-
Notifications
You must be signed in to change notification settings - Fork 677
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Descriptors, the platform object, and the artifactType #1131
Comments
At the risk of oversimplifying (please correct me if I've misunderstood!), you're proposing we loosen/tighten the language around |
Yes, that's essentially my thought. When artifacts had a separate mediaType, they did not have a I think the state before the separate mediaType/manifest definition was dropped made more sense, and that this line only ended up applying to artifacts by happenstance. I think usage of |
Yeah, that seems sensible IMO; any idea how runtimes like Docker would react to a index member that doesn't have a platform object? (Thinking of the case where the index author was not as careful as they should have been about order and put the artifacts before the relevant images that should match first/instead.) |
It's definitely highly runtime-dependent, but I do think runtimes should be updating their checks to account for "artifacts" (artifactType/config.mediaType). However, you make a good point. Examining the artifacts decision tree, and comparing with dockerd behavior: Lines 170 to 262 in 93f6e65
In all three examples, During pull, the mediaType of the config descriptor in the manifest is checked: The default list of allowed mediaTypes is: In all cases, this should fail early and not result in attempting to use an artifact as a runnable image. We can see this testing with
With the containerd storage backend, there is an However, this is not where things fail; instead we see:
Caused by: Which ultimately does not match, as a requested platform does not match a nil platform in image, even though a nil requested platform matches the current platform in the image. I am not sure if |
Discussed yesterday in the OCI call: No one had any strong objections to the concerns I've raised here, and further inconsistencies related to the artifact mediaType and the config.mediaType fallback were noted. I'll work on a PR this next week to address these concerns + those additional ones, erring in the direction of "refer to Artifacts as a proper noun, and better explain what Artifacts and Images are in a follow-up." |
In the aftermath of #999/the removal of the artifact mediaType, I believe that the guidance for descriptors has become misleading.
Artifacts are now represented using the standard image manifest and mediaType:
image-spec/manifest.md
Lines 23 to 27 in 93f6e65
When we had a separate mediaType/artifact manifest, the following line in the descriptor specification was informative, as it implies that "images" (read: runnable content) should have a platform, but "artifacts" (arbitrary content) may or may not:
image-spec/descriptor.md
Line 61 in 93f6e65
However, now that there is one manifest mediaType, this advice appears to be rather unhelpful; all manifests are now the same type, so this implies that all manifests SHOULD have a platform in their descriptor.
In practice, this has lead to implementations including/believing they should include
{"os": "unknown", "architecture": unknown"}
when describing non-image content (artifacts), which I believe to be misguided/incorrect, as values for these fields SHOULD be understood by the Go toolchain:image-spec/image-index.md
Lines 57 to 65 in 93f6e65
I'd like to drop this line from the descriptor spec, or amend it to acknowledge
artifactType
, and theconfig.mediaType
fallback (collectively "artifacts"); but between these options I have no strong preference.The text was updated successfully, but these errors were encountered: