-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
podman farm build
cannot handle colons in the --tag
value
#25039
Comments
There was some kind of parsing added, that allowed It still fails if you try to tag the image with something other than "latest", though. Or even if you add
|
Hopefully the TLS thing is orthogonal, since our local Distribution registries use certs to protect the login. |
It is, it just depends on how your registry is configured... By default it runs HTTP, unless you give it certs. https://distribution.github.io/distribution/about/deploying/
Podman doesn't configure localhost to be insecure by default, like Docker does, so it needs registries.conf [[registry]]
location="localhost:5000"
insecure=true Problem was that If you build and tag and push the image normally, then it works just fine. But farm is a different code path... commit a06685a (5.0, not backported to 4.9) Beyond the local testing, then it needs to be configured with certs and insecure is not needed anymore: https://distribution.github.io/distribution/about/deploying/#run-an-externally-accessible-registry This bug here is more about the tag ("latest") conflicting with the And if you just remove that part from the code, then it gets into similar trouble further down report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: skipTLSVerify}) So it needs to handle the tag properly, first add all the images to the manifest and then tag it. |
Issue Description
The relevant docs claim you can give an optional
[:tag]
with this option to override the default:latest
, but if you do, you get the bogus error output below.This is not limited to version tags, however. The same thing also occurs when you give a nonstandard registry TCP port number in the tag, as when pushing to a local Distribution instance, when it isn't listening on 5000 for whatever reason.
It is my belief that there is something doing a string split on colons and treating everything to the left as a URI scheme even though one does not normally prepend
https://
to a--tag
value.Steps to reproduce the issue
Clone the PodmanHello repo, then apply this one-line patch:
Now say
make
.It is not important to set up a "farm" before doing this. The default one will show the symptom, as will a custom one.
It is also not important to give a real registry reference in the value above. You can leave it as given above and it will show the symptom because the error occurs before the actual TCP connection or registry login steps.
If you remove the ":12345" bit, you will see that the error you get changes accordingly, now split on the colon before
custom
.Changing the
--tag
value to something colon-free likequay.io/USER/REPO
will allow the push to succeed.Describe the results you received
Describe the results you expected
It should attempt to connect to
registry:12345
and push the successfully-built image to the "repo
" repository.podman info output
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
I do not believe the "info" output above to include critical details. It happens to show a build using 5.3.1 on Silverblue, but I've seen this occur with 5.2.2 on EL9 as well.
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
The text was updated successfully, but these errors were encountered: