Image tags on DockerHub are out of sync

[lbussell]

See the Aspire Dashboard (Preview) page: https://hub.docker.com/_/microsoft-dotnet-nightly-aspire-dashboard

The "Last Modified" column is out of date as well as the Dockerfile link - https://github.com/dotnet/dotnet-docker/blob/598ce3d47883dcaae202041ee898ebf4874267cc/src/aspire-dashboard/8.0/cbl-mariner-distroless/amd64/Dockerfile

The latest build was actually only a few hours ago on 2024-04-02 - https://github.com/dotnet/versions/blob/cab82d6d3f56be045618a092121f2f8fc914e5c8/build-info/docker/image-info.dotnet-dotnet-docker-nightly.json#L4-L72

[lbussell]

MAR also has an incorrect last modified time -

The digests also don't match except for the topmost one.

[lbussell]

MCR issue is mitigated. Opening another ticket for the DH issue.

[lbussell]

[Triage] We now know that this extends to all of our image repos and none of the README content is being updated (not just the "Last Modified" info). The MAR team is working with Docker to get this resolved.

[William-Froelich]

Is there a recommended work-around for this in the meanwhile? I want to be able to build an ASP.Net based container without all the vulnerabilities.

[lbussell]

Is there a recommended work-around for this in the meanwhile? I want to be able to build an ASP.Net based container without all the vulnerabilities.

@William-Froelich, the images are available - they are not actually hosted on DockerHub, but rather on Microsoft Asset Registry. Our DockerHub repo just contains a list of tags for images on MAR. This issue is about that list of tags not being replicated from MAR to DockerHub properly.

For now, you can see the latest supported tags either at the MAR portal or here in this repo.

[William-Froelich]

Is there a recommended work-around for this in the meanwhile? I want to be able to build an ASP.Net based container without all the vulnerabilities.

@William-Froelich, the images are available - they are not actually hosted on DockerHub, but rather on Microsoft Asset Registry. Our DockerHub repo just contains a list of tags for images on MAR. This issue is about that list of tags not being replicated from MAR to DockerHub properly.

For now, you can see the latest supported tags either at the MAR portal or here in this repo.

@lbussell interesting, was there an issue with the tags in MCR that's been addressed?

My docker file has been using MCR as far as i can tell but the containers seem to be coming from March.

Is this not the correct way to pull from MCR?

FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine AS base

[lbussell]

@William-Froelich, that image was last re-built 7 days ago. The latest version contains .NET 6.0.31 which was released on 2024-05-28. You can run docker pull on the image before you build to get the latest version. Alternatively, you can add the --pull argument to your build command.

PS> docker pull mcr.microsoft.com/dotnet/aspnet:6.0-alpine
6.0-alpine: Pulling from dotnet/aspnet
Digest: sha256:a48a7a54f543d1824bec45d65fe039659f727681a68f44edef053b2c8df55cf5
Status: Image is up to date for mcr.microsoft.com/dotnet/aspnet:6.0-alpine
mcr.microsoft.com/dotnet/aspnet:6.0-alpine

PS> docker run --rm mcr.microsoft.com/dotnet/aspnet:6.0-alpine dotnet --list-runtimes
Microsoft.AspNetCore.App 6.0.31 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.31 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

PS> docker history  mcr.microsoft.com/dotnet/aspnet:6.0-alpine
IMAGE          CREATED        CREATED BY                                      SIZE      COMMENT
7fce76041bda   7 days ago     RUN /bin/sh -c wget -O aspnetcore.tar.gz htt…   20.3MB    buildkit.dockerfile.v0
...

[William-Froelich]

Thanks. I guess that means the busybox issues are just not resolved upstream by the alpine team

Alpine Linux Docke issue 389

It seems they don't consider this to be a valid concern.

[mthalman]

There have been some updates made by the MAR team to get this fixed. This is fixed for some repos like https://hub.docker.com/r/microsoft/dotnet-nightly-aspire-dashboard. However, other repos like https://hub.docker.com/_/microsoft-dotnet-nightly-aspnet/ are not updated. This is because there is a character limit being hit that's defined by Docker. We'll need to adjust the content of the READMEs so they fit within this character limit.

[mthalman]

This is blocked by the renderingtool issue described at https://github.com/dotnet/dotnet-docker/issues/5561.