New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3.0.1-rhel] handle corrupted images #10637
[3.0.1-rhel] handle corrupted images #10637
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
d808908
to
261ee44
Compare
261ee44
to
40f4b5f
Compare
40f4b5f
to
c7188f3
Compare
/hold cancel |
@edsantiago PTAL at the system test. |
c7188f3
to
5764414
Compare
Hold this one until we clarify if this needs a 8.4.0 zstream |
I think we're ready to go, are we? |
While various execution paths in Podman already handle corrupted images, `podman-{create,image exists,run}` did not. Some corruptions can only be detected when accessing the individual data. A reliable way of accessing such data is accessing its layers. Hence, an image will only be listed to exist if a) it has been found and b) can be inspected. If the inspection fails, the image will be reported to not exists but without an error; the error will only be logged. This allows for properly recovering and pull the image, even in `podman-{create,run}`. Podman will now behave as follows: ``` $ ./bin/podman run --rm nginx echo "it works!" ERRO[0000] Image nginx exists in local storage but may be corrupted: layer not known Resolved "nginx" as an alias (/home/vrothberg/.cache/containers/short-name-aliases.conf) Trying to pull docker.io/library/nginx:latest... Getting image source signatures Copying blob 351ad75a6cfa skipped: already exists Copying blob febe5bd23e98 skipped: already exists Copying blob 30afc0b18f67 skipped: already exists Copying blob 596b1d696923 skipped: already exists Copying blob 8283eee92e2f skipped: already exists Copying blob 69692152171a done Copying config d1a364dc54 done Writing manifest to image destination Storing signatures it works! ``` Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1966872 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
5764414
to
b4bd886
Compare
Thanks @vrothberg . Two things still bother me: /hold cancel |
LGTM but I'm placing a hold again due to @mheon's earlier z-stream comment. Release if/when ready. /hold |
LGTM |
/hold cancel |
While various execution paths in Podman already handle corrupted
images,
podman-{create,image exists,run}
did not.Some corruptions can only be detected when accessing the individual
data. A reliable way of accessing such data is accessing its layers.
Hence, an image will only be listed to exist if a) it has been found
and b) can be inspected. If the inspection fails, the image will be
reported to not exists but without an error; the error will only be
logged. This allows for properly recovering and pull the image, even
in
podman-{create,run}
.Podman will now behave as follows:
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1966872
Signed-off-by: Valentin Rothberg rothberg@redhat.com