Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for docker images #2714

Merged
merged 6 commits into from
Oct 31, 2024
Merged

Conversation

rchincha
Copy link
Contributor

@rchincha rchincha commented Oct 9, 2024

Issue #724

What type of PR is this?

Which issue does this PR fix:

What does this PR do / Why do we need it:

If an issue # is not available please add repro steps and logs showing the issue:

Testing done on this change:

Automation added to e2e:

Will this break upgrades or downgrades?

Does this PR introduce any user-facing change?:


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Copy link

codecov bot commented Oct 9, 2024

Codecov Report

Attention: Patch coverage is 57.54717% with 45 lines in your changes missing coverage. Please review.

Project coverage is 91.93%. Comparing base (403fd4e) to head (c9def92).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
pkg/compat/compat.go 30.30% 21 Missing and 2 partials ⚠️
pkg/storage/common/common.go 21.73% 17 Missing and 1 partial ⚠️
pkg/extensions/search/cve/cve.go 90.90% 2 Missing ⚠️
pkg/extensions/search/cve/trivy/scanner.go 88.88% 1 Missing ⚠️
pkg/meta/parse.go 66.66% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2714      +/-   ##
==========================================
- Coverage   92.07%   91.93%   -0.14%     
==========================================
  Files         169      170       +1     
  Lines       30054    30121      +67     
==========================================
+ Hits        27672    27692      +20     
- Misses       1762     1806      +44     
- Partials      620      623       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ChristianCiach
Copy link

Thank you for considering to support docker images! This looks very promising!

As described in #724 (comment), we are using imgpkg to store arbitrary files in a registry. I've built this PR locally and this seems to work now:

$ echo "hello" > test.txt

$ imgpkg push -i localhost:8080/myimgpkg:v1.0.0 -f test.txt --registry-insecure
file: test.txt
Pushed 'localhost:8080/myimgpkg@sha256:1ade68269f776e0dc0de49f527509cc3665ce2c9f2c4f6fb64a19117154b6bc3'
Succeeded

$ imgpkg pull -i localhost:8080/myimgpkg:v1.0.0 -o downloads
Pulling image 'localhost:8080/myimgpkg@sha256:1ade68269f776e0dc0de49f527509cc3665ce2c9f2c4f6fb64a19117154b6bc3'
Extracting layer 'sha256:04265ef25b5baf9caab409c3ae3deb9cd57338794bfcb0431d6e6f01c6458dbf' (1/1)

Succeeded

$ cat downloads/test.txt 
hello

It's a bit surprising that the pushed artifact isn't listed in the Zot-UI. Even after pushing the artifact, the UI still shows No images. Other than this, this seems to work fine!

@ChristianCiach
Copy link

ChristianCiach commented Oct 16, 2024

Attaching and downloading/verifying cosign-attestations (see #724 (comment)) works fine:

$ skopeo copy docker://docker.io/library/redis:7.4.1 docker://localhost:8080/myredis/redis:7.4.1 --dest-tls-verify=false
Getting image source signatures
Copying blob 99f3f5284f55 done   | 
Copying blob 302e3ee49805 done   | 
Copying blob e4edbcee329b done   | 
Copying blob 4b3c79aadafc done   | 
Copying blob 378d889b37dd done   | 
Copying blob c78d46bd3323 done   | 
Copying blob 4f4fb700ef54 done   | 
Copying blob 1f4a511d4985 done   | 
Copying config 3690036745 done   | 
Writing manifest to image destination

$ cosign generate-key-pair
Enter password for private key: 
Enter password for private key again: 
Private key written to cosign.key
Public key written to cosign.pub

$ trivy image --format cyclonedx --output sbom.json localhost:8080/myredis/redis:7.4.1
2024-10-16T12:41:16+02:00	INFO	"--format cyclonedx" disables security scanning. Specify "--scanners vuln" explicitly if you want to include vulnerabilities in the CycloneDX report.
2024-10-16T12:41:17+02:00	INFO	Detected OS	family="debian" version="12.7"
2024-10-16T12:41:17+02:00	INFO	Number of language-specific files	num=1


$ cosign attest --tlog-upload=false --replace --predicate sbom.json --type cyclonedx --key cosign.key  localhost:8080/myredis/redis:7.4.1 --insecure-skip-verify
WARNING: Image reference localhost:8080/myredis/redis:7.4.1 uses a tag, not a digest, to identify the image to sign.
    This can lead you to sign a different image than the intended one. Please use a
    digest (example.com/ubuntu@sha256:abc123...) rather than tag
    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
    images by tag will be removed in a future release.

Enter password for private key: 
Using payload from: sbom.json

$ cosign verify-attestation localhost:8080/myredis/redis:7.4.1 --key cosign.pub --type cyclonedx --private-infrastructure

Verification for localhost:8080/myredis/redis:7.4.1 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

Or by digest:

$ skopeo copy docker://docker.io/library/redis:7.4.1 docker://localhost:8080/myredis/redis:7.4.1 --dest-tls-verify=false --digestfile digest.txt

$ cosign attest --tlog-upload=false --replace --predicate sbom.json --type cyclonedx --key cosign.key  localhost:8080/myredis/redis@$(cat digest.txt) --insecure-skip-verify

$ cosign verify-attestation localhost:8080/myredis/redis@$(cat digest.txt) --key cosign.pub --type cyclonedx --private-infrastructure

Again, the attestation artifacts are not shown in the UI, unfortunately. But everything else seems to work!

@sudo-bmitch
Copy link

sudo-bmitch commented Oct 16, 2024

Docker manifest lists (media type application/vnd.docker.distribution.manifest.list.v2+json) need to be supported too:

$ regctl image copy alpine localhost:5003/library/alpine
WARN[0006] Failed to push manifest                       err="failed to put manifest localhost:5003/library/alpine:latest: request failed: unexpected http status code: Unsupported Media Type [http 415]: {\"errors\":[{\"code\":\"MANIFEST_INVALID\",\"message\":\"manifest invalid\",\"detail\":{\"description\":\"During upload, manifests undergo several checks ensuring validity. If those checks fail, this error MAY be returned, unless a more specific error is included. The detail will contain information the failed validation.\",\"mediaType\":\"application/vnd.docker.distribution.manifest.list.v2+json\"}}]}" target="localhost:5003/library/alpine"
Manifests: 8/9 | Blobs: 28.060MB copied, 0.000B skipped | Elapsed: 6s
failed to put manifest localhost:5003/library/alpine:latest: request failed: unexpected http status code: Unsupported Media Type [http 415]: {"errors":[{"code":"MANIFEST_INVALID","message":"manifest invalid","detail":{"description":"During upload, manifests undergo several checks ensuring validity. If those checks fail, this error MAY be returned, unless a more specific error is included. The detail will contain information the failed validation.","mediaType":"application/vnd.docker.distribution.manifest.list.v2+json"}}]}

@rchincha
Copy link
Contributor Author

rchincha commented Oct 16, 2024

@ChristianCiach

It's a bit surprising that the pushed artifact isn't listed in the Zot-UI. Even after pushing the artifact, the UI still shows No images. Other than this, this seems to work fine!

^ feature-ask-creep as cautioned ...

"Properly" supporting this means UI changes, sync/mirror changes, cve scan changes, scrub changes, etc ...

So now our turn, when can we expect these additional PRs from the community :)

@rchamarthy rchamarthy self-requested a review October 16, 2024 21:14
@rchincha rchincha force-pushed the docker branch 2 times, most recently from 505af16 to e6f5117 Compare October 16, 2024 21:22
@rchincha
Copy link
Contributor Author

Docker manifest lists (media type application/vnd.docker.distribution.manifest.list.v2+json) need to be supported too:

PR updated

@rchincha
Copy link
Contributor Author

rchincha commented Oct 17, 2024

Just to be clear on expectations ...

The plan is to initially include a config variable to support docker images for storage alone.
At least so you have a path to move to the OCI world when ready.
Note that UI and other features may not be compatible with this, yet.

@dkowis
Copy link

dkowis commented Oct 20, 2024

https://github.com/dkowis/zot-builder

I built the containers here using the same action as the regular zot repo. I haven't had a chance to try it yet, but I will soon. They're built to include this pull request.

I am not quite skilled enough to tell it how to run every update to the pr

@dkowis
Copy link

dkowis commented Oct 21, 2024

❯ docker push 10.10.220.122:5000/kowis/wordpress-container:latest                                                                                                                                                       (base)
The push refers to repository [10.10.220.122:5000/kowis/wordpress-container]
ae4bcbffe5fd: Pushed
accafdfb8b6b: Pushed
c0aef9492dc9: Pushed
016e0aa6ea40: Pushed
288e20f97e73: Pushed
942024bbfeb5: Pushed
715549c2b876: Pushed
d6ba68a054ab: Pushed
1526b25b30db: Pushed
9e365279cf2d: Pushed
94240d5234b3: Pushed
cd489fe24bc2: Pushed
f45bcfd0fccd: Pushed
2d73535e9e48: Pushed
d8ad9f2f23c6: Pushed
96b32d718052: Pushed
0d6988e565c0: Pushed
cc85edc5b0c7: Pushed
c9df3535113d: Pushed
34f5154c7045: Pushed
dfd6300bd525: Pushed
60f0b6ccdbac: Pushed
599a2026a8f6: Pushed
8d853c8add5d: Pushed
latest: digest: sha256:c3f34f85b30621151645348b34a52204303a7daf5cd2b2906ab810018d6c867e size: 5340

I have pushed a docker buildx built container into zot.

I can confirm that it doesn't show up in the UI anywhere, but a pull works just fine.

@rchincha
Copy link
Contributor Author

rchincha commented Oct 21, 2024

{
    "distSpecVersion": "1.1.0",
    "storage": {
        "rootDirectory": "/data/hdd/rchincha/tmp/zot"
    },
    "http": {
        "address": "0.0.0.0",
        "port": "8080",
        "compat": ["docker2s2"]
    },
    "log": {
        "level": "debug"
    }
}

^ a new "compat" config field is now added
"docker2s2" = Docker Manifest v2 Schema v2

@rchincha rchincha force-pushed the docker branch 5 times, most recently from 9a64b2d to b270eff Compare October 22, 2024 21:48
@rchincha rchincha marked this pull request as ready for review October 22, 2024 22:33
@rchincha
Copy link
Contributor Author

@andaaron let's merge this so community can at least start using zot as a docker registry.
UI changes can come in another PR. Thoughts?

Copy link
Contributor

@andaaron andaaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The storage package update is not complete. There is logic there going recursively from index to index to manifests to blobs.

Theoretically we could unmarshal the docker media types into oci structs for the purpose of handling GC and dedupe.

pkg/storage/common/common.go Show resolved Hide resolved
pkg/storage/common/common.go Show resolved Hide resolved
pkg/compat/compat.go Outdated Show resolved Hide resolved
pkg/compat/compat.go Outdated Show resolved Hide resolved
pkg/storage/imagestore/imagestore.go Outdated Show resolved Hide resolved
test/blackbox/docker_compat.bats Outdated Show resolved Hide resolved
@andaaron
Copy link
Contributor

andaaron commented Oct 23, 2024

@andaaron let's merge this so community can at least start using zot as a docker registry. UI changes can come in another PR. Thoughts?

I think we can handle the search / CVE / UI changes in a separate PR, but the storage (GC/dedupe/scrub) changes should be included in this PR.

@rchincha rchincha force-pushed the docker branch 4 times, most recently from 597f77a to 6d25346 Compare October 29, 2024 22:14
@rchincha
Copy link
Contributor Author

@rchincha Overall the code changes look good. Can you double check we don't want to address my older comments in pkg/storage/common/common.go about checking the presence of the layers in storage for docker images?

WRT CVE scans. Do we have other scannable layers mediatypes we should include besides ispec.MediaTypeImageLayerGzip, ispec.MediaTypeImageLayer, string(regTypes.DockerLayer)?

Added more checks for this path, pls take a look.

@rchincha rchincha linked an issue Oct 29, 2024 that may be closed by this pull request
@rchincha rchincha modified the milestones: v2.2.0, v2.1.2 Oct 29, 2024
@dkowis
Copy link

dkowis commented Oct 30, 2024

@dkowis it takes a little while to trigger the scan and the scan to complete (depending on image size etc.) Once it is done, if you return to the main page, it should be correctly reflected.

image

This is the same instance, a day later. Surely it would've updated by now?

andaaron
andaaron previously approved these changes Oct 30, 2024
@andaaron
Copy link
Contributor

This is the same instance, a day later. Surely it would've updated by now?

Yes, it should have. Is there anything special about that image? Is a manifest list with multiple manifests? What are the layer media types? Do you have multiple images in the same repository with different tags (that failed to scan message could be taken from the most recently built image pushed to the repository when you view the repository in the repository list)

@dkowis
Copy link

dkowis commented Oct 30, 2024

This is the same instance, a day later. Surely it would've updated by now?

Yes, it should have. Is there anything special about that image? Is a manifest list with multiple manifests? What are the layer media types? Do you have multiple images in the same repository with different tags (that failed to scan message could be taken from the most recently built image pushed to the repository when you view the repository in the repository list)

It is a pretty boring docker image. There should only be one tag.

I'm not sure how to get the layer media types, but it's all built using docker. It should only be built for amd64.

This is docker image inspect, I'll check the zot registry itself after work.

