rules_apko break oci_pull from docker hub
farcop opened this issue · 1 comments
farcop commented
- I added rules_apko latest main in the project and done Initial setup
- When I decided to update image in oci_pull it broke with error below.
- As soon as I rolled back these changes everything worked.
oci_pull(
name = "nginx_alpine",
image = "docker.io/nginxinc/nginx-unprivileged",
# tag = "stable-alpine3.18",
digest = "sha256:bb1a470f475dfe3d11ccfc2ac53177200d3ba81e9e907cf4ed0185759a46e583",
platforms = [
"linux/amd64",
"linux/arm64"
],
)
Error after rules_apko was added
$ bazel fetch @nginx_alpine
WARNING: Could not fetch the manifest. Either there was an authentication issue or trying to pull an image with OCI image media types.
Falling back to using `curl`. See https://github.com/bazelbuild/bazel/issues/17829 for the context.
WARNING: Could not fetch the manifest. Either there was an authentication issue or trying to pull an image with OCI image media types.
Falling back to using `curl`. See https://github.com/bazelbuild/bazel/issues/17829 for the context.
WARNING: Could not fetch the manifest. Either there was an authentication issue or trying to pull an image with OCI image media types.
Falling back to using `curl`. See https://github.com/bazelbuild/bazel/issues/17829 for the context.
WARNING: Could not fetch the manifest. Either there was an authentication issue or trying to pull an image with OCI image media types.
Falling back to using `curl`. See https://github.com/bazelbuild/bazel/issues/17829 for the context.
INFO: Repository nginx_alpine_linux_amd64 instantiated at:
/home/kublr/kublr/WORKSPACE:413:13: in <toplevel>
/home/kublr/kublr/images.bzl:36:13: in fetch_images
/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/pull.bzl:121:22: in oci_pull
Repository rule oci_pull defined at:
/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl:437:27: in <toplevel>
WARNING: Download from https://index.docker.io/v2/nginxinc/nginx-unprivileged/manifests/sha256:bb1a470f475dfe3d11ccfc2ac53177200d3ba81e9e907cf4ed0185759a46e583 failed: class com.google.devtools.build.lib.bazel.repository.downloader.UnrecoverableHttpException GET returned 401 Unauthorized
WARNING: Download from https://index.docker.io/v2/nginxinc/nginx-unprivileged/manifests/sha256:5bb412ff61fef36458618c6ab4d08dcb36bb85356dfd03a9fb36af8b6e6b92a3 failed: class com.google.devtools.build.lib.bazel.repository.downloader.UnrecoverableHttpException GET returned 401 Unauthorized
WARNING: Download from https://index.docker.io/v2/nginxinc/nginx-unprivileged/blobs/sha256:06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a failed: class com.google.devtools.build.lib.bazel.repository.downloader.UnrecoverableHttpException GET returned 401 Unauthorized
INFO: Repository nginx_alpine_linux_arm64 instantiated at:
/home/kublr/kublr/WORKSPACE:413:13: in <toplevel>
/home/kublr/kublr/images.bzl:36:13: in fetch_images
/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/pull.bzl:121:22: in oci_pull
Repository rule oci_pull defined at:
/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl:437:27: in <toplevel>
ERROR: An error occurred during the fetch of repository 'nginx_alpine_linux_amd64':
Traceback (most recent call last):
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl", line 383, column 29, in _oci_pull_impl
downloader.download_blob(image_mf["config"]["digest"], image_config_file)
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl", line 281, column 61, in lambda
download_blob = lambda identifier, output: _download(rctx, state, identifier, output, "blobs"),
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl", line 225, column 23, in _download
return download_fn(
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/download.bzl", line 130, column 25, in _bazel_download
return rctx.download(**kwargs)
Error in download: java.io.IOException: Error downloading [https://index.docker.io/v2/nginxinc/nginx-unprivileged/blobs/sha256:06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a] to /home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/nginx_alpine_linux_amd64/06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a: GET returned 401 Unauthorized
ERROR: /home/kublr/kublr/WORKSPACE:413:13: fetching oci_pull rule //external:nginx_alpine_linux_amd64: Traceback (most recent call last):
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl", line 383, column 29, in _oci_pull_impl
downloader.download_blob(image_mf["config"]["digest"], image_config_file)
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl", line 281, column 61, in lambda
download_blob = lambda identifier, output: _download(rctx, state, identifier, output, "blobs"),
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/pull.bzl", line 225, column 23, in _download
return download_fn(
File "/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/rules_oci/oci/private/download.bzl", line 130, column 25, in _bazel_download
return rctx.download(**kwargs)
Error in download: java.io.IOException: Error downloading [https://index.docker.io/v2/nginxinc/nginx-unprivileged/blobs/sha256:06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a] to /home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/nginx_alpine_linux_amd64/06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a: GET returned 401 Unauthorized
INFO: repository @nginx_alpine_linux_arm64' used the following cache hits instead of downloading the corresponding file.
* Hash 'bb1a470f475dfe3d11ccfc2ac53177200d3ba81e9e907cf4ed0185759a46e583' for file:/home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/nginx_alpine_linux_arm64/.output/manifest.json
If the definition of 'repository @nginx_alpine_linux_arm64' was updated, verify that the hashes were also updated.
ERROR: Evaluation of query "deps(@nginx_alpine)" failed: preloading transitive closure failed: no such package '@nginx_alpine_linux_amd64//': java.io.IOException: Error downloading [https://index.docker.io/v2/nginxinc/nginx-unprivileged/blobs/sha256:06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a] to /home/kublr/.cache/bazel/_bazel_kublr/69fb4c52c15303cc4e23e5352527edec/external/nginx_alpine_linux_amd64/06f0f53713bb14a22bc396231b8f89d0b05e1d3c84b3766014895b1a245c3b7a: GET returned 401 Unauthorized
Loading: 1 packages loaded
farcop commented
.apko/range.sh
#!/usr/bin/env bash
# Generated by apko_bazelrc. DO NOT EDIT
# Adds Range header to outgoing http requests by parsing the range fragment on URL from stdin
# See https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md
# Required for range requests for fetching the apk packages.
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests
echo -n '{"headers":{"Range":['
cat | sed -n 's/.*#_apk_range_bytes_\([[:digit:]]*-[[:digit:]]*\).*/"bytes=\1"/p' | tr -d '\n'
echo ']}}'I guess the reason is here