oci_tarball for multiarch image fails with `blobs/json: no such file or directory`

[exp0nge]

bazel: 5.4.1 rules_oci version: 1.7.6 Runtimes:

• M1 Docker with containerd enabled
• Linux/amd64: runc

Snippet of the tarball:

oci_image(
    name = "image-linux_x86_64",
    base = "@bookworm_base_linux_amd64",
    cmd = ["./linux_x86_64"],
    tars = [":tar-linux_x86_64"],
    visibility = ["//visibility:public"],
    workdir = "/",
)

oci_image(
    name = "image-linux_arm64",
    base = "@bookworm_base_linux_arm64_v8",
    cmd = ["./linux_arm64"],
    tars = [":tar-linux_arm64"],
    visibility = ["//visibility:public"],
    workdir = "/",
)

oci_image_index(
    name = "image-multiarch",
    images = [
        ":image-linux_arm64",
        ":image-linux_x86_64",
    ],
)

oci_tarball(
    name = "tarball_multiarch",
    format = "oci",
    image = ":image-multiarch",
    repo_tags = ["multiarch:latest"],
)

This ends up with

❯ bazel run src/app:tarball_multiarch
open /var/lib/docker/tmp/docker-import-1480447137/blobs/json: no such file or directory

Tried directly:

❯ docker load < bazel-bin/src/app/tarball_multiarch/tarball.tar
open /var/lib/docker/tmp/docker-import-2417380582/blobs/json: no such file or directory

[thesayyn]

It's possible that this is already fixed, could try and see if this is present in https://github.com/bazel-contrib/rules_oci/releases/tag/v1.8.0?

[ekhabarov]

Encountered the same issue with the tarball target where format="oci" and image = ":image-index". Tried v1.8.0 but it has another issue #653 at least on Mac M2.

[ekhabarov]

It's possible that this is already fixed, could try and see if this is present in https://github.com/bazel-contrib/rules_oci/releases/tag/v1.8.0?

Tried v1.8.0 without #602, still the same error.

[exp0nge]

It's possible that this is already fixed, could try and see if this is present in https://github.com/bazel-contrib/rules_oci/releases/tag/v1.8.0?

Same error also on v1.8.0

[thesayyn]

Tried v1.8.0 without #602, still the same error.

Are these two related? because #602 is about oci_pull whereas this issue is about oci_tarball.

[ekhabarov]

Tried v1.8.0 without #602, still the same error.

Are these two related? because #602 is about oci_pull whereas this issue is about oci_tarball.

I don't think so. I mentioned it because version upgrade 1.7.6 => 1.8.0 brought a different error. Details are in #653

[chulkilee]

It still fails on the main branch at https://github.com/bazel-contrib/rules_oci/blob/a32f3bfe82464cda39959a6ae24b8ec547c67abc/oci/private/load.sh.tpl#L31

Seems like docker load requires docker-specific metadata which is not present in oci formats.

If docker format itself supports multi-arch images, then probably we have to implement that in rules_oci - probably at oci/private/tarball.sh.tpl

[chulkilee]

docker engine 27.2.0 seems to support loading oci image but I still get the same error.

https://github.com/moby/moby/pull/44833

You can test it by adding followings to examples/multi_architecture_image/BUILD.bazel and run bazel run //examples/multi_architecture_image:load

oci_load(
    name = "load",
    image = ":index",
    repo_tags = ["my-repository:latest"],
    format = "oci",
)

[thesayyn]

Docker by default does not support loading oci tarballs into the daemon, that's probably what you are seeing here. Please make sure that you enabled containerd image store experiment if you are using docker.

https://docs.docker.com/desktop/containerd/

[thesayyn]

This issue is now a documentation issue. Need to mention enabling containerd image store.

[exp0nge]

This issue is now a documentation issue. Need to mention enabling containerd image store.

I reported this issue and used containerd in darwin/arm64 and runc debian/amd64. Has it been fixed when using containerd?