Open alaendle opened 3 years ago
Thanks for reporting this, it looks like the regex is not handling repo/image:tag@digest
This issue is being marked as stale because it has been open for 30 days with no activity.
This is definitely a bug as far as the parsing is concerned, since in the image-with-digest case the digest is considered part of the image
capturing group. However, I believe Docker does not distinguish between digest-only and tag-and-digest for image creation; digest always seems to be taken as the image selector if present, regardless of whether the human-readable tag exists in the repository.
@onalante-msft you are absolutly right with "Docker does not distinguish between digest-only and tag-and-digest for image creation; digest always seems to be taken as the image selector if present". However I still believe it is still valuable to be able to refer both in a deployment manifest - the ":tag@digest" notation has a value: it provides a way to know what that digest is for humans, just like a comment. So I really hope you would also allow this notation (the current PR seems to forbid this).
Please note that also tools other than the docker cli allow the ":tag@digest" notation (e.g. https://github.com/containers/podman/issues/6721, https://github.com/containers/buildah/issues/3331, https://github.com/cri-o/cri-o/issues/2351) - maybe this convinces 😃
Oh, I was not aware that :tag@digest
was standard practice. Thank you for pointing it out! I will update the pull request to allow for this.
An update: for now, I will have to pare back the pull request to only fix the bug wherein the digest is included in the image name. It will take some additional coordination to fully support this style of image references. For now, you shouldâ„¢ be able to specify image digests in settings.digest
alongside the tag in settings.image
.
Thank you for your patience!
At the moment pulling is only possible by tag or digest.
https://github.com/Azure/iotedge/blob/436fab9854830d3cdc0315d46d8a1e59fc6279f1/edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Docker/DockerConfig.cs#L18
By looking at the regex it seems to be coincidence that a reference in the form of
repo/image@sha256:abc...def
is considered valid - because@sha256
is parsed as part of the image name and only the hash value is considered as a tag. Nonetheless it is working 😉However the form of
repo/image:tag@digest
should also be recognized as a valid reference.E.g. something like
should be accepted.
Please note that this already works (maybe by accident) if the tag is removed:
But for documentation and maintenance purposes the tag would be a very valuable information inside the reference.
Please let me know if I was unclear or if you need additional information.