Failing to push OCI image index with two identical manifests


Marton, Gabor (Nokia - HU/Budapest)
 

Dear Community,

 

pushing an OCI image index similar to the below one fails:

 

cat oci-image-index.json

{

    "schemaVersion": 2,

    "mediaType": "application/vnd.oci.image.index.v1+json",

    "manifests": [ {

        "mediaType": "application/vnd.oci.image.manifest.v1+json",

        "digest": "sha256:368fdd22c21f62f93c3d9bdbb0f26f8bf13dd984f423b174dc1ec1967e1b8a58",

        "size": 583,

        "annotations": {

            "org.opencontainers.image.ref.name": "project/a/b/c/kubectl:v1.23.1"

        }

    },{

        "mediaType": "application/vnd.oci.image.manifest.v1+json",

        "digest": "sha256:368fdd22c21f62f93c3d9bdbb0f26f8bf13dd984f423b174dc1ec1967e1b8a58",

        "size": 583,

        "annotations": {

            "org.opencontainers.image.ref.name": "project/c/d/e/kubectl:v1.23.1"

        }

    }],

    "annotations": {

        "org.opencontainers.image.created": "2022-04-14T09:14:00.000000Z"

    }

}

 

curl -k -u ... -X PUT -H ... -d @oci-image-index.json https://$HARBOR_REGISTRY/v2/$PROJECT/$REPOSITORY/manifests/$TAG

{

  "errors": [

    {

      "code": "NOT_FOUND",

      "message": "artifact .../.../...@sha256:ef52a37a715e1fc601a3488e42a08a48e9c16e9e001cd5cecf70b5bf01f04501 not found"

    }

  ]

}

 

The error is caused by the two manifests referring to the the same image manifest.

 

To me, this seems like a bug. Rationale: image index (“fat manifest”) is originally meant for multi-platform support. With this in mind, it seems valid to have the same image for two different platforms, say only differing in their name.

 

The root cause of the error seems to be this database constraint (postgresql/0030_2.0.0_schema.up.sql):

 

CREATE TABLE artifact_reference

(

  id          SERIAL PRIMARY KEY NOT NULL,

  parent_id   int NOT NULL,

  child_id    int NOT NULL,

  child_digest varchar(255) NOT NULL ,

  platform    varchar(255),

  urls        varchar(1024),

  annotations jsonb,

  FOREIGN KEY (parent_id) REFERENCES artifact(id),

  FOREIGN KEY (child_id) REFERENCES artifact(id),

  CONSTRAINT  unique_reference UNIQUE (parent_id, child_id)

);

 

A possible fix could be to add platform and annotations to the uniquness set:

 

CREATE TABLE artifact_reference

(

  ...

  CONSTRAINT  unique_reference UNIQUE (parent_id, child_id, platform, annotations)

);

 

What do you think about the issue?

 

KInd regards,

 

Gábor

 

Join harbor-users@lists.cncf.io to automatically receive all group messages.