1

我正在尝试将 snyk 与使用 podman 管理的私有托管存储库一起使用。

snyk container test --username="user" --password="pass" --platform="linux/arm64" oci.example.com/image -d

我也尝试过使用oci.example.com/image:latest oci.example.com/image:arm64并确保它们存在于存储库中。

我不断收到的错误是: snyk-test error: FailedToRunTestError: OCI manifest found, but accept header does not support OCI manifests

我可以直接使用 API 重现相同的错误: curl -u 'user:pass' -i -H "Accept: application/vnd.docker.distribution.manifest.v2+json" https://oci.example.com/v2/mailpile/image/latest

这虽然有效: curl -u 'user:pass' -i -H "Accept: application/vnd.oci.image.manifest.v1+json" https://oci.example.com/v2/[IMAGE]/manifests/latest

我想知道我错过了什么。也许 snyk 依赖于一个podman push oci.example.com/image似乎没有提供的 distribution.manifest,阅读后怀疑:https Due to the way image-name references are internally processed, you should not use the usual podman push and podman rmi subcommands. THEY WILL NOT DO WHAT YOU EXPECT! Instead, you’ll want to use podman manifest push --all <src> <dest> and podman manifest rm <name> (similarly for buildah). These will push/remove the manifest list itself instead of the contents. Similarly for tagging if you’re on Podman v3.4, use the buildah tag command instead. ://podman.io/blogs/2021/10/11/multiarch.html 我也验证了这个偷看manifest inspect,确实它似乎只是默认情况下附加图像并且没有distribution.manifest。

OpenSUSE Debian Podman repo 最新版本:

$ podman --version
podman version 3.3.1
$ buildah --version
buildah version 1.21.3 (image-spec 1.0.1-dev, runtime-spec 1.0.2-dev)

从文章中The podman tag command is broken for manifest lists in v3.4, but works in Buildah v1.23.1.我不完全确定这意味着什么以及这如何影响我的情况。

所以我试着按照上面的文章:

podman push oci.example.com/image:arm64
podman manifest add oci.example.com/image:latest docker://oci.example.com/image:arm64
podman manifest push --all oci.example.com/image:latest docker://oci.example.com/image:latest

然后运行 snyk container test --username="user" --password="pass" --platform="linux/arm64" oci.example.com/image -d

仍然得到同样的错误: snyk-test error: FailedToRunTestError: OCI manifest found, but accept header does not support OCI manifests 如果我尝试同样的问题:arm64

但尝试:latest标记。 snyk container test --username="user" --password="pass" --platform="linux/arm64" oci.example.com/image:latest -d snyk-test error: FailedToRunTestError: Cannot read property 'digest' of undefined

我试图从注册表中删除图像并重新开始: curl -u 'user:pass' -i -H "Accept: application/vnd.oci.image.manifest.v1+json" https://oci.example.com/v2/image/manifests/latest

curl -u "user:pass" -X "DELETE" https://oci.example.com/v2/image/manifests/sha256:1298754b84f5fa37425cd5c2ccc4eb7a1f70433611ad430e467d8e8d52caeced

..但总是得到类似的结果。

4

1 回答 1

0

修复步骤:

podman build --format=docker -t oci.example.com/image .

podman push oci.example.com/image oci.example.com/image

于 2021-11-13T09:35:31.880 回答