Transfer component archive fails with local oci registry

[fwilhe]

What happened:

I'm trying to follow getting started with a local oci registry.

My registry is running at localhost:8080 and I can use it with docker and skopeo.

When I'm trying to transfer the archive, it fails by assuming I want to work with a local directory:

$ ocm  transfer componentarchive ./ca-hello-world localhost:8080
Error: mkdir http://localhost:8080/: no such file or directory

I don't know why this happens, the help page of ocm transfer and ocm transfer componentarchive don't seem to explain what's wrong.

It worked when I used the github registry like mentioned in the docs.

What you expected to happen:

I should be able to push my component archive to a local OCI registry.

How to reproduce it (as minimally and precisely as possible):

On lInux, with docker installed, run the following (as root or with sudo where needed):

echo Install ocm cli
curl -s https://ocm.software/install.sh | bash

echo Install zot
wget -O /usr/bin/zot  https://github.com/project-zot/zot/releases/download/v2.0.0/zot-linux-arm64
chmod a+x /usr/bin/zot

mkdir -p /etc/zot

cat << 'EOF' > /etc/zot/config.json
{
    "distSpecVersion": "1.1.0",
    "storage": {
        "rootDirectory": "/tmp/zot"
    },
    "http": {
        "address": "127.0.0.1",
        "port": "8080"
    },
    "log": {
        "level": "debug"
    },
    "extensions": {
        "search": {
            "enable": true
        },
        "ui": {
            "enable": true
        }
    }
}
EOF

Run the zot registry using zot serve /etc/zot/config.json and let it run in the background.

You may verify the registry works using skopeo --insecure-policy copy --dest-tls-verify=false --format=oci docker://busybox:latest docker://localhost:8080/busybox:latest

In another terminal, follow getting started but replace

OCM_REPO="ghcr.io/<github-org>/ocm"

with

OCM_REPO="localhost:8080/ocm"

It will all work until it fails at ocm transfer componentarchive ./ca-hello-world localhost:8080

Anything else we need to know:

I might be using it wrong. I've tried to consult the docs and the code to understand what's wrong, but honestly I don't see it. Please let me know if I made a silly mistake.

I'd appreciate if the documentation was more clear on 'targets' and how local directories and oci registries are identified.

Environment:

Linux arm64 vm on macos apple silicon

[Skarlso]

Just out of curiosity, can you try ocm transfer componentarchive ./ca-hello-world --repo OCIRegistry:localhost:8080

[fabianburth]

@Skarlso I'm already in contact with @fwilhe. The bug is partially related to several fixes I implemented in this PR. I believe, the current ocm release (v0.8.0) is not able to communicate with oci registries over an http connection.

He already checked out the PR, which appears to solve the initial problem. But apparently, uploaders still have issues with http. Will investigate this further tomorrow.

[Skarlso]

I mean... Honestly, I would be okay with that ( not being able to push to HTTP ). We never did intent to use insecure registries. That's why OCM internally is using self-signed certificates. It's not too difficult to set up an HTTPS repository. Actually it's just a couple lines to create a self-signed cert and insert it into the system store.

[fwilhe]

Yeah honestly I did not consider that as for local testing encryption just is not a concern. I'm fine with requiring HTTPS, but I'd suggest to document this.

Thanks for looking into it.

[Skarlso]

Meh. :D I mean if you implemented it already than don't let it go to waste. :D

[morri-son]

already mentioned above: #676