libimage: load name from oci-dir annotations (per-manifest first; single-manifest fallback to top-level); add e2e test #26867
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: shiavm006 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore. |
shiavm006
force-pushed
the
fix/oci-dir-load-name
branch
2 times, most recently
from
b2a6c88 to
ed7aeae
Compare
|
I think there is some debate about whether or not the original behavior was a bug (given OCI-DIR). It would be good to have @mtrmac comment here as well. |
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
I don’t have much of an opinion on the change; I don’t recall any reason to specifically not want to use annotations. Consistency would be nice, of course.
Originally the code comes from containers/common@5797a05 , and all the way back from a031b83, which is not very helpful. My best guess is that special-casing oci: just didn’t happen originally, and nobody thought to make it equivalent when we did add that special case.
The major concern is that this would break scripts, so it definitely needs to happen only in a major Podman version.
(Procedurally, the c/common changes need to be made in the c/common repo.)
| if err != nil { | ||
| return nil, nil, err | ||
| // Try to load a name from the OCI layout's index.json annotations first | ||
| if md, errMD := ociTransport.LoadManifestDescriptor(ref); errMD == nil { |
There was a problem hiding this comment.
I don’t know why we would silently ignore this error; if this fails, the copy is going to fail anyway, isn’t it?
I suppose that relates to the other question — I’m missing something.
| // Try to load a name from the OCI layout's index.json annotations first | ||
| if md, errMD := ociTransport.LoadManifestDescriptor(ref); errMD == nil { | ||
| if annotatedName := nameFromAnnotations(md.Annotations); annotatedName != "" { | ||
| if named, errNorm := NormalizeName(annotatedName); errNorm == nil { |
There was a problem hiding this comment.
Same, why is silently ignoring errors a good idea? (Also in other places of the PR.)
There was a problem hiding this comment.
You're absolutely right about the silent error handling ....... it's poor thing to ignore errors without any indication.
i will make sure of it
| _ = f.Close() | ||
| } | ||
| } | ||
| // Fallback to previous behavior if no annotated name was found/usable |
There was a problem hiding this comment.
(Absolutely non-blocking: “previous” is, long-term, not going to be a meaningful concept.)
|
@mtrmac |
|
@mtrmac |
Fixes issue where images loaded from oci-dir had no name and were only addressable by ID. Now reads image names from per-manifest annotations in OCI layout, ensuring OCI spec compliance and consistency with podman pull oci:/Users/shivammittal/.nvm/versions/node/v20.19.0/bin /opt/homebrew/bin /opt/homebrew/sbin /usr/local/bin /System/Cryptexes/App/usr/bin /usr/bin /bin /usr/sbin /sbin /var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin /var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin /var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin /Users/shivammittal/.nvm/versions/node/v20.19.0/bin /Users/shivammittal/.cargo/bin /Users/shivammittal/.cursor/extensions/ms-python.debugpy-2025.8.0-darwin-arm64/bundled/scripts/noConfigScripts: behavior. Removes top-level index.json annotation logic that violated OCI spec and created inconsistency across Podman commands. Includes proper error logging and removes test expecting non-compliant behavior. Fixes: containers#26850 Signed-off-by: shiavm006 <[email protected]>
shiavm006
force-pushed
the
fix/oci-dir-load-name
branch
from
34e5176 to
dc0d91e
Compare
Signed-off-by: shiavm006 <[email protected]>
|
@Luap99 |
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Thanks!
- To reiterate: this must be tracked as a Podman 6 breaking change
- … and it needs to primarily happen in the c/common repo
On the substance of the change, now looks OK.
LoadManifestDescriptor/NormalizeNamefailures should be reported and cause the whole operation to fail, not ignored (or only debug-logged)
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
A friendly reminder that this PR had no activity for 30 days. |
4 participants
Fixes incorrect behavior where images loaded from oci-dir had no name and were only addressable by ID.Aligns with behavior users expect from tar-based loads and preserves tags exported via podman save --format oci-dir.
Fixes : #26850