Bug 1964327 - Support containers with name:tag@digest
Summary: Support containers with name:tag@digest
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.7
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
: 4.10.0
Assignee: jawed
QA Contact: Jitendar Singh
URL:
Whiteboard:
Depends On:
Blocks: 2022866
TreeView+ depends on / blocked
 
Reported: 2021-05-25 08:44 UTC by Gabriel Stein
Modified: 2022-03-12 04:35 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-12 04:35:20 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift builder pull 253 0 None Merged Bug 1964327: bump github.com/containers/common to v0.40.0 2021-09-29 10:45:08 UTC
Github openshift builder pull 265 0 None Merged Bug 1964327: bump github.com/containers/buildah to v1.22.3 2021-09-29 10:45:10 UTC
Red Hat Knowledge Base (Solution) 6072771 0 None None None 2021-05-25 09:10:07 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-12 04:35:40 UTC

Comment 1 Adam Kaplan 2021-05-25 16:23:45 UTC
This is an underlying issue with podman and buildah. There is a related issue filed in containers/podman [1]. We rely on buildah's capabilities to pull images in OpenShift builds, therefore we are blocked until this issue is fixed.

[1] https://github.com/containers/podman/issues/6721

Comment 9 XiuJuan Wang 2021-07-26 12:15:01 UTC
Test version:
Client Version: 4.9.0-0.nightly-2021-07-25-125326
Server Version: 4.9.0-0.nightly-2021-07-25-125326
Kubernetes Version: v1.21.1+8268f88

Still failed when source build with a Docker image name:tag@digest

STEP 1: FROM quay.io/centos7/ruby-27-centos7:latest@sha256:a663ffd2439bc01b9843a5a01acecb8e131559c7b446e061a909e7490cd390e3
error: build error: error creating build container: Docker references with both a tag and digest are currently not supported

$ oc get bc source2 -o yaml 

  source:
    git:
      uri: https://github.com/xiuwang/ruby-hello-world
    type: Git
  strategy:
    sourceStrategy:
      from:
        kind: DockerImage
        name: quay.io/centos7/ruby-27-centos7:latest@sha256:a663ffd2439bc01b9843a5a01acecb8e131559c7b446e061a909e7490cd390e3
    type: Source

2. Passed when docker build if imagestreamtag with name:tag@digest
$oc new-app https://github.com/xiuwang/ruby-hello-world --name=docker 

result: http://pastebin.test.redhat.com/982087

3. Passed when docker build with docker image with name:tag@digest
  source:
    git:
      uri: https://github.com/xiuwang/ruby-hello-world
    type: Git
  strategy:
    dockerStrategy:
      from:
        kind: DockerImage
        name: quay.io/centos7/ruby-27-centos7:latest@sha256:a663ffd2439bc01b9843a5a01acecb8e131559c7b446e061a909e7490cd390e3
    type: Docker


4. And passed when source build with Imagestreamtag
$ oc new-app quay.io/centos7/ruby-27-centos7:latest@sha256:a663ffd2439bc01b9843a5a01acecb8e131559c7b446e061a909e7490cd390e3~https://github.com/xiuwang/ruby-hello-world
--> Found container image 0f6ff65 (3 hours old) from quay.io for "quay.io/centos7/ruby-27-centos7:latest@sha256:a663ffd2439bc01b9843a5a01acecb8e131559c7b446e061a909e7490cd390e3"

    Ruby 2.7 
    -------- 
    Ruby 2.7 available as container is a base platform for building and running various Ruby 2.7 applications and frameworks. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.

    Tags: builder, ruby, ruby27, rh-ruby27

    * An image stream tag will be created as "ruby-27-centos7:latest" that will track the source image
    * A source build using source code from https://github.com/xiuwang/ruby-hello-world will be created
      * The resulting image will be pushed to image stream tag "ruby-hello-world:latest"
      * Every time "ruby-27-centos7:latest" changes a new build will be triggered

--> Creating resources ...
    imagestream.image.openshift.io "ruby-27-centos7" created
    imagestream.image.openshift.io "ruby-hello-world" created
    buildconfig.build.openshift.io "ruby-hello-world" created
    deployment.apps "ruby-hello-world" created
    service "ruby-hello-world" created
--> Success
    Build scheduled, use 'oc logs -f buildconfig/ruby-hello-world' to track its progress.
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose service/ruby-hello-world' 
    Run 'oc status' to view your app.
$ oc get builds
NAME                 TYPE     FROM          STATUS     STARTED         DURATION
ruby-hello-world-1   Source   Git@10e2879   Complete   2 minutes ago   49s

Comment 12 Jitendar Singh 2021-09-29 10:48:45 UTC
still failing 



oc get bc ruby-hello-world -o yaml 

source:
    git:
      uri: https://github.com/xiuwang/ruby-hello-world.git
    type: Git
  strategy:
    sourceStrategy:
      from:
        kind: DockerImage
        name: quay.io/centos7/ruby-27-centos7:latest@sha256:59c8d564a81f57a770690c09d345e250655de3596bc9ec89107a425c78040130
    type: Source

 jsingh@fugaku  ~  oc get bc
NAME               TYPE     FROM   LATEST
ruby-hello-world   Source   Git    1
 jsingh@fugaku  ~  oc edit bc ruby-hello-world
buildconfig.build.openshift.io/ruby-hello-world edited
 jsingh@fugaku  ~  oc get builds
NAME                 TYPE     FROM          STATUS     STARTED         DURATION
ruby-hello-world-1   Source   Git@10e2879   Complete   8 minutes ago   51s
 jsingh@fugaku  ~  oc start-build ruby-hello-world
build.build.openshift.io/ruby-hello-world-2 started
 jsingh@fugaku  ~  oc logs -f build/ruby-hello-world-2
Cloning "https://github.com/xiuwang/ruby-hello-world.git" ...
	Commit:	10e2879d2ea4ba2b2d6815189c370e0ff77926f4 (Update Dockerfile)
	Author:	XiuJuan Wang <xiuwang>
	Date:	Mon Jul 26 17:29:07 2021 +0800
time="2021-09-29T10:43:59Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
I0929 10:43:59.433133       1 defaults.go:102] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
Caching blobs under "/var/cache/blobs".
Getting image source signatures
Copying blob sha256:5f2e13673ac221f2360f02fad7142cca6ece67a373b99499f11a875c4d1a1d30
Copying blob sha256:e17e89f32035c6f53a0045e05694f687e0e19e7252bca5faae9b77c332a17784
Copying blob sha256:b2cc5146c9c7855cb298ca8b77ecb153d37e3e5c69916ef423613a46a70c0503
Copying blob sha256:f9fd5da161f75036d03093e633d3796d7acf16254d4e306c22697e27b12d5d3d
Copying blob sha256:727c1fb2a4e9036c44e222b9a94b4375c090e4e58180e5e4005e42811493126f
Copying blob sha256:1b6c93aa6be556287047dd363def26901d36b45768a4ec9657ac6fd14fe5d416
Copying blob sha256:39480e06f19c80a48476d65f053caeece12a596b90fa8acfe738a3c12786b919
Copying blob sha256:51de8d598fb2be43df4a9394cb8969437c312b04c4c23ace156a85a2065beb40
Copying blob sha256:baba05e34c16c76cd0edf13591da549a7d26c28055e24955fda6de78c24a45e0
Copying config sha256:5b681dc87f5092be606610ec569b6d8cefc25e8e4d0708354ca5ff3c6e540e7d
Writing manifest to image destination
Storing signatures
Generating dockerfile with builder image quay.io/centos7/ruby-27-centos7:latest@sha256:59c8d564a81f57a770690c09d345e250655de3596bc9ec89107a425c78040130
Adding transient rw bind mount for /run/secrets/rhsm
STEP 1: FROM quay.io/centos7/ruby-27-centos7:latest@sha256:59c8d564a81f57a770690c09d345e250655de3596bc9ec89107a425c78040130
error: build error: error creating build container: Docker references with both a tag and digest are currently not supported

Comment 13 Jitendar Singh 2021-10-27 12:37:31 UTC
verified
================================================================ 
 GNU nano 5.8                                                                       /tmp/oc-edit-6jzmu.yaml                                                                                  
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"build.openshift.io/v1","kind":"BuildConfig","metadata":{"annotations":{},"name":"test-bc1","namespace":"default"},"spec":{"source":{"git":{"uri":"https://github.com/xiu>
  creationTimestamp: "2021-10-27T09:50:50Z"
  generation: 6
  name: test-bc1
  namespace: default
  resourceVersion: "80021"
  uid: dc05b772-3ead-48a6-9bc5-50c0cb333710
spec:
  failedBuildsHistoryLimit: 5
  nodeSelector: null
  output: {}
  postCommit: {}
  resources: {}
  runPolicy: Serial
  source:
    git:
      uri: https://github.com/xiuwang/ruby-hello-world
    type: Git
  strategy:
    sourceStrategy:
      from:
	kind: DockerImage
        name: quay.io/centos7/ruby-27-centos7:latest@sha256:5518d3194114d516d5f657fe9237efee9b388b18664901b0adf4242887ae46f3
    type: Source
  successfulBuildsHistoryLimit: 5
status:
==========================================
- create the bc
jsingh@fugaku  /usr/local/go/src/github.com  oc start-build test-bc1
build.build.openshift.io/test-bc1-3 started
 jsingh@fugaku  /usr/local/go/src/github.com  oc logs -f build/test-bc1-3 
Cloning "https://github.com/xiuwang/ruby-hello-world" ...
	Commit:	10e2879d2ea4ba2b2d6815189c370e0ff77926f4 (Update Dockerfile)
	Author:	XiuJuan Wang <xiuwang>
	Date:	Mon Jul 26 17:29:07 2021 +0800
time="2021-10-27T10:56:28Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
I1027 10:56:28.077909       1 defaults.go:102] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
Caching blobs under "/var/cache/blobs".
Trying to pull quay.io/centos7/ruby-27-centos7:latest...
Getting image source signatures
Copying blob sha256:5a338e1b442e04f3b47efbb99aba8a766ded37ad05d6ef2579260ecaf0997730
Copying blob sha256:1d8bd4dd69ae43bdac80f8a6137d0feb4571d27fe41c8470e19f5c05e7b6ec65
Copying blob sha256:b2cc5146c9c7855cb298ca8b77ecb153d37e3e5c69916ef423613a46a70c0503
Copying blob sha256:27e5c80f07ae162a89107e2d192763ce334ed0822fad88e90b2a7c0e23326509
Copying blob sha256:fae78ef460986dd44c9a792dde843e33da00180e809058f4e37a16041c4e3ac7
Copying blob sha256:12cca5469c5eeaa7fae50a5390b6988f0aacc2df18671636336391bd4970cedc
Copying blob sha256:05af09053d5cf7f9a056de0ef1dec5edab47d31dd597f488dbc66758b5ffcec3
Copying blob sha256:a9924f2e718ab5c21a205f3ddbed9664f0875ae617f8d274bf6f28d2d50f7244
Copying blob sha256:c41857c8d0e4993b06c8bec240a8ba1afb1d0a3cec49583b192623d21ccd996d
Copying config sha256:419e8807e0e4d38df7f8ca32fa0999a343432a84830a3063c0ade69055901ee4
Writing manifest to image destination
Storing signatures
Generating dockerfile with builder image quay.io/centos7/ruby-27-centos7:latest@sha256:5518d3194114d516d5f657fe9237efee9b388b18664901b0adf4242887ae46f3
Adding transient rw bind mount for /run/secrets/rhsm
STEP 1/9: FROM quay.io/centos7/ruby-27-centos7:latest@sha256:5518d3194114d516d5f657fe9237efee9b388b18664901b0adf4242887ae46f3
STEP 2/9: LABEL "io.openshift.build.commit.ref"="master"       "io.openshift.build.commit.message"="Update Dockerfile"       "io.openshift.build.source-location"="https://github.com/xiuwang/ruby-hello-world"       "io.openshift.build.image"="quay.io/centos7/ruby-27-centos7:latest@sha256:5518d3194114d516d5f657fe9237efee9b388b18664901b0adf4242887ae46f3"       "io.openshift.build.commit.author"="XiuJuan Wang <xiuwang>"       "io.openshift.build.commit.date"="Mon Jul 26 17:29:07 2021 +0800"       "io.openshift.build.commit.id"="10e2879d2ea4ba2b2d6815189c370e0ff77926f4"
STEP 3/9: ENV RACK_ENV="production"     OPENSHIFT_BUILD_NAME="test-bc1-3"     OPENSHIFT_BUILD_NAMESPACE="default"     OPENSHIFT_BUILD_SOURCE="https://github.com/xiuwang/ruby-hello-world"     OPENSHIFT_BUILD_COMMIT="10e2879d2ea4ba2b2d6815189c370e0ff77926f4"
STEP 4/9: USER root
STEP 5/9: COPY upload/src /tmp/src
STEP 6/9: RUN chown -R 1001:0 /tmp/src
STEP 7/9: USER 1001
STEP 8/9: RUN /usr/libexec/s2i/assemble
---> Installing application source ...
---> Building your Ruby application from source ...
---> Running 'bundle install --retry 2 --deployment --without development:test' ...
[DEPRECATED] The `--deployment` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set deployment 'true'`, and stop using this flag
[DEPRECATED] The `--path` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set path './bundle'`, and stop using this flag
[DEPRECATED] The `--without` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set without 'development:test'`, and stop using this flag
Fetching gem metadata from https://rubygems.org/........
Fetching rake 13.0.3
Installing rake 13.0.3
Fetching concurrent-ruby 1.1.8
Installing concurrent-ruby 1.1.8
Fetching i18n 1.8.9
Installing i18n 1.8.9
Fetching minitest 5.14.4
Installing minitest 5.14.4
Fetching tzinfo 2.0.4
Installing tzinfo 2.0.4
Fetching zeitwerk 2.4.2
Installing zeitwerk 2.4.2
Fetching activesupport 6.1.3.2
Installing activesupport 6.1.3.2
Fetching activemodel 6.1.3.2
Installing activemodel 6.1.3.2
Fetching activerecord 6.1.3.2
Installing activerecord 6.1.3.2
Using bundler 2.1.4
Fetching ruby2_keywords 0.0.4
Installing ruby2_keywords 0.0.4
Fetching mustermann 1.1.1
Installing mustermann 1.1.1
Fetching mysql2 0.5.3
Installing mysql2 0.5.3 with native extensions
Fetching rack 2.2.3
Installing rack 2.2.3
Fetching rack-protection 2.1.0
Installing rack-protection 2.1.0
Fetching tilt 2.0.10
Installing tilt 2.0.10
Fetching sinatra 2.1.0
Installing sinatra 2.1.0
Fetching sinatra-activerecord 2.0.22
Installing sinatra-activerecord 2.0.22
Fetching webrick 1.7.0
Installing webrick 1.7.0
Bundle complete! 7 Gemfile dependencies, 19 gems now installed.
Gems in the groups development and test were not installed.
Bundled gems are installed into `./bundle`
---> Cleaning up unused ruby gems ...
Running `bundle clean --verbose` with bundler 2.1.4
Frozen, using resolution from the lockfile
STEP 9/9: CMD /usr/libexec/s2i/run
COMMIT temp.builder.openshift.io/default/test-bc1-3:3d017566
Getting image source signatures
Copying blob sha256:53498d66ad83a29fcd7c7bcf4abbcc0def4fc912772aa8a4483b51e232309aee
Copying blob sha256:acf85c48d8b15752fb3be66652bcc80043866d7120e3ccb69a40b5a9f5c3eb18
Copying blob sha256:cc95744bb011373e644f84037707e14613acef08ccb0d5bc705150270ac0d047
Copying blob sha256:3208f2162462f8be5773ca8c29d9f30d2cc9c10c9c7e4e5157cccc0967539d83
Copying blob sha256:9f6fbe227509f09aadd8056dc8e1a24ca2f5116708785c17a7a91601bb6ae066
Copying blob sha256:5c217d4279fde4fa56a147c1e72ca0820e7a073165b53e2383720f44d6f17d8e
Copying blob sha256:6330ec0d3a05221e767207669126fb19149d86b2418f158dca236b8448332a7d
Copying blob sha256:fceff863ec142152f8c1d17fdd01d257f0dbf09963122f0596af78811a36b4be
Copying blob sha256:cba87e6a4ef80ef8defb87a31d52e467fff2ee30802096d02bfeb0ae5b939e8a
Copying blob sha256:6ddb70950d00a58ed91fb35f2619e22491f22468c654e56b721b53b6a3f6c493
Copying config sha256:98aeba8f08683ff28334cfa6e383a2501b1a2a5d9fd92b99f3eb73868edca1b9
Writing manifest to image destination
Storing signatures
--> 98aeba8f086
Successfully tagged temp.builder.openshift.io/default/test-bc1-3:3d017566
98aeba8f08683ff28334cfa6e383a2501b1a2a5d9fd92b99f3eb73868edca1b9
Build complete, no image push requested

Comment 19 errata-xmlrpc 2022-03-12 04:35:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.