Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest version of docker buildx build creates manifest list with MediaType v1+json #1964

Closed
3 tasks done
regorsmitz opened this issue Jul 20, 2023 · 1 comment
Closed
3 tasks done

Latest version of docker buildx build creates manifest list with MediaType v1+json #1964

regorsmitz opened this issue Jul 20, 2023 · 1 comment
Labels
status/triage

Comments

@regorsmitz
Copy link

Contributing guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

When using the latest version of buildx (0.11.2), if I run:

docker buildx build . --platform 'linux/amd64,linux/arm64' --push -t <my ECR repo url>, it creates a manifest list with MediaType v1+json, which is incompatible with AWS Elastic Container Repo.

Older versions of buildx (0.8.2) build a manifest list with the more up-to-date v2+json format, which is compatible with ECR.

Expected behaviour

Manifest list created by old buildx version (which is ECR compatible). Note the v2+json:

docker buildx imagetools inspect <redacted image url & tag>
Name: <redacted image url & tag>
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest: sha256:eb335f34c11fd2eaa57891c971424997773a00822f6b3f07fabf104af1d7e1fe

Manifests:
Name: <redacted image url & tag>@sha256:a494c5abb9d5d0af2e702bb123bf9ef6a31efab665f0e5261466525f629aa0ba
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/amd64

Name: <redacted image url & tag>@sha256:fe42b469678edecbb3a07c4f340673d912564e1e67bdc270227322ba9818884c
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm64

docker buildx version
github.com/docker/buildx v0.8.2 6224def

Actual behaviour

Manifest list created by latest buildx version (which is NOT ECR compatible):

Name:      <redacted-ecr-location>
MediaType: application/vnd.oci.image.index.v1+json
Digest:    sha256:58d6a50099a2387d3b1d78d596525870edcc84ecc54dcc09939868cf26a113ec

Manifests:
  Name:        <redacted-ecr-location>
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    linux/amd64

  Name:        <redacted-ecr-location>@sha256:5a3eefa5f2c414d6d2107baffd59f9cd00a972cdfd6fd5a8db372c72152afd5a
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    linux/arm64

  Name:        <redacted-ecr-location>@sha256:b82e0d741840af39ec73d3699d872a83f5fbbc7b87bc569de1fe69d7d08c7482
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    unknown/unknown
  Annotations:
    vnd.docker.reference.digest: sha256:65d6725b6de86cad6dcafc120d5eae76997017c6ecdf63eb66456a8db0ed8ba3
    vnd.docker.reference.type:   attestation-manifest

  Name:        <redacted-ecr-location>@sha256:968f0a91083cae5ea4bdc10ea0a6b76ea348d67a87b7426356ff8535fe5827ac
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    unknown/unknown
  Annotations:
    vnd.docker.reference.digest: sha256:5a3eefa5f2c414d6d2107baffd59f9cd00a972cdfd6fd5a8db372c72152afd5a
    vnd.docker.reference.type:   attestation-manifest

Buildx version

github.com/docker/buildx v0.11.2 9872040

Docker info

Client:
 Version:    24.0.2
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.8.2
    Path:     /Users/arogers/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.19.1
    Path:     /Users/arogers/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/arogers/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/arogers/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/arogers/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/arogers/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/arogers/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.16.1
    Path:     /Users/arogers/.docker/cli-plugins/docker-scout

Server:
 Containers: 4
  Running: 4
  Paused: 0
  Stopped: 0
 Images: 23
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.841GiB
 Name: docker-desktop
 ID: 69722e7c-f180-442e-8a6c-f2303c34a596
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Builders list

inspiring_shtern    docker-container
  inspiring_shtern0 desktop-linux    inactive
multiarch *         docker-container
  multiarch0        desktop-linux    running  linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
vigorous_hodgkin    docker-container
  vigorous_hodgkin0 desktop-linux    running  linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
desktop-linux       docker
  desktop-linux     desktop-linux    running  linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
default             docker
  default           default          running  linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6

Configuration

FROM alpine
RUN echo "Hello"

docker buildx build . --platform='linux/amd64,linux/arm64' -f Dockerfile_test --push -t .dkr.ecr..amazonaws.com/:

docker buildx imagetools inspect <image URL + tag from above>

Build logs

No response

Additional info

It's arguable whether this is a bug, but I imagine AWS ECR support is important to many docker users. Unless there's something unique about my setup, this issue creating multi-platform builds may be affecting a wide number of people.

The actual issue I see occurs when I try to build a model in sagemaker using the image (+ manifest list) uploaded to sagemaker. The error says `Unsupported manifest media type application/vnd.oci.image.index.v1+json for image . Ensure that valid manifest media type is used for specified image.

Thanks for reading!
@crazy-max
Copy link
Member

  • ... there are no open or closed issues that are related to my problem

🙄

This has been addressed in other issues already:

As said in #1509 (comment), you can either:

  • Set oci-mediatypes=false in your --output flag (to use the docker distribution manifest list instead of an OCI index).
    This might cause some issues with the generated provenance, which means you'd probably prefer 3 instead.
  • Set --provenance=false to not generate the provenance (which is what causes the multi-platform index to be generated, even for a single platform).
    Just remove the generated provenance entirely, this means that only a single manifest is created, no index needed, which sidesteps the problem.

@crazy-max crazy-max mentioned this issue Aug 5, 2023
Closed
3 tasks
@Grmiade Grmiade mentioned this issue Jan 25, 2024
Closed
@mmguero mmguero mentioned this issue May 7, 2024
Closed
doanac added a commit to doanac/ci-scripts that referenced this issue May 29, 2024
@doanac
ANDY DEBUG
f1ef8a9 
big comment docker/buildx#1964 (comment)

Signed-off-by: Andy Doan <andy@foundries.io>
This was referenced Jun 4, 2024
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @regorsmitz