[
    {
        "Id": "sha256:6ed51f380217d60565d137d42a137dea304e2c72b86ecda7f24d8d1232a62113",
        "RepoTags": [
            "10.10.220.122:5000/kowis/wordpress-container:latest",
            "registry.light.kow.is/kowis/wordpress-container:latest"
        ],
        "RepoDigests": [
            "10.10.220.122:5000/kowis/wordpress-container@sha256:4dc09c0f6ba4e6867095a5038fc57a0e782ea6185e0328761e3b0ae7469bd131",
            "registry.light.kow.is/kowis/wordpress-container@sha256:d6868e8552eccdaa285e806f902ebfc83c6185d3a533b9b5a72202e6390abf0f"
        ],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2024-10-28T22:01:40.980701928Z",
        "DockerVersion": "",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "9000/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c",
                "PHP_INI_DIR=/usr/local/etc/php",
                "PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
                "PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
                "PHP_LDFLAGS=-Wl,-O1 -pie",
                "GPG_KEYS=39B641343D8C104B2B146DC3F9C39DC0B9698544 E60913E4DF209907D8E30D96659A97C9CF2A795A 1198C0117593497A5EC5C199286AF1F9897469DC",
                "PHP_VERSION=8.2.25",
                "PHP_URL=https://www.php.net/distributions/php-8.2.25.tar.xz",
                "PHP_ASC_URL=https://www.php.net/distributions/php-8.2.25.tar.xz.asc",
                "PHP_SHA256=330b54876ea1d05ade12ee9726167332058bccd58dffa1d4e12117f6b4f616b9"
            ],
            "Cmd": [
                "php-fpm"
            ],
            "ArgsEscaped": true,
            "Image": "",
            "Volumes": {
                "/var/www/html": {}
            },
            "WorkingDir": "/var/www/html",
            "Entrypoint": [
                "docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": null,
            "StopSignal": "SIGQUIT"
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 751419331,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/2bf53e0d334e899adecd510f611ce22772c792b2e8ee50ea49bad16ea18b7c6b/diff:/var/lib/docker/overlay2/07ba5aea4331b6a368d17cb66f4c805913395e896c02a205e6482505bd7aeda8/diff:/var/lib/docker/overlay2/4d6049f90e5d02db7e7fe251c3fc5f0355005b093fe47e2e0f73505fab654064/diff:/var/lib/docker/overlay2/c3fbe39271bddb5512a5c066ed527ca14545ec0399d93214e6a8465c8fe4dde2/diff:/var/lib/docker/overlay2/a0a0742e2d795899ad3ec54317c3c81d16cca23a6251cc4d7113b4eb308d893e/diff:/var/lib/docker/overlay2/e40191009b095b95511017cfffc9a17c02e95d81b895adb525bc4dca2ddd096f/diff:/var/lib/docker/overlay2/008c0c1d6e79b6ed4186b630a09430ab9e343c72c7f9e389b5401eb79b981dd8/diff:/var/lib/docker/overlay2/970fc9dfdf8883839fdafda8e764d3b63f5a4ce97bfb0d18f45b6c6c93fdc12d/diff:/var/lib/docker/overlay2/548f1d4deeb33aebe3b0638d114f694fb9b254ad219060bd956e33f3cf1a5989/diff:/var/lib/docker/overlay2/df0eec74334d38824131fa820b98c1139cd93f3b580919e01ae3e6e69f093a57/diff:/var/lib/docker/overlay2/1284e87a6c1f4d7ba90f153c79061f66ea6d732de72a94f7d70f5b73fd5432c9/diff:/var/lib/docker/overlay2/1914bce0fb854f8773990d0b2f11f80569db90f7f7204dff7669b60d5dcede03/diff:/var/lib/docker/overlay2/d20c136569486871838c9a005aad849cd8c0770fedb16a13a55520a76133d631/diff:/var/lib/docker/overlay2/c1e95b5271d6e3eca606e67f7822095b3007578ce0d00c6839acb19c0dee9f59/diff:/var/lib/docker/overlay2/f4574daf81d9227f38df289c16e2af0cf7a8e18dba9da365fc454af7de63ec7a/diff:/var/lib/docker/overlay2/345c83f74014a75f3836c3be8a82a543280f6d57e707b7818000d7ac5187b484/diff:/var/lib/docker/overlay2/0038020b9bf0bd7bfa626f422f85bda697c89852cc39cdc20a5518eb461f3331/diff:/var/lib/docker/overlay2/e4e256eee01aa16c3a05f315a3901b11d3b6fc58425bee610d8d7fe0c906c716/diff:/var/lib/docker/overlay2/52f3be7bd1f72b91003388a762071f4d7efc310a0798bb31fd6bbf705b5c4c4f/diff:/var/lib/docker/overlay2/448e5682193da4f7df19cfc6f3813acfb8a10465d20db0467564b31640b9dfb8/diff:/var/lib/docker/overlay2/4fc9a476cad268db3fc17a7a14ad0c21ade1ddd55acb964a760e1550cd163cb0/diff:/var/lib/docker/overlay2/62bf33e5ba7d77ff1ad3f3c799137216f1b58e989049cde9a4954c6353bd39bf/diff:/var/lib/docker/overlay2/f97df160442c0b61b2c2c4150f003337da2849941b777d9f9432e3c0991d370f/diff",
                "MergedDir": "/var/lib/docker/overlay2/7764a041f1bae8a832b4e19f335d954810974e252ba78e14d0ec109c0aed9ac8/merged",
                "UpperDir": "/var/lib/docker/overlay2/7764a041f1bae8a832b4e19f335d954810974e252ba78e14d0ec109c0aed9ac8/diff",
                "WorkDir": "/var/lib/docker/overlay2/7764a041f1bae8a832b4e19f335d954810974e252ba78e14d0ec109c0aed9ac8/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:98b5f35ea9d3eca6ed1881b5fe5d1e02024e1450822879e4c13bb48c9386d0ad",
                "sha256:fa6de34729f66d806379b8a690c79fbebb17a835506061e494961a0e9788c629",
                "sha256:54634b9aecb187758924a6ce318c518952facd6e85cac1575c0cddbf9d6e1d6d",
                "sha256:bc6a13afa75ebbcde325b1012c762169c0a15cfd0123f10c4f595cb169dac843",
                "sha256:736a8bf421556a9777983f95ddf175df497f7b0fa838b8a38b5b27bb0a13c547",
                "sha256:6ccdffbe5616aa32612ef0e86b5528dd90b5f17d2ee9ea74f7d24fe039a9047a",
                "sha256:23effa180c45515e0568d673780f1bb22bc11270a918b37c0b09e70fed7aa09a",
                "sha256:1be2c1e263c2c9d0e5fb49afffd279bcd97b12553a420f7a9107ce291bd91c46",
                "sha256:8f1b3ee5674d386ca2e79df0099aea04dbc343b08b12c3eae38230a8436a838b",
                "sha256:fc28cdce7c695bb2b89af13c49e14fd656cc0f7e12fa051cd932e5e9056e27a3",
                "sha256:9151a9d8713b5e0133ec654e31548d95796739704a21b4399fe9d99389662f99",
                "sha256:c5419b04c42067c84f8f0608a99412beb1a27f1920a9cb5e5e8f88d4df0cc1c0",
                "sha256:e8c80c0f12387761963f100cbfcc7502fcc991ffc9b9b6dfcc73560f68c63eaa",
                "sha256:383e07ac2e23c450fe58382b127a574bc285bfe963f6fea214ad843536aebc9a",
                "sha256:fc739d79bbdae5a8c766f70a6a04160eaa33cb72ffd16e00a7804768088ad0c9",
                "sha256:a1d1f8c6e2377a5c6ebc989abded02eadceb34b04cbf8296197c03dd1fe27f05",
                "sha256:cccf7bd4e1947acc149aa75a0bfadaa6f8451fd5a13e0f1055b3c178725eb193",
                "sha256:c8772b8a11041cf223168a39bcd6167ee2f73ce5aec81dc4042f557945a53eb2",
                "sha256:7b2f065ee812aa1dfeabe6a95e7df326fb1c1d39ec2fad3d12537dcd2c0c54eb",
                "sha256:341f9281cc800cb3810f26a836565059d0d0c215ca0f1353426802a14db90723",
                "sha256:6df39e0b70f65e6e155491e42447be462629a85a96bf8e59a5a0b5663c398ff8",
                "sha256:47edd317542176fa94989a21f59136f929fc20950db63af6c5f4e23b7dc621d1",
                "sha256:587059a3421b32cbdee444da2c82522191f178749b16f32c1c41348b867599a0",
                "sha256:970549bf71122c7fa0531bb52df1a876bf337bda5debc11cb92428813052dd40"
            ]
        },
        "Metadata": {
            "LastTagTime": "2024-10-28T17:19:58.327501148-05:00"
        }
    }
]

