Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unsupported image-specific operation on artifact with type "application/vnd.devcontainers" #22738

Closed
GongT opened this issue May 17, 2024 · 1 comment
Closed

unsupported image-specific operation on artifact with type "application/vnd.devcontainers" #22738

GongT opened this issue May 17, 2024 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@GongT
Copy link

GongT commented May 17, 2024
edited
Loading

Steps to reproduce the issue

podman pull ghcr.io/devcontainers/features/conda:1

Describe the results you received

Error: parsing image configuration: unsupported image-specific operation on artifact with type "application/vnd.devcontainers"

Describe the results you expected

It should download image

podman info output

host:
  arch: amd64
  buildahVersion: 1.33.7
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc39.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 98.43
    systemPercent: 0.24
    userPercent: 1.33
  cpus: 24
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    version: "39"
  eventLogger: journald
  freeLocks: 2041
  hostname: developmentenvironment
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.8.6-200.fc39.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 3950497792
  memTotal: 135008804864
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-1.fc39.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-1.fc39.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.4-1.fc39.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.4
      commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
      rundir: /run/user/0/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 5510017024
  swapTotal: 8589930496
  uptime: 570h 26m 19.00s (Approximately 23.75 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
    overlay.skip_mount_home: "true"
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 300001787904
  graphRootUsed: 65450557440
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 137
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.9.4
  Built: 1711445992
  BuiltTime: Tue Mar 26 17:39:52 2024
  GitCommit: ""
  GoVersion: go1.21.8
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4

Podman in a container

Yes

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

Fedora release 39

verbose log

INFO[0000] /usr/bin/podman filtering at log level debug
DEBU[0000] Called pull.PersistentPreRunE(/usr/bin/podman --log-level=debug pull ghcr.io/devcontainers/features/conda:1)
DEBU[0000] Using conmon: "/usr/bin/conmon"
INFO[0000] Using boltdb as database backend
DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /var/lib/containers/storage
DEBU[0000] Using run root /run/containers/storage
DEBU[0000] Using static dir /var/lib/containers/storage/libpod
DEBU[0000] Using tmp dir /run/libpod
DEBU[0000] Using volume path /var/lib/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] overlay: skip_mount_home=true
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is not being used
INFO[0000] Not using native diff for overlay, this may cause degraded performance for building images: failed to mount overlay: invalid argument
DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/crun"
INFO[0000] Setting parallel job count to 73
DEBU[0000] Pulling image ghcr.io/devcontainers/features/conda:1 (policy: always)
DEBU[0000] Looking up image "ghcr.io/devcontainers/features/conda:1" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "ghcr.io/devcontainers/features/conda:1" ...
DEBU[0000] reference "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1" does not resolve to an image ID
DEBU[0000] Trying "ghcr.io/devcontainers/features/conda:1" ...
DEBU[0000] reference "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1" does not resolve to an image ID
DEBU[0000] Trying "ghcr.io/devcontainers/features/conda:1" ...
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf"
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Attempting to pull candidate ghcr.io/devcontainers/features/conda:1 for ghcr.io/devcontainers/features/conda:1
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1"
Trying to pull ghcr.io/devcontainers/features/conda:1...
DEBU[0000] Copying source image //ghcr.io/devcontainers/features/conda:1 to destination image [overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on,overlay.skip_mount_home=true]ghcr.io/devcontainers/features/conda:1
DEBU[0000] Using registries.d directory /etc/containers/registries.d
DEBU[0000] Trying to access "ghcr.io/devcontainers/features/conda:1"
DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /run/user/0/containers/auth.json
DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /root/.config/containers/auth.json
DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /root/.docker/config.json
DEBU[0000] No credentials matching ghcr.io/devcontainers/features/conda found in /root/.dockercfg
DEBU[0000] No credentials for ghcr.io/devcontainers/features/conda found
DEBU[0000] No signature storage configuration found for ghcr.io/devcontainers/features/conda:1, using built-in default file:///var/lib/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/ghcr.io
DEBU[0000] GET https://ghcr.io/v2/
DEBU[0000] Ping https://ghcr.io/v2/ status 401
DEBU[0000] GET https://ghcr.io/token?scope=repository%3Adevcontainers%2Ffeatures%2Fconda%3Apull&service=ghcr.io
DEBU[0001] Increasing token expiration to: 60 seconds
DEBU[0001] GET https://ghcr.io/v2/devcontainers/features/conda/manifests/1
DEBU[0001] Content-Type from manifest GET is "application/vnd.oci.image.manifest.v1+json"
DEBU[0001] Using SQLite blob info cache at /var/lib/containers/cache/blob-info-cache-v1.sqlite
DEBU[0001] IsRunningImageAllowed for image docker:ghcr.io/devcontainers/features/conda:1
DEBU[0001] Using default policy section
DEBU[0001] Requirement 0: allowed
DEBU[0001] Overall: allowed
DEBU[0001] Error pulling candidate ghcr.io/devcontainers/features/conda:1: parsing image configuration: unsupported image-specific operation on artifact with type "application/vnd.devcontainers"
Error: parsing image configuration: unsupported image-specific operation on artifact with type "application/vnd.devcontainers"
DEBU[0001] Shutting down engines

Additional information

No response
@GongT GongT added the kind/bug Categorizes issue or PR as related to a bug. label May 17, 2024
@Luap99
Copy link
Member

Luap99 commented May 17, 2024

This is not a normal container image

skopeo inspect --raw docker://ghcr.io/devcontainers/features/conda:1 | jq
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.devcontainers",
    "digest": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "size": 0
  },
  "layers": [
    {
      "mediaType": "application/vnd.devcontainers.layer.v1+tar",
      "digest": "sha256:9691467c3f90b1948494f54e16ec3a85830850f4119c4480f766853a3a1dedab",
      "size": 14848,
      "annotations": {
        "org.opencontainers.image.title": "devcontainer-feature-conda.tgz"
      }
    }
  ],
  "annotations": {
    "com.github.package.type": "devcontainer_feature"
  }
}

This seems to be OCI artifact and as such cannot be used as regular image, thee is no way to know how to extract this,
Looking at https://containers.dev/implementors/features-distribution/#oci-registry this is not intended to be a normal image so you should not try to pull it like this.

@Luap99 Luap99 closed this as not planned Won't fix, can't repro, duplicate, stale May 17, 2024
@stale-locking-app stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 16, 2024
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Aug 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GongT @Luap99