Closed smndtrl closed 6 months ago
To delete localhost:3000/test:lol
, ORAS CLI need to resolve the digest of the manifest to call the API. How can a client get the required digest if Docker-Content-Digest
is not presented?
Also OCI spec v1.0.1 states that A GET request to an existing manifest URL MUST provide the expected manifest, with a response code that MUST be 200 OK. A successful response SHOULD contain the digest of the uploaded blob in the header Docker-Content-Digest.
. It's not MAY
thus the header is not optional.
Sorry about the misunderstanding, I assumed that OPTIONAL
headers that clients SHOULD NOT
depend upon was the ruling statement here. I will live with not having the the delete manifest functionality then.
Just for the sake of completeness, I solved my dilemma by getting the digest using oras manifest fetch ... | sha256sum
and deleting the manifest by digest and not by tag. By that, our stateless OCI-compatible (but not compliant) API can continue to work fine.
What happened in your environment?
I double checked with the distribution spec if that field should be required or not and it states
What did you expect to happen?
legacy header are not required
How can we reproduce it?
oras manifest delete localhost:3000/test:simple
What is the version of your ORAS CLI?
What is your OS environment?
macos
Are you willing to submit PRs to fix it?