-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is 2.0.0 broken for Quay.io? #156
Comments
I've tried to reproduce this without success; can you provide some more data; maybe with
I then inspected this new image (just FYI: I deleted all prior tags/shas from the "estesp" repo before the above step, and also tested with existing tags in place) to verify it pushed properly:
|
I have the exact opposite problem with Quay. It works with 2.0.0 but fails with 1.0.3:
|
Yeah, I didn't have OCIv1 image spec support in the 1.x branch at all :( The CentOS images are true OCI images:
|
I have executed the manifest-tool now manually with an older version of my images. I tried it with the existing manifest and I also tried it after deleting the manifest, same results:
For now I will do a downgrade to latest 1.x.x release to get my pipelines working again, but I would love to use the new version when it works, of course. The same image works fine with 1.0.3:
|
Looks like #122 is finding the same issue; I don't get the 404 that I see near the end of your debug output when it's trying to assemble the final manifest in the registry:
and it's from there that the reply/response cycle may actually be reusing a body incorrectly when it triggers an auth flow? |
If you need any further debug information just let me know :) |
I was able to reproduce it; there are 2 issues at play--one is the known "cannot reuse body" issue which we have someone assigned to work on and fix in the containerd registry push handler. When that fix is available it should solve the overall problem of retry with auth during a push. The second is that it looks like maybe there is something with token scopes/auth that makes this only reproducible when you use the same repository for the source(s)/target of the manifest list/index. For example, I had images like When I change my configuration to source the architectures and final list from the same repo I get the same 404 on the existence check of the manifest list, followed by a 401 to re-auth, which gets the "cannot reuse body" error. The 404 is confusing as I would expect that to happen on the existence check |
Worked around in #159 until containerd has a complete fix for the retry on auth challenge issue with req body reuse. I've tested Quay and verified this fixes this issue with using manifest-tool v2 and Quay.io. Interestingly, if you set the repo to private or source any of the platform images from a private repo the 401 auth challenge comes during a "fetch" and you don't get the error. That's why I initially never saw this issue when testing. |
You can test/verify with the latest release:
|
Thanks for the effort, I can confirm that the latest release has resolved my issues for Quay.io :) |
I'm using the manifest-tool already quite long and never had any issues with it until I updated to 2.0.0. With this version I'm receiving an error while trying to push the manifest to Quay:
Is there anything I can fix on my side? Or is Quay really currently broken with manifest-tool?
The text was updated successfully, but these errors were encountered: