Closed p5 closed 1 month ago
@giuseppe @mtrmac PTAL
That seems likely a time costly issue for users building multi-compression manifests.
Cc: @rhatdan
That seems likely a time costly issue for users building multi-compression manifests.
isn't it just a visualization issue or am I missing something?
@mtrmac is there any reason why we are hardcoding manifest.DockerV2ListMediaType
for manifest inspect?
Dropping the hardcode value is enough to print the annotations.
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index 144740ec8..82d300192 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -189,7 +189,7 @@ func (ir *ImageEngine) remoteManifestInspect(ctx context.Context, name string, o
if err != nil {
return nil, fmt.Errorf("parsing manifest blob %q as a %q: %w", string(result), manType, err)
}
- list, err := listBlob.ConvertToMIMEType(manifest.DockerV2ListMediaType)
+ list, err := listBlob.ConvertToMIMEType(manType)
if err != nil {
return nil, err
}
(I didn’t know Podman has this feature…)
History points at https://github.com/containers/podman/pull/7735#discussion_r496156316 for motivation; the https://github.com/containers/podman/commit/7ac8000cc1 commit, also, points out the existence of https://github.com/containers/podman/blob/3b07ae4557dcffc75fc4168c5355ace06bd0e822/pkg/api/handlers/libpod/manifests.go#L200 originally relying on the manifest inspect using a schema2 format … now using a misleading variable name.
AFAICT the local Podman variant doesn’t care / doesn’t say one way or the other about the output, the data is just a blob that is printed to stdout, and the man page doesn’t document anything about it.
In the remote Podman case, the data is clearly expected to be libimage/define.ManifestListData
— both on the client and the server side, although confusingly using schema2 variable names in places
The local-storage code path in abi
also uses a libimage/define.ManifestListData
, confusingly using schema2 variable names.
So, assuming the “remote-registry inspect” code path is the rarely used one, that one should also return libimage/define.ManifestListData
. That’s not currently available in the libimage
API, but seems doable with a bit of refactoring.
I also think that ImageEngine.ManifestInspect
should be returning define.ManifestListData
instead of a raw (and completely undocumented!) []byte
).
The remote-registry inspect code also seems to be returning data from a non-manifest-list v2s2 images ( https://github.com/containers/podman/pull/8100 ). With a warning, but, still. I don’t know how, if at all, that could fit into the better-typed API. Also note that this is unable to handle non-index OCI images.
My impression is that adding this feature has just been a mistake (note that the remote Podman client can’t unmarshal the returned data), but it might also be a mistake we can’t undo any more. I don’t know.
History points at #7735 (comment) for motivation; the 7ac8000cc1 commit, also, points out the existence of
https://github.com/containers/podman/blob/3b07ae4557dcffc75fc4168c5355ace06bd0e822/pkg/api/handlers/libpod/manifests.go#L200 originally relying on the manifest inspect using a schema2 format … now using a misleading variable name.
The define.ManifestListData attempts to be a union of all of the information that could be expressed in either a Schema 2 or OCI manifest, with the hope that all of its contents, whichever format it's in, will all be preserved across a JSON encoding/decoding cycle. Looking at it again, its Platform
field, at least, doesn't manage to do that, so it isn't there yet.
The remote-registry inspect code also seems to be returning data from a non-manifest-list v2s2 images ( #8100 ). With a warning, but, still. I don’t know how, if at all, that could fit into the better-typed API. Also note that this is unable to handle non-index OCI images.
I think the swagger for the remote API only notes that this returns JSON, but beyond that I don't think it specifies anything about the format that it returns, so the remote path could switch to passing back whatever it received from the registry without even looking at it. If we extend define.ManifestListData
to also include the fields which a non-index contains (Config
and Layers
), that information could even survive being decoded and then re-encoded for display. Granted, none of that would be especially pretty.
My impression is that adding this feature has just been a mistake (note that the remote Podman client can’t unmarshal the returned data), but it might also be a mistake we can’t undo any more. I don’t know.
I will note that I do not enjoy the ambiguity of this "sometimes this looks at a local image, sometimes it doesn't" behavior.
I’m sorry, in “My impression is that adding this feature has just been a mistake” I was referring to podman manifest inspect
returning data about non-multi-platform v2s2 images; I don’t know enough to have any opinion on the “remote inspect” feature in general.
I think the swagger for the remote API only notes that this returns JSON, but beyond that I don't think it specifies anything about the format that it returns, so the remote path could switch to passing back whatever it received from the registry without even looking at it.
(The remote client is using the inspect endpoint (via InspectListData
) to implement ManifestListClear
. That should ideally detect/reject the non-list case. Possible, “not especially pretty”.)
A friendly reminder that this issue had no activity for 30 days.
At the very least the podman-remote manifest inspect
and podman manifest inspect
should return the same data.
Issue Description
Related to discussions in thread
If you run
podman manifest inspect quay.io/giuseppe/zstd-chunked:fedora-manifest
on any remote manifest, you are unable to see the annotations which were added to the zstd:chunked manifest. Compare the output of the following commands:Steps to reproduce the issue
See above.
podman manifest inspect
on the local manifest (and see annotations)podman manifest inspect
on the remote manifest (and see no annotations)Describe the results you received
As above
Describe the results you expected
I would expect
podman manifest inspect
to show all annotations on the manifests, since an annotation is a requirement for zstd images. When runningskopeo inspect --raw
, we can see the annotations, so I expected Podman to return the same.podman info output
Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
Yes
Additional environment details
N/A
Additional information
N/A