containerd-integration: confusuing behavior when pulling a new platform for an existing image #44581
Description
Description
This is related to / a combination of
- containerd-integration: cannot interact with images that don't have the default platform #44578
- containerd-integration: images pulled by digest don't show in image list #44579
When pulling an image and specifying a --platform for an existing (but outdated) image, the existing image may be "deleted" (no longer accessible).
Reproduce
Mimic an outdated busybox:latest by pulling an older version and tagging it as :latest:
docker image pull busybox:1.30.0
docker image tag busybox:1.30.0 busybox:latest
docker image rm busybox:1.30.0
Untagged: docker.io/library/busybox:1.30.0docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 7964ad52e396 9 seconds ago 801kBNow pull a different architecture for the image (e.g. linux/s390x);
docker image pull --platform=linux/s390x busybox:latest
59f225fdf34f: Download complete
8e8f614949c5: Download complete
8460717a482e: Download complete
53b6cfce1626: Download complete
docker.io/library/busybox:latestNotice that the image was updated to have a new digest:
docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59f225fdf34f 22 seconds ago 2.01MBHowever, when trying to delete the image, it's not found:
docker image rm busybox:latest
Error: No such image: busybox:latestThis looks to be related to / a combination of
- containerd-integration: cannot interact with images that don't have the default platform #44578
- containerd-integration: images pulled by digest don't show in image list #44579
When pulling the linux/s390x image;
- docker resolves
busybox:latest, and finds a newer digest than the one that's present in the current store (59f225fdf34f) - it pulls
59f225fdf34f, which is the digest for thebusybox:latestmanifest index - it pulls
8e8f614949c5, which is the image manifest for thelinux/s390xvariant - it pulls
8460717a482e, which is the image config for thelinux/s390ximage - it pulls
53b6cfce1626, which is the image layer for thelinux/s390ximage - it tags
59f225fdf34fasbusybox:latest - but the existing
linux/arm64/v8image is not part of the new manifest, and no longer referenced.
(4. - 6. were found from inspecting the `linux/s390x` image manifest);
docker buildx imagetools inspect busybox:latest
Name: docker.io/library/busybox:latest
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest: sha256:59f225fdf34f28a07d22343ee415ee417f6b8365cf4a0d3a2933cbd8fd7cf8c1
Manifests:
Name: docker.io/library/busybox:latest@sha256:f75f3d1a317fc82c793d567de94fc8df2bece37acd5f2bd364a0d91a0d1f3dab
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/amd64
Name: docker.io/library/busybox:latest@sha256:7cab71b567a8b3b1120956db751f4668e467b6c5f2234e82ba2c640897b17bea
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm/v5
Name: docker.io/library/busybox:latest@sha256:93e03a26b294ec7e703c6c9a26f8d98388e2890c0938c1a96e6c3b10b80140a8
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm/v6
Name: docker.io/library/busybox:latest@sha256:b434384d96768381a8f30e9462ca184dd05aa912ece005699791396eabf0024f
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm/v7
Name: docker.io/library/busybox:latest@sha256:e68659cdc5b29ecef6ad0959faf535884406bcb7f2207bd5c58f1805ab577901
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm64/v8
Name: docker.io/library/busybox:latest@sha256:df0011af19386ab5a056d101f20f79b5f5d99145addbd43a25609c6f8a374446
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/386
Name: docker.io/library/busybox:latest@sha256:81d552d97ce347234c60a7291df75808937c1bbd89854066647640f63ba2047f
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/mips64le
Name: docker.io/library/busybox:latest@sha256:e30fedb8f9c921cd0f54f41aabad995e6dac52ef44ea2847ac9010d5e5c05023
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/ppc64le
Name: docker.io/library/busybox:latest@sha256:43338739cc649bb9accdc6d7da67c49b0bf018f553aecddeccfd708eb8daa8f7
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/riscv64
Name: docker.io/library/busybox:latest@sha256:8e8f614949c58a3df8dc4bae176cfc27accec3ed4f539d3305801ff0768a61ac
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/s390xExpected behavior
Either:
- the new platform to be pulled at the digest that's found in the currently present manifest
- or both the new and old manifest-index to be stored (showing two
busybox:latestimages but with a different digest) - or both the
linux/arm64/v8andlinux/s390xvariants to be pulled.
(I'm writing up a UX discussion / proposal on which we can further discuss)
docker version
Client:
Cloud integration: v1.0.29
Version: 20.10.21
API version: 1.41
Go version: go1.18.7
Git commit: baeda1f
Built: Tue Oct 25 18:01:18 2022
OS/Arch: darwin/arm64
Context: default
Experimental: true
Server: Docker Desktop 4.15.0 (93002)
Engine:
Version: 22.06.0-beta.0-902-g2708be0db4.m
API version: 1.43 (minimum version 1.12)
Go version: go1.18.4
Git commit: 2708be0db4
Built: Wed Nov 23 09:32:50 2022
OS/Arch: linux/arm64
Experimental: true
containerd:
Version: 1.6.10
GitCommit: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client:
Context: default
Debug Mode: false
Plugins:
base: Identify base image (Docker Inc., vn/a)
buildx: Docker Buildx (Docker Inc., v0.9.1)
compose: Docker Compose (Docker Inc., v2.13.0)
dev: Docker Dev Environments (Docker Inc., v0.0.5)
extension: Manages Docker extensions (Docker Inc., v0.2.16)
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
scan: Docker Scan (Docker Inc., v0.22.0)
shell: Open a browser shell on the Docker Host. (thaJeztah, v0.0.1)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 22.06.0-beta.0-902-g2708be0db4.m
Storage Driver: stargz
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661
runc version: v1.1.4-0-g5fd4c4d
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.49-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 5
Total Memory: 5.8GiB
Name: docker-desktop
ID: 4fd4c2e6-2fd7-4491-8ec3-905a86c78a76
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
hubproxy.docker.internal:5000
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
Docker Desktop 4.15 with containerd-integration enabled