influxdata/influxdata-docker

influxb image: platform in image-index and image-config do not match

SgtSilvio opened this issue · 7 comments

Multi-arch container images contain information about the target platform in 2 places, in the image index and the image config. These two platform specifications need to match.

For the influxdb image, they mismatch, for example for the 1.8.10 tag.

The image index (with the digest sha256:69e2de7972e79a58cd0d59c4342a97dcf8272fca7f043e74b06b5a4e9aacffd6) specifies the platform linux/arm64/v8:

{
  "manifests": [
    ...
    {
      ...
      "digest": "sha256:ed7da84d66ed893d1f4d9820705a34d0a97bff63951ad987fb7326503e862b19",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "arm64",
        "os": "linux",
        "variant": "v8"
      },
      "size": 2314
    },
    ...
  ]
}
Full image index
{
  "manifests": [
    {
      "annotations": {
        "com.docker.official-images.bashbrew.arch": "amd64",
        "org.opencontainers.image.base.digest": "sha256:0bf0aee11419e80a8fb33d389ead5f7968f48201150572d532da38bc1389aba9",
        "org.opencontainers.image.base.name": "buildpack-deps:bullseye-curl",
        "org.opencontainers.image.created": "2024-05-14T03:56:11Z",
        "org.opencontainers.image.revision": "d18cf6292f3d5de77d9bd7b25f897288fafda290",
        "org.opencontainers.image.source": "https://github.com/influxdata/influxdata-docker.git#d18cf6292f3d5de77d9bd7b25f897288fafda290:influxdb/1.8",
        "org.opencontainers.image.url": "https://hub.docker.com/_/influxdb",
        "org.opencontainers.image.version": "1.8"
      },
      "digest": "sha256:3c2eda6f43015553442085945f92786c865c48e392bbf71996e7c340ac7c235a",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      },
      "size": 2312
    },
    {
      "annotations": {
        "com.docker.official-images.bashbrew.arch": "amd64",
        "vnd.docker.reference.digest": "sha256:3c2eda6f43015553442085945f92786c865c48e392bbf71996e7c340ac7c235a",
        "vnd.docker.reference.type": "attestation-manifest"
      },
      "digest": "sha256:d2e4e27551f0dcc3f836861d4456444dda5e99dbec9247381a079211f4bb8373",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "unknown",
        "os": "unknown"
      },
      "size": 841
    },
    {
      "annotations": {
        "com.docker.official-images.bashbrew.arch": "arm32v7",
        "org.opencontainers.image.base.digest": "sha256:d47b3c2633464ad4bab6c262c7d5dcdeedd3e2c8a77cb9e27b20a56dcd3298f1",
        "org.opencontainers.image.base.name": "buildpack-deps:bullseye-curl",
        "org.opencontainers.image.created": "2024-05-15T04:04:33Z",
        "org.opencontainers.image.revision": "d18cf6292f3d5de77d9bd7b25f897288fafda290",
        "org.opencontainers.image.source": "https://github.com/influxdata/influxdata-docker.git#d18cf6292f3d5de77d9bd7b25f897288fafda290:influxdb/1.8",
        "org.opencontainers.image.url": "https://hub.docker.com/_/influxdb",
        "org.opencontainers.image.version": "1.8"
      },
      "digest": "sha256:1fc46b054f8c81da888270fba0697693d16a2cd30a77479b8f5d08aaa9cabe01",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "arm",
        "os": "linux",
        "variant": "v7"
      },
      "size": 2314
    },
    {
      "annotations": {
        "com.docker.official-images.bashbrew.arch": "arm32v7",
        "vnd.docker.reference.digest": "sha256:1fc46b054f8c81da888270fba0697693d16a2cd30a77479b8f5d08aaa9cabe01",
        "vnd.docker.reference.type": "attestation-manifest"
      },
      "digest": "sha256:7225b5dae545603b29e46fe36b369b54323d46aa7ede7f4ad7ca8a68afbd9ee9",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "unknown",
        "os": "unknown"
      },
      "size": 841
    },
    {
      "annotations": {
        "com.docker.official-images.bashbrew.arch": "arm64v8",
        "org.opencontainers.image.base.digest": "sha256:9e0ba4be0710ecf464598e996cc4a1face17170fc291faede05b74d3afac88d7",
        "org.opencontainers.image.base.name": "buildpack-deps:bullseye-curl",
        "org.opencontainers.image.created": "2024-05-15T10:30:08Z",
        "org.opencontainers.image.revision": "d18cf6292f3d5de77d9bd7b25f897288fafda290",
        "org.opencontainers.image.source": "https://github.com/influxdata/influxdata-docker.git#d18cf6292f3d5de77d9bd7b25f897288fafda290:influxdb/1.8",
        "org.opencontainers.image.url": "https://hub.docker.com/_/influxdb",
        "org.opencontainers.image.version": "1.8"
      },
      "digest": "sha256:ed7da84d66ed893d1f4d9820705a34d0a97bff63951ad987fb7326503e862b19",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "arm64",
        "os": "linux",
        "variant": "v8"
      },
      "size": 2314
    },
    {
      "annotations": {
        "com.docker.official-images.bashbrew.arch": "arm64v8",
        "vnd.docker.reference.digest": "sha256:ed7da84d66ed893d1f4d9820705a34d0a97bff63951ad987fb7326503e862b19",
        "vnd.docker.reference.type": "attestation-manifest"
      },
      "digest": "sha256:b4e8bc875fcd8451323f2de3328b85365b042a482064d3ecd8ded999e7e62105",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "platform": {
        "architecture": "unknown",
        "os": "unknown"
      },
      "size": 841
    }
  ],
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "schemaVersion": 2
}

While the corresponding image config (with the digest sha256:c93cf83723c98b3e2dfe274145852bf0832a6cc49d31071abe2c84fbadbc1ef9) specifies the platform linux/arm64 (note the missing variant v8).

{
  "architecture": "arm64",
  ...
  "os": "linux",
  ...
}
Full image config
{
  "architecture": "arm64",
  "config": {
    "ExposedPorts": {
      "8086/tcp": {}
    },
    "Env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "INFLUXDB_VERSION=1.8.10"
    ],
    "Entrypoint": [
      "/entrypoint.sh"
    ],
    "Cmd": [
      "influxd"
    ],
    "Volumes": {
      "/var/lib/influxdb": {}
    },
    "ArgsEscaped": true
  },
  "created": "2024-04-30T14:27:41Z",
  "history": [
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "/bin/sh -c #(nop) ADD file:43721c605da3f74f0c3f71384780fc0e57e2478b88197672caaf4baa3eddab23 in / "
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "/bin/sh -c #(nop)  CMD [\"bash\"]",
      "empty_layer": true
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "/bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\tgnupg \t\tnetbase \t\twget \t; \trm -rf /var/lib/apt/lists/*"
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "RUN /bin/sh -c set -ex &&     mkdir ~/.gnupg;     echo \"disable-ipv6\" >> ~/.gnupg/dirmngr.conf;     for key in         9D539D90D3328DC7D6C8D3B9D8FF8E1F7DF8B07E ;     do         gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys \"$key\" ;     done # buildkit",
      "comment": "buildkit.dockerfile.v0"
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "ENV INFLUXDB_VERSION=1.8.10",
      "comment": "buildkit.dockerfile.v0",
      "empty_layer": true
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "RUN /bin/sh -c ARCH= && dpkgArch=\"$(dpkg --print-architecture)\" &&     case \"${dpkgArch##*-}\" in       amd64) ARCH='amd64';;       arm64) ARCH='arm64';;       armhf) ARCH='armhf';;       armel) ARCH='armel';;       *)     echo \"Unsupported architecture: ${dpkgArch}\"; exit 1;;     esac &&     wget --no-verbose https://dl.influxdata.com/influxdb/releases/influxdb_${INFLUXDB_VERSION}_${ARCH}.deb.asc &&     wget --no-verbose https://dl.influxdata.com/influxdb/releases/influxdb_${INFLUXDB_VERSION}_${ARCH}.deb &&     gpg --batch --verify influxdb_${INFLUXDB_VERSION}_${ARCH}.deb.asc influxdb_${INFLUXDB_VERSION}_${ARCH}.deb &&     dpkg -i influxdb_${INFLUXDB_VERSION}_${ARCH}.deb &&     rm -f influxdb_${INFLUXDB_VERSION}_${ARCH}.deb* # buildkit",
      "comment": "buildkit.dockerfile.v0"
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "COPY influxdb.conf /etc/influxdb/influxdb.conf # buildkit",
      "comment": "buildkit.dockerfile.v0"
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "EXPOSE map[8086/tcp:{}]",
      "comment": "buildkit.dockerfile.v0",
      "empty_layer": true
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "VOLUME [/var/lib/influxdb]",
