[REQ] Enhance Image Resolution Methods #439

Closed AshkanRafiee closed 10 months ago

What kind of request is this?

Improvement of existing experience

What is your request or suggestion?

I am submitting an improvement request for the Copacetic project to enhance its image resolution capabilities for its tooling images (ex. Debian:11-slim), specifically focusing on resolving Docker images from locally available images inside the container. Additionally, The current configuration of Copa seems that it doesn't care about docker daemon mirrors or even DNS settings.

Environment: GitLab Runner
Copacetic Version: v0.5.1
Image: ghcr.io/project-copacetic/copa-action:v0.5.1

Issue:

Copacetic does not adequately resolve Docker images from local images available inside the container. Furthermore, it does not effectively care about in-place DNS settings and Docker daemon mirrors, leading to issues during image resolution in airgap environments.

Expected Behavior:

I propose that Copacetic should be enhanced to seamlessly resolve Docker images from locally available images within the container. Additionally, Copacetic should care about DNS settings and Docker daemon mirrors to ensure a robust and flexible image resolution process.

Actual Behavior:

Currently, Copacetic does not provide the expected image resolution capabilities. When running the specified command, Copacetic fails to recognize locally available images, and the local repository is not effectively utilized. The error message received is failed to solve: failed to load cache key: unexpected status from HEAD request to https://registry-1.docker.io/v2/library/debian/manifests/11-slim: 403 Forbidden . I have Debian 11 (Slim) locally and have configured my Docker daemon to use a mirror repository, I also attempted to pull Debian 11 (Slim) from docker.io—similar to what Copa is attempting. Everything works fine when pulling from docker.io manually, but Copa is unable to resolve it either locally or Remotely, and the remote docker.io is encountering a 403 error with copa patch command.

Additional Information:

The Docker daemon mirrors are correctly configured. (to the local artifactory)

DNS settings are in place in order to be able to resolve docker.io, and the issue persists.

Error Messages:

