This image index is nominally compliant with image-spec, as I understand it:
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 426,
"digest": "sha256:8f3b47c7984464f417f9d5f5e232ac3fae6453e84f053724fef457c4ba67ceaf",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 426,
"digest": "sha256:186b7bca3cb745dfc4bd6f2ec1cdf310f30e70ad795cd17bbee6698cc9f3aacc",
"platform": {
"architecture": "amd64",
"os": "linux"
}
}
}
Note that it has two manifests, each with an identical platform (linux+amd64), but each pointing to a different image manifest digest.
The question is: what should a client do when asked to pull and run a platform-dependent image in this index?
Based on local experimentation, docker pull (v20.10.6) pulls the first item it finds in the list, and logs a debug message if it saw 2+ that matched the target platform (1, 2). Incidentally, a brief code search doesn't find any unit tests covering this behavior in the docker CLI codebase. 😬
I don't know how other clients would handle this case, and AFAIK this platform matching behavior isn't governed by any OCI spec. It would be easy to imagine a client changing their behavior either accidentally or on purpose and surprising users. A malicious image could be pulled and executed innocuously on certain runtimes and maliciously on others.
What guidance should OCI give for clients attempting to match a platform in an index, when they encounter multiple matching platforms? Should distribution-spec recommend rejecting pushes for such an index?
Other considerations:
- the two matching manifests might point to identical
digests, in which case the difference is moot 🤷♂️
- the two matching manifests might point to identical
digests, but with different sizes, only one of which might be valid, but there's no way to know without pulling the manifest by digest -- should it just fail?
- the two matching manifests might have different
mediaTypes, of which multiple might be valid and others not -- should it just fail?
- there might be N matching manifests, with any combination of the above issues
What OCI spec(s), if any, should govern this behavior?
Is an index containing multiple images with the same platform considered valid on purpose?
This image index is nominally compliant with image-spec, as I understand it:
Note that it has two
manifests, each with an identicalplatform(linux+amd64), but each pointing to a different image manifestdigest.The question is: what should a client do when asked to pull and run a platform-dependent image in this index?
Based on local experimentation,
docker pull(v20.10.6) pulls the first item it finds in the list, and logs a debug message if it saw 2+ that matched the target platform (1, 2). Incidentally, a brief code search doesn't find any unit tests covering this behavior in thedockerCLI codebase. 😬I don't know how other clients would handle this case, and AFAIK this platform matching behavior isn't governed by any OCI spec. It would be easy to imagine a client changing their behavior either accidentally or on purpose and surprising users. A malicious image could be pulled and executed innocuously on certain runtimes and maliciously on others.
What guidance should OCI give for clients attempting to match a platform in an index, when they encounter multiple matching
platforms? Should distribution-spec recommend rejecting pushes for such an index?Other considerations:
digests, in which case the difference is moot 🤷♂️digests, but with differentsizes, only one of which might be valid, but there's no way to know without pulling the manifest by digest -- should it just fail?mediaTypes, of which multiple might be valid and others not -- should it just fail?What OCI spec(s), if any, should govern this behavior?
Is an index containing multiple images with the same
platformconsidered valid on purpose?