pull,load: use *Image instead of re-resolving via name
#2339
Conversation
flouthoc
force-pushed
the
refactor-pull
branch
2 times, most recently
from
4f50746 to
663a29b
Compare
|
I don't know why after |
|
I didn’t trace it, for now a quick guess: https://github.com/containers/image/blob/c3293eccad1afb55fb9b45d674c8cd06f605eac9/storage/storage_reference.go#L173-L188 means that when using a digested c/storage reference, the reference refers to the manifest with that digest. So, for a digested pull, the resolved reference is a Let me know if this does not help and I should look into this in more detail. |
This is very helpful, I will investigate with above notes and will report back 😄 , thanks for the tip. |
That’s imprecise I’m afraid; |
flouthoc
force-pushed
the
refactor-pull
branch
2 times, most recently
from
37b8f64 to
d585e3d
Compare
|
@mtrmac Tests passes now, this is ready for review. Although I must created |
There was a problem hiding this comment.
Just an extremely brief skim for now, without reading any of the context; mostly just a list of topics to discuss / for me to research.
- I very much like minimizing repeated image lookups. The overall direction is great.
- I’m not at all sure about the
.reload()part now. Do we know what is exactly happening? - I don’t know about the non-registry copies, e.g. loads from archives. I would be fine with not fixing those cases in this PR and deferring that for later… OTOH it might be easier to do all now than to re-establish the context later.
|
Okay buildah tests all pass containers/buildah#6039, podman test is having an issue once I fix the podman tests I will address comments on this PR |
|
Ephemeral COPR build failed. @containers/packit-build please check. |
flouthoc
force-pushed
the
refactor-pull
branch
5 times, most recently
from
da19354 to
f1f8f60
Compare
|
@mtrmac Could you review the PR again ? I have modfied tests a little bit and also removed |
libimage/image_test.go
Outdated
| digestFound := false | ||
| for _, d := range digests { | ||
| if d.String() == origDigest.String() { | ||
| digestFound = true | ||
| break | ||
| } | ||
| } | ||
| require.True(t, digestFound, "original digest string should be present in the digests array of new pulled image") |
There was a problem hiding this comment.
That results in a bad error message, the proper matcher for this is require.Contains()
There was a problem hiding this comment.
I want to match .String() part of the object. I wonder if require.Contains would allow to me to match only .String() parts of it.
There was a problem hiding this comment.
digest is defined as type Digest string so there doesn't not seem to be a reason why you would need to match .String() as this does just a type cast to string
func (d Digest) String() string {
return string(d)
}
There was a problem hiding this comment.
(I’m academically interested in learning a good answer, but, pragmatically, I’m not worried. If the test ever fails, someone will add a few debugging prints.)
There was a problem hiding this comment.
(I’m academically interested in learning a good answer, but, pragmatically, I’m not worried. If the test ever fails, someone will add a few debugging prints.)
The first time this fails you would be greeted with a rather useless "true should equal false" message. Then in order to debug you would have to to extra work adding these prints which seems unnecessary. If the failure doesn't reproduce locally and/or is a flake then you must commit first all the debug info to CI so we can gather more useful logs which again is extra work.
One thing we should always assume is that the person who wrote the test is not the same person who will see this fail so they don't know what the test is doing, or even the same person will not remember right away and then you have to dig in the sources, etc... In the best case the error is good enough for another person to see what they broke without having to fully read and understand the entire test code. Or consider a QE person like Ed looking at flakes. They will not necessarily dig up the sources or understand them enough to then file a meaningful issue. If they just copy paste the test error it would be much more meaningful if it includes the real digests.
Logically for this this test there seem to be a few rather different cases I could see right away with the better error. The digest list is empty so the element cannot be part of it, list is not empty but only has different digests and similar maybe the digest algorithm was changed but the test still expects a sha256 one.
Sure here in c/common with these unit tests this is less of a concern compared to podman integration tests but still we should apply the same good habits everywhere.
flouthoc
force-pushed
the
refactor-pull
branch
2 times, most recently
from
82c2b5e to
706bcf2
Compare
flouthoc
force-pushed
the
refactor-pull
branch
2 times, most recently
from
280ee10 to
20e2caa
Compare
Following commit fixes a `race` condition in `libimage` because in `Pull(` after performing `copy` from remote sources it agains attempts to resolve image via `LookupImage`, any operation between `copy` and `LookupImage` can remove `name` from the recently pulled image. Causing race in builds. This issue was discoverd while working on PR containers/buildah#5971 ``` buildah build -t test --jobs=2 --skip-unused-stages=false . ``` Containerfile ``` FROM quay.io/jitesoft/alpine RUN arch FROM --platform=linux/arm64 quay.io/jitesoft/alpine AS foreign ``` Following commit also addresses the commit containers@e2324dd by performing the neccessary refactor. No functional change in public exposed API, exisiting tests should pass as-is. [NO NEW TESTS NEEDED] Signed-off-by: flouthoc <[email protected]>
Fix linter error ``` Error: libimage/copier.go:180:51: `(*Runtime).newCopier` - `reportResolvedReference` always receives `nil` (unparam) ``` Signed-off-by: flouthoc <[email protected]>
|
@containers/podman-maintainers @nalind PTAL |
|
Both |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, Luap99 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Following commit fixes a
racecondition inlibimagebecause inPull(after performingcopyfrom remote sources it agains attempts to resolve image viaLookupImage, any operation betweencopyandLookupImagecan removenamefrom the recently pulled image. Causing race in builds.Removing unnecessary
image -> name -> imageround-trip fromPull(This issue was discoverd while working on PR containers/buildah#5971
Containerfile
Following commit also addresses the commit e2324dd by performing the neccessary refactor.
No functional change in public exposed API, exisiting tests should pass as-is. [NO NEW TESTS NEEDED]