search

crazy-max / diun

Receive notifications when an image is updated on a Docker registry
https://crazymax.dev/diun/
MIT License
3.08k stars 115 forks source link

Unable to check images hosted at ghcr (TLS handshake error) #849

Closed glitchcrab closed 1 year ago

glitchcrab commented 1 year ago

Behaviour

Steps to reproduce this issue

  1. Run a container which is hosted on ghcr. e.g. ghcr.io/crazy-max/diun:4.24.0

Expected behaviour

Images hosted in ghcr should be checked as expected.

Actual behaviour

Diun fails to open a TLS connection when getting the manifest:

Wed, 26 Apr 2023 13:00:14 CEST WRN Cannot get remote manifest error="Cannot inspect: Get \"https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:bbfeeba32adb8a2c17d4d7d65c7414f41a3a2e3a67565e8b357758aeef47acee?se=2023-04-26T11%3A10%3A00Z&sig=mlZbaiOO4u%2BgGJxtQKU4baZH9RxsJ6YghKPpzkyCEO0%3D&sp=r&spr=https&sr=b&sv=2019-12-12\": net/http: TLS handshake timeout" image=ghcr.io/crazy-max/diun:4.24.0 provider=docker
Wed, 26 Apr 2023 13:00:15 CEST WRN Cannot get remote manifest error="Cannot inspect: Get \"https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:b38f7cd5027d250ff6ee80ee989aacfa9c33e6ab1d6ddbe820a5cd744fa5d883?se=2023-04-26T11%3A10%3A00Z&sig=%2FQF2aJ7FUP9Z%2BCcoyfMyTpiYf%2FtaLhB73KAzyywgBDU%3D&sp=r&spr=https&sr=b&sv=2019-12-12\": net/http: TLS handshake timeout" image=ghcr.io/paperless-ngx/paperless-ngx:1.13.0 provider=docker

Configuration

notif:
  script:
    cmd: "/notify.sh"

providers:
  docker:
    watchByDefault: true
    watchStopped: false

watch:
  jitter: 30s
  schedule: "0 * * * *"

Logs

As above:

Wed, 26 Apr 2023 13:00:14 CEST WRN Cannot get remote manifest error="Cannot inspect: Get \"https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:bbfeeba32adb8a2c17d4d7d65c7414f41a3a2e3a67565e8b357758aeef47acee?se=2023-04-26T11%3A10%3A00Z&sig=mlZbaiOO4u%2BgGJxtQKU4baZH9RxsJ6YghKPpzkyCEO0%3D&sp=r&spr=https&sr=b&sv=2019-12-12\": net/http: TLS handshake timeout" image=ghcr.io/crazy-max/diun:4.24.0 provider=docker
Wed, 26 Apr 2023 13:00:15 CEST WRN Cannot get remote manifest error="Cannot inspect: Get \"https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:b38f7cd5027d250ff6ee80ee989aacfa9c33e6ab1d6ddbe820a5cd744fa5d883?se=2023-04-26T11%3A10%3A00Z&sig=%2FQF2aJ7FUP9Z%2BCcoyfMyTpiYf%2FtaLhB73KAzyywgBDU%3D&sp=r&spr=https&sr=b&sv=2019-12-12\": net/http: TLS handshake timeout" image=ghcr.io/paperless-ngx/paperless-ngx:1.13.0 provider=docker
glitchcrab commented 1 year ago

Weirdly I get a 403 when trying to curl the manifest URL, however it's a public repo so I don't see why this is happening:

# curl -L "https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:b38f7cd5027d250ff6ee80ee989aacfa9c33e6ab1d6ddbe820a5cd744fa5d883?se=2023-04-26T11%3A10%3A00Z&sig=%2FQF2aJ7FUP9Z%2BCcoyfMyTpiYf%2FtaLhB73KAzyywgBDU%3D&sp=r&spr=https&sr=b&sv=2019-12-12"
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:c10c2f35-f01e-00eb-4f30-783df8000000
Time:2023-04-26T11:17:42.4744546Z</Message><AuthenticationErrorDetail>Signed expiry time [Wed, 26 Apr 2023 11:10:00 GMT] must be after signed start time [Wed, 26 Apr 2023 11:17:42 GMT]</AuthenticationErrorDetail></Error>
crazy-max commented 1 year ago

net/http: TLS handshake timeout

Looks network related or an issue in GH infra.

Weirdly I get a 403 when trying to curl the manifest URL, however it's a public repo so I don't see why this is happening

Might be related to https://www.githubstatus.com/incidents/vsc464zj7gv4.

Closing as it doesn't seem related to Diun but an issue with ghcr. Let me know if it still happens.