).

(Or don’t bother and just write two nested loops. The arrays are small enough.)

[runcom]

This is still O(N^2): move the call supportedManifestMIMETypesMap outside the loop, save it in a variable. Then it is O(N).

silly me, ETOOLATE

[mtrmac]

This would ignore the input value if any value is unrecognized; I think it should ignore input only if all values are unrecognized (so that a caller can say “i prefer v2s1, then OCI, then v2s2 as a last resort”.)

[runcom]

@mtrmac PTAL

[mtrmac]

Thanks! Just a minor nit.

WRT merging, do you want to include #225 in this so that we have a single PR which passes tests and fixes the build?

[mtrmac]

break here, and then it’s more natural to reword as if mts[mtrequested] { EDIT reset = false;break }.

[mtrmac]

(and as long you are changing this) this would benefit from either clearer variable names, or a comment explicitly describing what this loop intends to do. Preferably the former, perhaps naming them supportedMIMEs and acceptableRequestedMIMEs (with the opposite semantics to reset, starting as false).

[mtrmac]

…also, no need for the var() here AFAICS, just use :=. Or does that have an idiomatic meaning?

[runcom]

WRT merging, do you want to include #225 in this so that we have a single PR which passes tests and fixes the build?

yeah, I'll cherry-pick #225 here

[runcom]

@mtrmac I've cherry-picked #225 here and hopefully addressed your comments, PTAL

[mtrmac]

This rejects requestedManifestMIMETypes if any content is unrecognized; shouldn’t it reject them only if none are recognized?

[mtrmac]

(i.e. when reaming reset to acceptableRequestedMIMEs, only the last if was flipped AFAICS.)

[runcom]

I believe I've fixed it now - sorry I'm in a meeting but want to get this in asap to unblock other PRs

[mtrmac]

I was thinking

	supportedMIMEs := supportedManifestMIMETypesMap()
	acceptableRequestedMIMEs := false
	for _, mtrequested := range requestedManifestMIMETypes {
		if supportedMIMEs[mtrequested] {
			acceptableRequestedMIMEs = true
			break
		}
	}
	if !acceptableRequestedMIMEs {
		requestedManifestMIMETypes = manifest.DefaultRequestedManifestMIMETypes
	}

Perhaps I am being an idiot?

[runcom]

fixed and force pushed

[runcom]

another issue just popped up https://travis-ci.org/containers/image/builds/195004166#L346 - perhaps image-spec shouldn't really have a vendor directory at all. Commented here #223

[mtrmac]

another issue just popped up https://travis-ci.org/containers/image/builds/195004166#L346 - perhaps image-spec shouldn't really have a vendor directory at all. Commented here #223

( opencontainers/image-spec#527 , for the record.)

[mtrmac]

👍 pending tests

[runcom]

@mtrmac will we wait till the image-spec-vendor-dir is gone before merging this?

[mtrmac]

@mtrmac will we wait till the image-spec-vendor-dir is gone before merging this?

I dunno, what other options do we have? Just keep our old checkouts on our development machines, and ignore Travis and keep merging other PRs? Ewww.

Or, give up and set up containers/image with our own vendoring mechanism? That would work for us but I worry that it would make it even more difficult for third parties to use the library, as conflicts would inevitably happen.

Is there a chance that the vendoring will be fixed quickly?

[runcom]

Is there a chance that the vendoring will be fixed quickly?

not sure, I hope it'll be really soon

[runcom]

seems like something else in OCI image-spec broke this..

[runcom]

alright, pretty sure I've this sorted out now, @mtrmac PTAL

[mtrmac]

Yay!!

This looks really good, it seems a skopeo revendor will fix everything.

[mtrmac]

This works for now (i.e. at it was perfectly valid a week ago), longer-term we should actually know whether the input is gzipped. Filed #229.

[runcom]

alright let's merge this (and take care of this comment #229 (comment) later)

[runcom]

👍

[mtrmac]

👍