Description
It looks like we don't have a special case for attestations, and those therefore fall through to "unknown type", resulting in noisy debug logs; here's the logs when running docker image ls with the containerd image store enabled;
time="2024-12-06T11:25:37.891054469Z" level=debug msg="Calling HEAD /_ping" spanID=b015aa9e817ef953 traceID=f1032373c6c1ba9d23934711d72b5128
time="2024-12-06T11:25:37.893333302Z" level=debug msg="Calling GET /v1.47/images/json" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.925867969Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.928346302Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.931845802Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.932710760Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.941484552Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.943116385Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.944743885Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.946203927Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.957543594Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.958849260Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.984739302Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.985704344Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.991910760Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.993380010Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.993721260Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:37.995359427Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.022839135Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.024402177Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.025408385Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.027858385Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.028161677Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.029095844Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.050283635Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
time="2024-12-06T11:25:38.050916552Z" level=debug msg="encountered unknown type application/vnd.in-toto+json; children may not be fetched" spanID=3b00aa90c6ac946b traceID=9d50074214268ca24d21095dfed33221
It looks like this log is produced in containerd vendored code inside the Children function;
|
// Children returns the immediate children of content described by the descriptor. |
|
func Children(ctx context.Context, provider content.Provider, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { |
|
default: |
|
if IsLayerType(desc.MediaType) || IsKnownConfig(desc.MediaType) { |
|
// childless data types. |
|
return nil, nil |
|
} |
|
log.G(ctx).Debugf("encountered unknown type %v; children may not be fetched", desc.MediaType) |
|
} |
Reproduce
See above
Expected behavior
No response
docker version
Client:
Version: 27.4.0-rc.4
API version: 1.47
Go version: go1.22.10
Git commit: bde2b89
Built: Wed Dec 4 18:31:46 2024
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.38.0 (177667)
Engine:
Version: 27.4.0-rc.4
API version: 1.47 (minimum version 1.24)
Go version: go1.22.10
Git commit: 92a8393
Built: Wed Dec 4 18:35:08 2024
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.7.21
GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client:
Version: 27.4.0-rc.4
Context: desktop-linux
Debug Mode: false
Plugins:
[redacted; irrelevant]
Server:
Containers: 5
Running: 0
Paused: 0
Stopped: 5
Images: 56
Server Version: 27.4.0-rc.4
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
Kernel Version: 6.12.1-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 10
Total Memory: 7.653GiB
Name: docker-desktop
ID: 58815d06-8744-4af3-b6f1-7a88003318ad
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 54
Goroutines: 90
System Time: 2024-12-06T11:32:03.454582758Z
EventsListeners: 15
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/thajeztah/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
host.docker.internal:5001
host.docker.internal:5002
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
No response
Description
It looks like we don't have a special case for attestations, and those therefore fall through to "unknown type", resulting in noisy debug logs; here's the logs when running
docker image lswith the containerd image store enabled;It looks like this log is produced in containerd vendored code inside the
Childrenfunction;moby/vendor/github.com/containerd/containerd/images/image.go
Lines 341 to 342 in b1fc766
moby/vendor/github.com/containerd/containerd/images/image.go
Lines 380 to 386 in b1fc766
Reproduce
See above
Expected behavior
No response
docker version
Client: Version: 27.4.0-rc.4 API version: 1.47 Go version: go1.22.10 Git commit: bde2b89 Built: Wed Dec 4 18:31:46 2024 OS/Arch: darwin/arm64 Context: desktop-linux Server: Docker Desktop 4.38.0 (177667) Engine: Version: 27.4.0-rc.4 API version: 1.47 (minimum version 1.24) Go version: go1.22.10 Git commit: 92a8393 Built: Wed Dec 4 18:35:08 2024 OS/Arch: linux/arm64 Experimental: false containerd: Version: 1.7.21 GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111 runc: Version: 1.1.13 GitCommit: v1.1.13-0-g58aa920 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response