Failed Pull From RedHat Registry

[kekoav]

Img is unable to pull from the RedHat registry, for example, the registry.access.redhat.com/ubi7-minimal:latest image.

Expected

Img should be able to pull registry.access.redhat.com/ubi7-minimal:latest.

Actual

Pull command fails with error: Error: could not resolve digest for registry.access.redhat.com/ubi7-minimal:latest

Steps to Reproduce

$ docker run -it --rm --privileged r.j3ss.co/img pull registry.access.redhat.com/ubi7-minimal:latest
Pulling registry.access.redhat.com/ubi7-minimal:latest...
Error: could not resolve digest for registry.access.redhat.com/ubi7-minimal:latest

Details

This error comes from containerd, but I am not sure why it is failing in this way for this registry, but works for others.

https://github.com/containerd/containerd/blob/b8631c750c512ee9a927d1076b76c452e8a54ba1/remotes/docker/resolver.go#L237

This needs some more investigation to determine the cause.

[issue-label-bot[bot]]

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.84. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

[patrickeasters]

This looks like it's because Red Hat's container image manifests are served from a CDN and don't include the Docker-Content-Digest header.

OCI spec says this header is optional, so I would expect containerd to calculate the digest itself as a fallback rather than erroring.

[AkihiroSuda]

285