search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
22.38k stars 2.31k forks source link

unsupported image-specific operation on artifact with type "application/vnd.devcontainers" #22738

Closed GongT closed 1 month ago

GongT commented 1 month ago

Steps to reproduce the issue

podman pull ghcr.io/devcontainers/features/conda:1

Describe the results you received

Error: parsing image configuration: unsupported image-specific operation on artifact with type "application/vnd.devcontainers"

Describe the results you expected

It should download image

podman info output

host:
  arch: amd64
  buildahVersion: 1.33.7
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc39.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 98.43
    systemPercent: 0.24
    userPercent: 1.33
  cpus: 24
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    version: "39"
  eventLogger: journald
  freeLocks: 2041
  hostname: developmentenvironment
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.8.6-200.fc39.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 3950497792
  memTotal: 135008804864
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-1.fc39.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-1.fc39.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.4-1.fc39.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.4
      commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
      rundir: /run/user/0/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 5510017024
  swapTotal: 8589930496
  uptime: 570h 26m 19.00s (Approximately 23.75 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
    overlay.skip_mount_home: "true"
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 300001787904
  graphRootUsed: 65450557440
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 137
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.9.4
  Built: 1711445992
  BuiltTime: Tue Mar 26 17:39:52 2024
  GitCommit: ""
  GoVersion: go1.21.8
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4

Podman in a container

Yes

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

Fedora release 39

verbose log INFO[0000] /usr/bin/podman filtering at log level debug DEBU[0000] Called pull.PersistentPreRunE(/usr/bin/podman --log-level=debug pull ghcr.io/devcontainers/features/conda:1) DEBU[0000] Using conmon: "/usr/bin/conmon" INFO[0000] Using boltdb as database backend DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db DEBU[0000] Using graph driver overlay DEBU[0000] Using graph root /var/lib/containers/storage DEBU[0000] Using run root /run/containers/storage DEBU[0000] Using static dir /var/lib/containers/storage/libpod DEBU[0000] Using tmp dir /run/libpod DEBU[0000] Using volume path /var/lib/containers/storage/volumes DEBU[0000] Using transient store: false DEBU[0000] [graphdriver] trying provided driver "overlay" DEBU[0000] overlay: skip_mount_home=true DEBU[0000] Cached value indicated that overlay is supported DEBU[0000] Cached value indicated that overlay is supported DEBU[0000] Cached value indicated that metacopy is not being used DEBU[0000] Cached value indicated that native-diff is not being used INFO[0000] Not using native diff for overlay, this may cause degraded performance for building images: failed to mount overlay: invalid argument DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false DEBU[0000] Initializing event backend journald DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument DEBU[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument DEBU[0000] Using OCI runtime "/usr/bin/crun" INFO[0000] Setting parallel job count to 73 DEBU[0000] Pulling image ghcr.io/devcontainers/features/conda:1 (policy: always) DEBU[0000] Looking up image "ghcr.io/devcontainers/features/conda:1" in local containers storage DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] } DEBU[0000] Trying "ghcr.io/devcontainers/features/conda:1" ... DEBU[0000] reference "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1" does not resolve to an image ID DEBU[0000] Trying "ghcr.io/devcontainers/features/conda:1" ... DEBU[0000] reference "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1" does not resolve to an image ID DEBU[0000] Trying "ghcr.io/devcontainers/features/conda:1" ... DEBU[0000] Loading registries configuration "/etc/containers/registries.conf" DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf" DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] } DEBU[0000] Attempting to pull candidate ghcr.io/devcontainers/features/conda:1 for ghcr.io/devcontainers/features/conda:1 DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1" Trying to pull ghcr.io/devcontainers/features/conda:1... DEBU[0000] Copying source image //ghcr.io/devcontainers/features/conda:1 to destination image [overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1 DEBU[0000] Using registries.d directory /etc/containers/registries.d DEBU[0000] Trying to access "ghcr.io/devcontainers/features/conda:1" DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /run/user/0/containers/auth.json DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /root/.config/containers/auth.json DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /root/.docker/config.json DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /root/.dockercfg DEBU[0000] No credentials for ghcr.io/devcontainers/features/conda found DEBU[0000] No signature storage configuration found for ghcr.io/devcontainers/features/conda:1, using built-in default file:///var/lib/containers/sigstore DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/ghcr.io DEBU[0000] GET https://ghcr.io/v2/ DEBU[0000] Ping https://ghcr.io/v2/ status 401 DEBU[0000] GET https://ghcr.io/token?scope=repository%3Adevcontainers%2Ffeatures%2Fconda%3Apull&service=ghcr.io DEBU[0001] Increasing token expiration to: 60 seconds DEBU[0001] GET https://ghcr.io/v2/devcontainers/features/conda/manifests/1 DEBU[0001] Content-Type from manifest GET is "application/vnd.oci.image.manifest.v1+json" DEBU[0001] Using SQLite blob info cache at /var/lib/containers/cache/blob-info-cache-v1.sqlite DEBU[0001] IsRunningImageAllowed for image docker:ghcr.io/devcontainers/features/conda:1 DEBU[0001] Using default policy section DEBU[0001] Requirement 0: allowed DEBU[0001] Overall: allowed DEBU[0001] Error pulling candidate ghcr.io/devcontainers/features/conda:1: parsing image configuration: unsupported image-specific operation on artifact with type "application/vnd.devcontainers" Error: parsing image configuration: unsupported image-specific operation on artifact with type "application/vnd.devcontainers" DEBU[0001] Shutting down engines

Additional information

No response

Luap99 commented 1 month ago

This is not a normal container image

skopeo inspect --raw docker://ghcr.io/devcontainers/features/conda:1 | jq
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.devcontainers",
    "digest": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "size": 0
  },
  "layers": [
    {
      "mediaType": "application/vnd.devcontainers.layer.v1+tar",
      "digest": "sha256:9691467c3f90b1948494f54e16ec3a85830850f4119c4480f766853a3a1dedab",
      "size": 14848,
      "annotations": {
        "org.opencontainers.image.title": "devcontainer-feature-conda.tgz"
      }
    }
  ],
  "annotations": {
    "com.github.package.type": "devcontainer_feature"
  }
}

This seems to be OCI artifact and as such cannot be used as regular image, thee is no way to know how to extract this, Looking at https://containers.dev/implementors/features-distribution/#oci-registry this is not intended to be a normal image so you should not try to pull it like this.