arch-aware pull doesn’t work for gcr.io

[reidpr]

$ ch-image pull -v gcr.io/google-containers/busybox:1.27
verbose level: 1
host architecture from uname: x86_64
host architecture for registry: amd64
pulling image:    gcr.io/google-containers/busybox:1.27
requesting arch:  amd64
destination:      /var/tmp/reidpr/ch-image/img/gcr.io%google-containers%busybox:1.27
downloading image: gcr.io/google-containers/busybox:1.27
initializing session
auth: no authorization
GET: https://gcr.io:443/v2/google-containers/busybox/manifests/1.27
response status: 404
error: not in registry: gcr.io:443/google-containers/busybox:1.27

--arch=yolo does work:

$ ch-image pull --arch=yolo gcr.io/google-containers/busybox:1.27
pulling image:    gcr.io/google-containers/busybox:1.27
requesting arch:  yolo
manifest: using existing file
config: using existing file
layer 1/1: aab39f0: using existing file
flattening image
layer 1/1: aab39f0: listing
validating tarball members
resolving whiteouts
layer 1/1: aab39f0: extracting
image arch: amd64
done

The tag does exist as of 2021-06-24.

The trick here is that if we ignore the 404 and go on to pull the skinny manifest, it should work; but if we do that with other registries we get 400 if the image does not exist.

See also #896.

[adrecord]

@reidpr I can't recreate this on latest master.

andy@host:~/charliecloud/charliecloud$ ch-image --version
0.27~pre+3606bab
andy@host:~/charliecloud/charliecloud$ ch-image pull -v gcr.io/google-containers/busybox:1.27
verbose level: 1
host architecture from uname: x86_64
host architecture for registry: amd64
found storage dir v2: /var/tmp/andy.ch
pulling image:    gcr.io/google-containers/busybox:1.27
requesting arch:  amd64
destination:      /var/tmp/andy.ch/img/gcr.io%google-containers%busybox:1.27
downloading image: gcr.io/google-containers/busybox:1.27
initializing session
auth: no authorization
GET: https://gcr.io:443/v2/google-containers/busybox/manifests/1.27
response status: 200
manifest list: downloading: 100%
warning: image is architecture-unaware
warning: requested arch is amd64; using --arch=yolo
auth: no authorization
GET: https://gcr.io:443/v2/google-containers/busybox/manifests/1.27
response status: 200
manifest: downloading: 100%
config path: /var/tmp/andy.ch/dlcache/54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971.json
auth: no authorization
GET: https://gcr.io:443/v2/google-containers/busybox/blobs/sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971
response status: 200
config: downloading: 100%
layer path: /var/tmp/andy.ch/dlcache/aab39f0bc16d3c109d7017bcbc13ee053b9b1b1c6985c432ec9b5dde1eb0d066.tar.gz
auth: no authorization
GET: https://gcr.io:443/v2/google-containers/busybox/blobs/sha256:aab39f0bc16d3c109d7017bcbc13ee053b9b1b1c6985c432ec9b5dde1eb0d066
response status: 200
layer 1/1: aab39f0: downloading: 0.7/0.7 MiB (100%)
flattening image
no image found: /var/tmp/andy.ch/img/gcr.io%google-containers%busybox:1.27
layer 1/1: aab39f0: listing
skipped 0 empty layers
validating tarball members
pass 1: canonicalizing member paths
pass 2: conversion to tarbomb not needed
pass 3: analyzing members
resolving whiteouts
layer 1/1: aab39f0: extracting
pulled config path: /var/tmp/andy.ch/img/gcr.io%google-containers%busybox:1.27/ch/config.pulled.json
writing metadata file: /var/tmp/andy.ch/img/gcr.io%google-containers%busybox:1.27/ch/metadata.json
writing environment file: /var/tmp/andy.ch/img/gcr.io%google-containers%busybox:1.27/ch/environment
ensuring volume directories exist
image arch: amd64
done
andy@host:~/charliecloud/charliecloud$ ch-image list
gcr.io/google-containers/busybox:1.27

[reidpr]

Current status: busybox:1.27 is architecture-unaware, so it drops to --arch=yolo. However busybox:1.24 is architecture-aware (amd64 only), and it still fails:

$ ch-image pull gcr.io/google-containers/busybox:1.24
pulling image:    gcr.io/google-containers/busybox:1.24
requesting arch:  amd64
error: unauthorized or not in registry: gcr.io:443/google-containers/busybox:1.24
hint: if your registry needs authentication, use --auth