Issue Description:
It seems that working with an image that have a layer with media type application/vnd.oci.image.layer.v1.tar+zstd is not possible. When I try to encrypt or even use layerinfo I see that the following error is returned:
ctr: unhandled media type application/vnd.oci.image.layer.v1.tar+zstd: invalid argument
Also $ ctr-enc containers create repo:port/zstd-image:latest some-id fails with:
ctr: you are not authorized to use this image: bad/unhandled MediaType application/vnd.oci.image.layer.v1.tar+zstd in encryptChildren
The zstd compression format is supported by containerd and for example $ ctr containers create repo:port/zstd-image:latest hello-world-zstd is working as expected and the desired container is created successfully.
Steps to reproduce:
To reproduce the issue one can use skopeo to change the compression of a simple hello-world image and then push it to a private/local registry, e.g.:
- Use skopeo copy to create a zstd-compressed image and push it locally:
$ skopeo copy --dest-compress-format=zstd docker://hello-world docker://<some-plain-http-local-ip:port>/hello-world-zstd:latest --dest-tls-verify=false
- Use skopeo inspect to check the result pushed image compression:
$ skopeo inspect --raw docker://<some-plain-http-local-ip:port>/hello-world-zstd:latest --tls-verify=false | jq -r '.layers[].mediaType'
- Pull the image:
$ ctr-enc image pull --plain-http <some-plain-http-local-ip:port>/hello-world-zstd:latest
- Try any of the following commands:
$ ctr-enc image encrypt <some-plain-http-local-ip:port>/hello-world-zstd:latest --recipient=pgp:[email protected]
$ ctr-enc containers create <some-plain-http-local-ip:port>/zstd-image:latest some-id
Proposal:
In my opinion the compression part of the media type should not be taken into account as (please correct me if I am wrong) it is not relevant to the encryption process. So, the checks that are done here, here and probably in some other parts of the code that I haven't explore, could be refactored in a way that disregards the compression type, whether it is zstd or something else.
As a proof of my thoughts I have done locally the most simple test, which is just adding application/vnd.oci.image.layer.v1.tar+zstd and application/vnd.oci.image.layer.v1.tar+zstd+encrypted to the switch/case blocks in the functions linked above and as expected the encryption and creation of the container was successful. So, I think that it would be nice to have more flexibility regarding the verification of media types that are supported by the library.
Issue Description:
It seems that working with an image that have a layer with media type
application/vnd.oci.image.layer.v1.tar+zstdis not possible. When I try to encrypt or even uselayerinfoI see that the following error is returned:Also
$ ctr-enc containers create repo:port/zstd-image:latest some-idfails with:The
zstdcompression format is supported bycontainerdand for example$ ctr containers create repo:port/zstd-image:latest hello-world-zstdis working as expected and the desired container is created successfully.Steps to reproduce:
To reproduce the issue one can use skopeo to change the compression of a simple hello-world image and then push it to a private/local registry, e.g.:
Proposal:
In my opinion the compression part of the media type should not be taken into account as (please correct me if I am wrong) it is not relevant to the encryption process. So, the checks that are done here, here and probably in some other parts of the code that I haven't explore, could be refactored in a way that disregards the compression type, whether it is
zstdor something else.As a proof of my thoughts I have done locally the most simple test, which is just adding
application/vnd.oci.image.layer.v1.tar+zstdandapplication/vnd.oci.image.layer.v1.tar+zstd+encryptedto theswitch/caseblocks in the functions linked above and as expected the encryption and creation of the container was successful. So, I think that it would be nice to have more flexibility regarding the verification of media types that are supported by the library.