Cannot build app with podman and pack v0.32+ #2000
Comments
matejvasek
added
status/triage
|
@matejvasek thanks for this. I think we have a couple options here:
@jabrown85 do you have any thoughts here? |
natalieparellano
added
status/ready
|
I'd be curious to cut a version without the the validate and see if the image is as expected. Can you share your podman information? Does this happen on fresh builds or re-builds? |
|
When I neutralize the |
|
The error happens even on supposedly clean build (new image name). |
podman system service unix:///tmp/docker.sock --log-level=debug --time 0export DOCKER_HOST=unix:///tmp/docker.sock
pack build applications/golang2 -Bghcr.io/knative/builder-jammy-tiny:latest --docker-host=inherit --trust-builder=1 --path=/tmp/tmp.UVLH8A9F24 |
|
I will suggest option 2 and remove the |
|
We used to do the check with |
|
IMO it would be safer to just roll back imgutil until we can understand what changed. |
|
What two digests are being compared? One in daemon and another in tar, or what is being compared? |
|
What exactly is happening? Are we crafting image tar that is subsequently loaded into daemon? |
|
@matejvasek we used to compare the digest of the config file that we loaded to the image ID returned by inspect. I believe this is to protect against collisions, in case two image builds with the same tag are happening in parallel. When we added the workaround for containerd storage, we stopped using the image ID in the comparison, because the ID when containerd storage is used is the digest of the manifest. Instead, we compute the digest again and check that it matches what we sent in. |
|
@natalieparellano I was not watching this for some time, is there any progress on this issue? |
|
@matejvasek I think we just need to remove the digest comparison in imgutil. It should be a quick fix. |
Before #222, we calculated the sha of the config file that we sent to the daemon, and verified that we could inspect an image with that ID. After #222, since the image ID may be the sha of the config file or the sha of the manifest file (depending on whether containerd storage is enabled), we still calculated the sha of the config file that we sent to the daemon, but instead of trying to inspect an image with that ID, we inspected the image by name, derived the config file from the data we got back from inspect, and then verified that the sha of the derived config file matches the sha of the config file that we sent in. This check turned out to be brittle (see buildpacks/pack#2000 and https://cloud-native.slack.com/archives/C0331B61A1Y/p1701976103265489) and we agreed that it should be safe to remove this check. Signed-off-by: Natalie Arellano <[email protected]>
|
This should be fixed in buildpacks/imgutil#239 - I believe all that is left is to update the imgutil version in pack (cc @jjbustamante) |
I will create a PR to bump the imgutil version 😄 |
Summary
Building an app using
packandpodmanfails with message:The regression seems to be introduced in buildpacks/imgutil@67824e9 before it worked.
Reproduction
Steps
Current behavior
Expected behavior
Environment
pack info
docker info
The text was updated successfully, but these errors were encountered: