Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Managing OCI artifacts : artifact type is missing #784

Open
mmauro-betclic opened this issue Oct 11, 2024 · 4 comments
Open

Managing OCI artifacts : artifact type is missing #784

mmauro-betclic opened this issue Oct 11, 2024 · 4 comments
Assignees
@FeynmanZhou
Labels
bug Feature bugs that should be fixed. feature-oci-artifacts Requests related to OCI artifact management triaged Use after the issue is triaged

Comments

@mmauro-betclic
Copy link

Describe the bug
The artifact type is missing from artifacts attached to an image in ACR.

To Reproduce

  1. I'm pushing a very simple image to my ACR, and then I'm signing it with Notation by using the Referrers API (bug also happens when using tag schema) :
docker push registry/image:tag
IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' registry/image:tag)
notation sign --force-referrers-tag=false $IMAGE_DIGEST -k my-cert
  1. When using ORAS CLI to check the artifacts linked to the image, I can see the signature, but the type is "unknown" :
oras discover $IMAGE_DIGEST
registry/image@sha256:468b9521bd60b12b8fa40383e6cde62036a1de2bd6b905482af4bd845e4c61f9
└── <unknown>
    └── sha256:876f89db57fe46f521935215fe880725731730f5ab81f17f2551edb894f6abcc
  1. Moreover on the Azure portal, the Referrers tab does not display anything but "Loading ..." :

Image

with an error in browser console :

wiHDObdGiqqZ.js:2 Uncaught (in promise) TypeError: n.artifactType is not a function
    at d.<anonymous> (wiHDObdGiqqZ.js:2:7263)
    at W9yayfMU8ZNP.js:17:4222
    at Object.next (W9yayfMU8ZNP.js:17:4327)
    at a (W9yayfMU8ZNP.js:17:3034)

Expected behavior
This image manifest should contain an artifact type on the signature such as : application/vnd.cncf.notary.signature

Additional context
ACR is located in North Europe with CMK encryption, pricing plan is Premium.

Any relevant environment information

  • OS: macOS Sonoma 14.6.1
  • Notation 1.2.0
  • ORAS 1.2.0
  • Docker 27.2.0
@mmauro-betclic mmauro-betclic added the bug Feature bugs that should be fixed. label Oct 11, 2024
@FeynmanZhou
Copy link
Member

Hi @mmauro-betclic,

Apologize for the late response, the referrers API is not supported yet in CMK-enabled registry.

Was this issue also existed when you sign the image using the default tag schema (without --force-referrers-tag=false)?

@mmauro-betclic
Copy link
Author

Hi @FeynmanZhou,

Yes absolutely, the same issue happens without --force-referrers-tag=false.

@Wwwsylvia
Copy link
Contributor

Hi @mmauro-betclic , unfortunately there are some limitations with using Referrers API against CMK-enabled registries.
But if the signature is pushed using tag schema, the artifact type can be viewed by specifying --distribution-spec v1.1-referrers-tag with oras discover. It looks like:

oras discover $IMAGE_DIGEST  --distribution-spec v1.1-referrers-tag

@FeynmanZhou
Copy link
Member

Hi @mmauro-betclic , would you mind checking your signature use the oras command above? We could also schedule a meeting to help you unblock if needed.

@FeynmanZhou FeynmanZhou mentioned this issue Dec 9, 2024
Open
@toddysm toddysm added triaged Use after the issue is triaged feature-oci-artifacts Requests related to OCI artifact management labels Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FeynmanZhou FeynmanZhou

Labels
bug Feature bugs that should be fixed. feature-oci-artifacts Requests related to OCI artifact management triaged Use after the issue is triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@toddysm @Wwwsylvia @FeynmanZhou @mmauro-betclic