#-------------------------------------Preparing Image's Tag------------------------------------------
$ echo "$IMAGE"
docker.somewhere.com/nginx:1.21.6
$ if [ "$IMAGE" = "Not specified." ]; then # collapsed multi-line command
Extracted tag: 1.21.6
$ TIMESTAMP=$(date +"%Y-%m-%d-%H-%M-%S")
$ PATCH_TAG="$TAG-patched-$TIMESTAMP"
$ PATCHED_IMAGE="$IMAGE:$PATCH_TAG"
$ echo "Patched image will be like $PATCHED_IMAGE"
Patched image will be like docker.somewhere.com/nginx:1.21.6:1.21.6-patched-2023-12-10-05-47-29
#-------------------------------------Checking Docker------------------------------------------
$ docker info
Client: Docker Engine - Community
 Version:    24.0.6
 Context:    default
 Debug Mode: false
Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 091922f03c2762540fd057fba91260237ff86acb
 runc version: v1.1.9-0-gccaecfc
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
 Kernel Version: 5.10.0-0.deb10.16-amd64
 Operating System: Alpine Linux v3.18 (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 31.33GiB
 Name: docker-5c588fd766-gsxxl
 ID: 1cdb8d67-b7fa-4654-80c7-31add1248f9d
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://docker.somewhere.com/
 Live Restore Enabled: false
 Product License: Community Engine
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/go/attack-surface/
#-------------------------------------Pulling debian:11-slim Manually------------------------------------------
$ docker pull docker.io/library/debian:11-slim
11-slim: Pulling from library/debian
Digest: sha256:5aab272aa24713622bfac9dba239bc7488d9979b0d82d19a9dffccd99292154d
Status: Image is up to date for debian:11-slim
docker.io/library/debian:11-slim
#-------------------------------------Running copa patch------------------------------------------
$ copa patch --debug --timeout "$PATCHER_TIMEOUT" -i "$IMAGE" -r "$TRIVY_OUTPUT" -t "$PATCH_TAG" -a "${BUILDKIT_PROTOCOL_IP_PORT}"
time="2023-12-10T05:47:29Z" level=debug msg="updates to apply: &{{{debian 11.3} {amd64}} [{curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22945} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32207} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u5 CVE-2022-32221} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u10 CVE-2023-38545} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22946} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-22576} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27775} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27781} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27782} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27533} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27534} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22947} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27774} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27776} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32205} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32206} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32208} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u5 CVE-2022-43552} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u7 CVE-2023-23916} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27535} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27536} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27538} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u9 CVE-2023-28321} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22898} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22924} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u3 CVE-2022-35252} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u9 CVE-2023-28322} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u10 CVE-2023-38546} {gpgv 2.2.27-2+deb11u1 2.2.27-2+deb11u2 CVE-2022-34903} {libc-bin 2.31-13+deb11u3 2.31-13+deb11u4 CVE-2021-3999} {libc-bin 2.31-13+deb11u3 2.31-13+deb11u7 CVE-2023-4911} {libc6 2.31-13+deb11u3 2.31-13+deb11u4 CVE-2021-3999} {libc6 2.31-13+deb11u3 2.31-13+deb11u7 CVE-2023-4911} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22945} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32207} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u5 CVE-2022-32221} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u10 CVE-2023-38545} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22946} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-22576} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27775} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27781} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27782} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27533} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27534} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22947} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27774} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27776} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32205} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32206} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32208} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u5 CVE-2022-43552} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u7 CVE-2023-23916} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27535} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27536} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27538} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u9 CVE-2023-28321} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22898} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22924} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u3 CVE-2022-35252} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u9 CVE-2023-28322} {libcurl4 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u10 CVE-2023-38546} {libexpat1 2.2.10-2+deb11u3 2.2.10-2+deb11u4 CVE-2022-40674} {libexpat1 2.2.10-2+deb11u3 2.2.10-2+deb11u5 CVE-2022-43680} {libfreetype6 2.10.4+dfsg-1 2.10.4+dfsg-1+deb11u1 CVE-2022-27404} {libfreetype6 2.10.4+dfsg-1 2.10.4+dfsg-1+deb11u1 CVE-2022-27405} {libfreetype6 2.10.4+dfsg-1 2.10.4+dfsg-1+deb11u1 CVE-2022-27406} {libgnutls30 