@dkowis
Copy link

dkowis commented Oct 30, 2024

Also:
image

I don't know how long it took for it to change that status, as I've been keeping my test build up to date for this thing. I'm going to assume that it's working fine, and maybe I got something in an intermediate state.

I don't think we should worry about the scanning results in this Pull Request, if it shows up again, I'll file a new issue! Thanks!

Issue project-zot#724

A new config section under "HTTP" called "Compat" is added which
currently takes a list of possible compatible legacy media-types.

https://github.com/opencontainers/image-spec/blob/main/media-types.md#compatibility-matrix

Only "docker2s2" (Docker Manifest V2 Schema V2) is currently supported.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Garbage collection also needs to be made aware of non-OCI compatible
layer types.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
@rchincha
Copy link
Contributor Author

@dkowis can you rebase with the latest PR and try again. CVE scans may be fixed now, but would appreciate an independent confirmation.

We would like to include this PR in the next -rc release so folks can try it.

@dkowis
Copy link

dkowis commented Oct 30, 2024

@dkowis can you rebase with the latest PR and try again. CVE scans may be fixed now, but would appreciate an independent confirmation.

We would like to include this PR in the next -rc release so folks can try it.

CVE scans do work. It shows "scan failed" shortly after uploading, but within like 30 seconds, it's changed to the vulnerability status, and I can see a list of vulnerabilities.

I used v0.0.6 of my container here which is built using this branch.

@andaaron andaaron merged commit cb2af94 into project-zot:main Oct 31, 2024
38 of 40 checks passed
@rchincha
Copy link
Contributor Author

rchincha commented Nov 1, 2024

v2.1.2-rc3 is now released which should include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

FR: loose mode allowing Docker mediaTypes
5 participants