`oras manifest delete` fails with `Docker-Content-Digest` header missing

[smndtrl]

What happened in your environment?

oras manifest delete localhost:3000/test:lol        
Error: HTTP HEAD request missing required header "Docker-Content-Digest

I double checked with the distribution spec if that field should be required or not and it states

Legacy Docker support HTTP headers
Because of the origins this specification, the client MAY encounter Docker-specific headers, such as Docker-Content-Digest, or Docker-Distribution-API-Version. These headers are OPTIONAL and clients SHOULD NOT depend on them.

What did you expect to happen?

legacy header are not required

How can we reproduce it?

oras manifest delete localhost:3000/test:simple

What is the version of your ORAS CLI?

oras version
Version:    1.1.0+Homebrew
Go version: go1.21.1

What is your OS environment?

macos

Are you willing to submit PRs to fix it?

• [ ] Yes, I am willing to fix it.

[qweeah]

To delete localhost:3000/test:lol, ORAS CLI need to resolve the digest of the manifest to call the API. How can a client get the required digest if Docker-Content-Digest is not presented?

Also OCI spec v1.0.1 states that A GET request to an existing manifest URL MUST provide the expected manifest, with a response code that MUST be 200 OK. A successful response SHOULD contain the digest of the uploaded blob in the header Docker-Content-Digest.. It's not MAY thus the header is not optional.

[smndtrl]

Sorry about the misunderstanding, I assumed that OPTIONAL headers that clients SHOULD NOT depend upon was the ruling statement here. I will live with not having the the delete manifest functionality then.

[smndtrl]

Just for the sake of completeness, I solved my dilemma by getting the digest using oras manifest fetch ... | sha256sum and deleting the manifest by digest and not by tag. By that, our stateless OCI-compatible (but not compliant) API can continue to work fine.