Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skopeo copy fails when image contains attestation manifest #1874

Closed
sjauld opened this issue Jan 22, 2023 · 6 comments
Closed

Skopeo copy fails when image contains attestation manifest #1874

sjauld opened this issue Jan 22, 2023 · 6 comments
Labels
locked - please file new issue/PR

Comments

@sjauld
Copy link

sjauld commented Jan 22, 2023

When images are built with buildx >= v0.10.0, an SLSA Provenance attestation is added. This causes skopeo copy to fail with the error

Error creating an updated image manifest: Error preparing updated manifest, layer \"sha256:<sha>\": unsupported MIME type for compression: application/vnd.in-toto+json

See https://github.com/docker/buildx/releases/tag/v0.10.0
@tyranron
Copy link

Have the same issue with my workflows: https://github.com/instrumentisto/rust-docker-image/actions/runs/3984656840/jobs/6831114769#step:6:50

@mtrmac
Copy link
Collaborator

mtrmac commented Jan 23, 2023

Thanks for your report. What version of Skopeo is this? That’s not expected with ≥ 1.9.0 AFAICS.

If it happens with a recent version, please attach the complete output of skopeo --debug copy …

@sjauld
Copy link
Author

sjauld commented Jan 24, 2023

Thanks @mtrmac. I was using the latest version in the Debian Bullseye repo, which is horrendously out of date. It works fine when I build the latest version myself.

@tyranron as another workaround I added --sbom=false --provenance=false to my docker build step - this enables me to still use Debain version of skopeo to copy the containers.

@sjauld sjauld closed this as completed Jan 24, 2023
@tyranron
Copy link

@sjauld thanks for the workarounds!

@stuartleeks stuartleeks mentioned this issue Jan 25, 2023
Closed
@carllhw carllhw mentioned this issue Jan 28, 2023
Closed
@Xunzhuo Xunzhuo mentioned this issue Feb 3, 2023
Merged
@mtrmac
Copy link
Collaborator

mtrmac commented Feb 8, 2023

@snowmanstark Please file a separate issue, include the specific version number of Skopeo, and the debug output per #1874 (comment) .

@metaskills metaskills mentioned this issue Mar 16, 2023
Open
tuxpeople added a commit to tuxpeople/docker-debugcontainer that referenced this issue Apr 6, 2023
@tuxpeople
Testing skopeo workaround from containers/skopeo#1874
f309016
dmd added a commit to bbfrederick/rapidtide that referenced this issue Apr 28, 2023
@dmd
fix sbom/prov, see containers/skopeo#1874
f60382b
@stefan-cukl
Copy link

there's a new BUILDX_NO_DEFAULT_ATTESTATIONS env var which can now be used with buildx v0.10.4

@lejouson lejouson mentioned this issue Jun 23, 2023
Merged
4 tasks
clearbluejar added a commit to clearbluejar/ghidra-python that referenced this issue Jul 26, 2023
@clearbluejar
mitigate skopeo copy issue containers/skopeo#1874
8a63387
@MP91 MP91 mentioned this issue Aug 17, 2023
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked - please file new issue/PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mtrmac @tyranron @sjauld @stefan-cukl