      "comment": "buildkit.dockerfile.v0",
      "empty_layer": true
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "COPY entrypoint.sh /entrypoint.sh # buildkit",
      "comment": "buildkit.dockerfile.v0"
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "COPY init-influxdb.sh /init-influxdb.sh # buildkit",
      "comment": "buildkit.dockerfile.v0"
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "ENTRYPOINT [\"/entrypoint.sh\"]",
      "comment": "buildkit.dockerfile.v0",
      "empty_layer": true
    },
    {
      "created": "2024-04-30T14:27:41Z",
      "created_by": "CMD [\"influxd\"]",
      "comment": "buildkit.dockerfile.v0",
      "empty_layer": true
    }
  ],
  "os": "linux",
  "rootfs": {
    "type": "layers",
    "diff_ids": [
      "sha256:6765d30a68bc8aa3bc844f8d14a68b0ebbf1ac87ef8b4622ca3b6f7d63742ae8",
      "sha256:9622a2ac8fdfcdea9c2108a1ded6067a0f0dcd139e3f1e1baf4d91a684215fad",
      "sha256:13195f70fdf4bcee904b225e6ae8902e2669c7a72b78584f24d3b73194bacb5a",
      "sha256:8ccb2be081115c1259b5660b547ac42e553097deca88d94ae8e9bcce57d560f7",
      "sha256:4a6f25a47c2dcf11a94e69e0e83cc1f647c3189bdd94593c8681d60cb5643425",
      "sha256:fe148f882285a73b5f9267c2d3039b07676133dbdc51bf7b1695fbf08bacdee2",
      "sha256:d4eb1046ecf1356ca9eb0866818ae9408f747503c022ac99da4040f64fe2d9db"
    ]
  }
}

Why I stumbled upon this: it is not easy for tools that consume/transform/produce images to validate the container metadata and choose the right platform specification. This is currently an issue when using the influxdb image with gradle-oci which complains about:

platform in manifest descriptor (@linux,arm64,v8) and config (@linux,arm64) do not match

What is the consequence of this? I have not seen someone specify the v8 variant as part of the architecture.

Ultimately, the images are not produced by us, but by the Docker official images build process, so this issue should probably live upstream.

I added the reason why I opened this issue to the bottom of the description. Sorry for the early submit.

Ultimately, the images are not produced by us, but by the Docker official images build process, so this issue should probably live upstream.

Do you think https://github.com/docker-library/official-images/ is the right place?

I added the reason why I opened this issue to the bottom of the description. Sorry for the early submit.

Ah thanks for the update!

Do you think https://github.com/docker-library/official-images/ is the right place?

Yes please - and if ultimately we need to make changes to our submissions they can let us know. Thanks!

Thanks for the really quick answer. Will open the issue there and link this issue, and close this issue once the other is opened.
Have a nice day!

Closing this one in favor of docker-library/official-images#16859

Thanks I'll subscribe to that issue as well.