3.7.1-5 3.7.1-5+deb11u2 CVE-2022-2509} {libgnutls30 3.7.1-5 3.7.1-5+deb11u3 CVE-2023-0361} {libgnutls30 3.7.1-5 3.7.1-5+deb11u1 CVE-2021-4209} {libgssapi-krb5-2 1.18.3-6+deb11u1 1.18.3-6+deb11u3 CVE-2022-42898} {libgssapi-krb5-2 1.18.3-6+deb11u1 1.18.3-6+deb11u4 CVE-2023-36054} {libk5crypto3 1.18.3-6+deb11u1 1.18.3-6+deb11u3 CVE-2022-42898} {libk5crypto3 1.18.3-6+deb11u1 1.18.3-6+deb11u4 CVE-2023-36054} {libkrb5-3 1.18.3-6+deb11u1 1.18.3-6+deb11u3 CVE-2022-42898} {libkrb5-3 1.18.3-6+deb11u1 1.18.3-6+deb11u4 CVE-2023-36054} {libkrb5support0 1.18.3-6+deb11u1 1.18.3-6+deb11u3 CVE-2022-42898} {libkrb5support0 1.18.3-6+deb11u1 1.18.3-6+deb11u4 CVE-2023-36054} {libnghttp2-14 1.43.0-1 1.43.0-1+deb11u1 CVE-2023-44487} {libpcre2-8-0 10.36-2 10.36-2+deb11u1 CVE-2022-1586} {libpcre2-8-0 10.36-2 10.36-2+deb11u1 CVE-2022-1587} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u3 CVE-2022-2068} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-4450} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2023-0215} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2023-0286} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0464} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-2097} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-4304} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0465} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0466} {libssl1.1 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-2650} {libssl1.1 1.1.1n-0+deb11u2 1.1.1v-0~deb11u1 CVE-2023-3446} {libssl1.1 1.1.1n-0+deb11u2 1.1.1v-0~deb11u1 CVE-2023-3817} {libsystemd0 247.3-7 247.3-7+deb11u2 CVE-2022-3821} {libsystemd0 247.3-7 247.3-7+deb11u2 CVE-2022-4415} {libtasn1-6 4.16.0-2 4.16.0-2+deb11u1 CVE-2021-46848} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3970} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-25434} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1354} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1355} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1622} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1623} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2056} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2057} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2058} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2519} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2520} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2521} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2867} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2868} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2869} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2953} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-34526} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3570} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3597} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3598} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3599} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3626} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3627} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-4645} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-48281} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0795} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0796} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0797} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0798} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0799} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0800} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0801} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0802} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0803} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0804} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-25435} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2023-30086} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2023-30774} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u5 CVE-2023-3576} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u5 CVE-2023-40745} {libtiff5 4.2.0-1+deb11u1 4.2.0-1+deb11u5 CVE-2023-41175} {libtinfo6 6.2+20201114-2 6.2+20201114-2+deb11u1 CVE-2022-29458} {libtinfo6 6.2+20201114-2 6.2+20201114-2+deb11u2 CVE-2023-29491} {libtirpc-common 1.3.1-1 1.3.1-1+deb11u1 CVE-2021-46828} {libtirpc3 1.3.1-1 1.3.1-1+deb11u1 CVE-2021-46828} {libudev1 247.3-7 247.3-7+deb11u2 CVE-2022-3821} {libudev1 247.3-7 247.3-7+deb11u2 CVE-2022-4415} {libwebp6 0.6.1-2.1 0.6.1-2.1+deb11u1 CVE-2023-1999} {libwebp6 0.6.1-2.1 0.6.1-2.1+deb11u2 CVE-2023-4863} {libx11-6 2:1.7.2-1 2:1.7.2-1+deb11u1 CVE-2023-3138} {libx11-6 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43787} {libx11-6 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43785} {libx11-6 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43786} {libx11-data 2:1.7.2-1 2:1.7.2-1+deb11u1 CVE-2023-3138} {libx11-data 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43787} {libx11-data 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43785} {libx11-data 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43786} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u3 CVE-2022-40303} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u3 CVE-2022-40304} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u4 CVE-2023-28484} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u4 CVE-2023-29469} {libxpm4 1:3.5.12-1 1:3.5.12-1.1~deb11u1 CVE-2022-44617} {libxpm4 1:3.5.12-1 1:3.5.12-1.1~deb11u1 CVE-2022-46285} {libxpm4 1:3.5.12-1 1:3.5.12-1.1~deb11u1 CVE-2022-4883} {libxpm4 1:3.5.12-1 1:3.5.12-1.1+deb11u1 CVE-2023-43788} {libxpm4 1:3.5.12-1 1:3.5.12-1.1+deb11u1 CVE-2023-43789} {libxslt1.1 1.1.34-4 1.1.34-4+deb11u1 CVE-2021-30560} {ncurses-base 6.2+20201114-2 6.2+20201114-2+deb11u1 CVE-2022-29458} {ncurses-base 6.2+20201114-2 6.2+20201114-2+deb11u2 CVE-2023-29491} {ncurses-bin 6.2+20201114-2 6.2+20201114-2+deb11u1 CVE-2022-29458} {ncurses-bin 6.2+20201114-2 6.2+20201114-2+deb11u2 CVE-2023-29491} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u3 CVE-2022-2068} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-4450} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2023-0215} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2023-0286} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0464} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-2097} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-4304} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0465} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0466} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-2650} {openssl 1.1.1n-0+deb11u2 1.1.1v-0~deb11u1 CVE-2023-3446} {openssl 1.1.1n-0+deb11u2 1.1.1v-0~deb11u1 CVE-2023-3817} {zlib1g 1:1.2.11.dfsg-2+deb11u1 1:1.2.11.dfsg-2+deb11u2 CVE-2022-37434}]}"
time="2023-12-10T05:47:29Z" level=debug msg=resolving host=docker.somewhere.com
time="2023-12-10T05:47:29Z" level=debug msg="do request" host=docker.somewhere.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=buildkit/v0.0-dev request.method=HEAD url="https://docker.somewhere.com/v2/nginx/manifests/1.21.6"
time="2023-12-10T05:47:29Z" level=debug msg="fetch response received" host=docker.somewhere.com response.header.content-type="application/json;charset=ISO-8859-1" response.header.date="Sun, 10 Dec 2023 05:47:29 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.strict-transport-security="max-age=15724800; includeSubDomains" response.header.www-authenticate="Bearer realm=\"https://docker.somewhere.com/artifactory/api/docker/docker/v2/token\",service=\"docker.somewhere.com\",scope=\"repository:nginx:pull\"" response.status="401 Unauthorized" url="https://docker.somewhere.com/v2/nginx/manifests/1.21.6"
time="2023-12-10T05:47:29Z" level=debug msg=Unauthorized header="Bearer realm=\"https://docker.somewhere.com/artifactory/api/docker/docker/v2/token\",service=\"docker.somewhere.com\",scope=\"repository:nginx:pull\"" host=docker.somewhere.com
time="2023-12-10T05:47:29Z" level=debug msg="do request" host=docker.somewhere.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=buildkit/v0.0-dev request.method=HEAD url="https://docker.somewhere.com/v2/nginx/manifests/1.21.6"
time="2023-12-10T05:47:29Z" level=debug msg="fetch response received" host=docker.somewhere.com response.header.accept-ranges=bytes response.header.content-disposition="attachment; filename=\"list.manifest.json\"" response.header.content-length=1862 response.header.content-type=application/vnd.docker.distribution.manifest.list.v2+json response.header.date="Sun, 10 Dec 2023 05:47:29 GMT" response.header.docker-content-digest="sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" response.header.docker-distribution-api-version=registry/2.0 response.header.etag=9f56e6520500c4619a72087d2081e03a7d385f04 response.header.last-modified="Tue, 31 May 2022 06:35:05 GMT" response.header.strict-transport-security="max-age=15724800; includeSubDomains" response.header.x-artifactory-docker-registry=docker response.header.x-artifactory-filename=list.manifest.json response.header.x-artifactory-id=fae7a50dedd30ab139edea6de776a9b4f1e40036 response.header.x-artifactory-node-id=artifactory-1 response.header.x-checksum-md5=ce3c549ecc84d7f07ca70adeb319c137 response.header.x-checksum-sha1=9f56e6520500c4619a72087d2081e03a7d385f04 response.header.x-checksum-sha256=2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 response.header.x-jfrog-version="Artifactory/7.71.4 77104900" response.status="200 OK" url="https://docker.somewhere.com/v2/nginx/manifests/1.21.6"
time="2023-12-10T05:47:29Z" level=debug msg=resolved desc.digest="sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" host=docker.somewhere.com
time="2023-12-10T05:47:29Z" level=debug msg=fetch digest="sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" mediatype=application/vnd.docker.distribution.manifest.list.v2+json size=1862
time="2023-12-10T05:47:29Z" level=debug msg="do request" digest="sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" mediatype=application/vnd.docker.distribution.manifest.list.v2+json request.header.accept="application/vnd.docker.distribution.manifest.list.v2+json, */*" request.header.user-agent=buildkit/v0.0-dev request.method=GET size=1862 url="https://docker.somewhere.com/v2/nginx/manifests/sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514"
time="2023-12-10T05:47:29Z" level=debug msg="fetch response received" digest="sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" mediatype=application/vnd.docker.distribution.manifest.list.v2+json response.header.accept-ranges=bytes response.header.content-disposition="attachment; filename=\"list.manifest.json\"" response.header.content-length=1862 response.header.content-type=application/vnd.docker.distribution.manifest.list.v2+json response.header.date="Sun, 10 Dec 2023 05:47:29 GMT" response.header.docker-content-digest="sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" response.header.docker-distribution-api-version=registry/2.0 response.header.etag=9f56e6520500c4619a72087d2081e03a7d385f04 response.header.last-modified="Tue, 21 Jun 2022 11:44:51 GMT" response.header.strict-transport-security="max-age=15724800; includeSubDomains" response.header.x-artifactory-filename=list.manifest.json response.header.x-artifactory-id=39d2de6f8bcdf047133e46bc54f7f6c307a03c2e response.header.x-artifactory-node-id=artifactory-0 response.header.x-checksum-md5=ce3c549ecc84d7f07ca70adeb319c137 response.header.x-checksum-sha1=9f56e6520500c4619a72087d2081e03a7d385f04 response.header.x-checksum-sha256=2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 response.header.x-jfrog-version="Artifactory/7.71.4 77104900" response.status="200 OK" size=1862 url="https://docker.somewhere.com/v2/nginx/manifests/sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514"
time="2023-12-10T05:47:29Z" level=debug msg=fetch digest="sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4" mediatype=application/vnd.docker.distribution.manifest.v2+json size=1570
time="2023-12-10T05:47:29Z" level=debug msg="do request" digest="sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4" mediatype=application/vnd.docker.distribution.manifest.v2+json request.header.accept="application/vnd.docker.distribution.manifest.v2+json, */*" request.header.user-agent=buildkit/v0.0-dev request.method=GET size=1570 url="https://docker.somewhere.com/v2/nginx/manifests/sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4"
time="2023-12-10T05:47:29Z" level=debug msg="fetch response received" digest="sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4" mediatype=application/vnd.docker.distribution.manifest.v2+json response.header.accept-ranges=bytes response.header.content-disposition="attachment; filename=\"manifest.json\"" response.header.content-length=1570 response.header.content-type=application/vnd.docker.distribution.manifest.v2+json response.header.date="Sun, 10 Dec 2023 05:47:29 GMT" response.header.docker-content-digest="sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4" response.header.docker-distribution-api-version=registry/2.0 response.header.etag=323cd0f9e80cb12fd51f1e0c0a24e49b57cc9373 response.header.last-modified="Tue, 04 Oct 2022 06:29:00 GMT" response.header.strict-transport-security="max-age=15724800; includeSubDomains" response.header.x-artifactory-filename=manifest.json response.header.x-artifactory-id=fae7a50dedd30ab139edea6de776a9b4f1e40036 response.header.x-artifactory-node-id=artifactory-1 response.header.x-checksum-md5=84e161c1ab51e585f4270f644ae3c3a2 response.header.x-checksum-sha1=323cd0f9e80cb12fd51f1e0c0a24e49b57cc9373 response.header.x-checksum-sha256=25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4 response.header.x-jfrog-version="Artifactory/7.71.4 77104900" response.status="200 OK" size=1570 url="https://docker.somewhere.com/v2/nginx/manifests/sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4"
time="2023-12-10T05:47:29Z" level=debug msg=fetch digest="sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d" mediatype=application/vnd.docker.container.image.v1+json size=7656
time="2023-12-10T05:47:29Z" level=debug msg="do request" digest="sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d" mediatype=application/vnd.docker.container.image.v1+json request.header.accept="application/vnd.docker.container.image.v1+json, */*" request.header.user-agent=buildkit/v0.0-dev request.method=GET size=7656 url="https://docker.somewhere.com/v2/nginx/blobs/sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d"
time="2023-12-10T05:47:29Z" level=debug msg="fetch response received" digest="sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d" mediatype=application/vnd.docker.container.image.v1+json response.header.accept-ranges=bytes response.header.content-disposition="attachment; filename=\"sha256__0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d\"" response.header.content-length=7656 response.header.content-type=application/octet-stream response.header.date="Sun, 10 Dec 2023 05:47:29 GMT" response.header.docker-content-digest="sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d" response.header.docker-distribution-api-version=registry/2.0 response.header.etag=ea22d328f1fdd7a4cbb7ef59e1facf2ad2ef5e39 response.header.last-modified="Sat, 28 May 2022 05:43:02 GMT" response.header.strict-transport-security="max-age=15724800; includeSubDomains" response.header.x-artifactory-filename=sha256__0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d response.header.x-artifactory-id=39d2de6f8bcdf047133e46bc54f7f6c307a03c2e response.header.x-artifactory-node-id=artifactory-0 response.header.x-checksum-md5=316508bca3007a854a29d69a8dee2063 response.header.x-checksum-sha1=ea22d328f1fdd7a4cbb7ef59e1facf2ad2ef5e39 response.header.x-checksum-sha256=0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d response.header.x-jfrog-version="Artifactory/7.71.4 77104900" response.status="200 OK" size=7656 url="https://docker.somewhere.com/v2/nginx/blobs/sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d"
time="2023-12-10T05:47:29Z" level=debug msg="Using debian:11-slim as basis for tooling image"
time="2023-12-10T05:47:29Z" level=debug msg="serving grpc connection"
#1 docker-image://docker.somewhere.com/nginx:1.21.6
#1 resolve docker.somewhere.com/nginx:1.21.6 0.0s done
#1 extracting sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda
time="2023-12-10T05:47:30Z" level=debug msg="stopping session"
#1 extracting sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda 0.5s done
#1 DONE 0.5s
#2 docker-image://docker.io/library/debian:11-slim
#2 resolve docker.io/library/debian:11-slim 0.5s done
#2 ERROR: unexpected status from HEAD request to https://registry-1.docker.io/v2/library/debian/manifests/11-slim: 403 Forbidden
#3 apt update
#3 CACHED
#4 apt install busybox-static
#4 CACHED
#5 copy /bin/busybox /bin/busybox
#5 CANCELED
------
 > docker-image://docker.io/library/debian:11-slim:
------
time="2023-12-10T05:47:30Z" level=warning msg="--debug specified, working folder at /tmp/copa-918378001 needs to be manually cleaned up"
Error: failed to solve: failed to load cache key: unexpected status from HEAD request to https://registry-1.docker.io/v2/library/debian/manifests/11-slim: 403 Forbidden
Cleaning up project directory and file based variables

Proposed Solution:

I propose investigating whether this is a bug within Copacetic and, if so, addressing it to ensure proper resolution of locally available images and utilization of the local repository. Otherwise, enhancing Copacetic to improve image resolution by recognizing locally available Docker images inside the container. Additionally, attention should be given to caring DNS settings and Docker daemon mirrors to ensure a seamless user experience.

Thank you for considering this improvement request.

Are you willing to submit PRs to contribute to this feature request?

[ ] Yes, I am willing to implement it.

@AshkanRafiee We recently merged local image support to main branch (#381) but we haven't cut a new release with this feature yet.

@AshkanRafiee https://github.com/project-copacetic/copacetic/releases/tag/v0.6.0 is out with this change. Keep in mind this requires containerd image store.

Closing this issue as complete. Feel free to re-open if you are still seeing this.

project-copacetic / copacetic