Skip to content

OCI: Use manifest digest vs. tarball digest #8248

New issue
New issue
Closed
#8249
Closed
OCI: Use manifest digest vs. tarball digest#8248
#8249
Labels
proposal
@jdolitsky

Description

@jdolitsky
jdolitsky
opened on Jun 3, 2020

For OCI artifacts, the top-level "envelope" of the artifact is the manifest. This is equally as unique as the chart tarball layer. Currently, on "helm chart save", "helm chart list", and others, the digest displayed is that of the chart tarball layer.

Here is some example output from helm chart save:

$ helm chart save mychart/ localhost:5000/myrepo/mychart:2.7.0
ref:     localhost:5000/myrepo/mychart:2.7.0
digest:  1b251d38cfe948dfc0a5745b7af5ca574ecb61e52aed10b19039db39af6e1617
size:    2.4 KiB
name:    mychart
version: 0.1.0
2.7.0: saved

The digest displayed here is 1b251d38cfe948dfc0a5745b7af5ca574ecb61e52aed10b19039db39af6e1617. This is that of the chart tarball, represented by layers[0].digest in the manifest:

$ cat ~/Library/Caches/helm/registry/cache/blobs/sha256/31fb454efb3c69fafe53672598006790122269a1b3b458607dbe106aba7059ef | jq
{
  "schemaVersion": 2,
  "config": {
    "mediaType": "application/vnd.cncf.helm.config.v1+json",
    "digest": "sha256:8ec7c0f2f6860037c19b54c3cfbab48d9b4b21b485a93d87b64690fdb68c2111",
    "size": 117
  },
  "layers": [
    {
      "mediaType": "application/tar+gzip",
      "digest": "sha256:1b251d38cfe948dfc0a5745b7af5ca574ecb61e52aed10b19039db39af6e1617",
      "size": 2487
    }
  ]
}

Instead, the digest displayed should be 31fb454efb3c69fafe53672598006790122269a1b3b458607dbe106aba7059ef, the digest of the manifest itself.

This also affects the output of helm chart list (note the DIGEST column, displaying first 7 characters of the digest):

$ helm chart list
REF                                                     NAME                    VERSION DIGEST  SIZE            CREATED
localhost:5000/myrepo/mychart:2.7.0                     mychart                 2.7.0   84059d7 454 B           27 seconds
localhost:5000/stable/acs-engine-autoscaler:2.2.2       acs-engine-autoscaler   2.2.2   d8d6762 4.3 KiB         2 hours
localhost:5000/stable/aerospike:0.2.1                   aerospike               0.2.1   4aff638 3.7 KiB         2 hours
localhost:5000/stable/airflow:0.13.0                    airflow                 0.13.0  c46cc43 28.1 KiB        2 hours
localhost:5000/stable/anchore-engine:0.10.0             anchore-engine          0.10.0  3f3dcd7 34.3 KiB

From a registry's perspective, manifests are a "first-class citizen" which is used to further determine metadata and any included layers (such as the chart tarball layer).

The proposal here is to change this digest to use the manifest digest instead. This would normally be considered a breaking change, but the OCI feature set is still in experimental mode.

Metadata

Metadata

Assignees

No one assigned

    Labels

    proposal

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions