ancaantochi
commented
3 years ago Thanks for reporting this, it looks like the regex is not handling repo/image:tag@digest
Open alaendle opened 3 years ago
ancaantochi
commented
3 years ago Thanks for reporting this, it looks like the regex is not handling repo/image:tag@digest
github-actions[bot]
commented
3 years ago This issue is being marked as stale because it has been open for 30 days with no activity.
onalante-msft
commented
3 years ago This is definitely a bug as far as the parsing is concerned, since in the image-with-digest case the digest is considered part of the image capturing group. However, I believe Docker does not distinguish between digest-only and tag-and-digest for image creation; digest always seems to be taken as the image selector if present, regardless of whether the human-readable tag exists in the repository.
alaendle
commented
3 years ago @onalante-msft you are absolutly right with "Docker does not distinguish between digest-only and tag-and-digest for image creation; digest always seems to be taken as the image selector if present". However I still believe it is still valuable to be able to refer both in a deployment manifest - the ":tag@digest" notation has a value: it provides a way to know what that digest is for humans, just like a comment. So I really hope you would also allow this notation (the current PR seems to forbid this).
Please note that also tools other than the docker cli allow the ":tag@digest" notation (e.g. https://github.com/containers/podman/issues/6721, https://github.com/containers/buildah/issues/3331, https://github.com/cri-o/cri-o/issues/2351) - maybe this convinces 😃
onalante-msft
commented
3 years ago Oh, I was not aware that :tag@digest was standard practice. Thank you for pointing it out! I will update the pull request to allow for this.
onalante-msft
commented
3 years ago An update: for now, I will have to pare back the pull request to only fix the bug wherein the digest is included in the image name. It will take some additional coordination to fully support this style of image references. For now, you shouldâ„¢ be able to specify image digests in settings.digest alongside the tag in settings.image.
Thank you for your patience!
At the moment pulling is only possible by tag or digest.
https://github.com/Azure/iotedge/blob/436fab9854830d3cdc0315d46d8a1e59fc6279f1/edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Docker/DockerConfig.cs#L18
By looking at the regex it seems to be coincidence that a reference in the form of
repo/image@sha256:abc...defis considered valid - because@sha256is parsed as part of the image name and only the hash value is considered as a tag. Nonetheless it is working 😉However the form of
repo/image:tag@digestshould also be recognized as a valid reference.E.g. something like
should be accepted.
Please note that this already works (maybe by accident) if the tag is removed:
But for documentation and maintenance purposes the tag would be a very valuable information inside the reference.
Please let me know if I was unclear or if you need additional information.