I noticed that recently docker (buildkit) pushed image manifests are sometimes not readable by Docker.Registry.DotNet.
Specifically, the call to IManifestOperations.GetManifestAsync() fails.
I don't know much about API specs, but I did a little research, so here's the information.
This seems to be related to the provenance option when building with docker buildx (buildkit).
Recent versions seem to default to the equivalent of --provenance true.
An image built with it will have an error getting the manifest.
Even if you use the same version of docker buildx, the image built with --provenance false can get the manifest normally.
When built with --provenance true, the MediaType in the manifest seems to be application/vnd.oci.*****.
I think it's relevant here. (But I don't fully understand what this means.)
https://docs.docker.com/build/attestations/slsa-provenance/
Failure to retrieve the manifest appears to be due to the fact that the current(v1.2.1) GetManifestAsync() does not support this MediaType.
Specifically, the server seems to be returning a 404 Not Found because the Accept header of the request does not contain application/vnd.oci.*****.
For reference, here are the materials I used when I tried it.
https://github.com/toras9000/test-docker-registry
You may have already figured it out, but I've included it for reference.
I rely on translation tools. I'm sorry if there is a strange sentence.
I noticed that recently docker (buildkit) pushed image manifests are sometimes not readable by Docker.Registry.DotNet.
Specifically, the call to IManifestOperations.GetManifestAsync() fails.
I don't know much about API specs, but I did a little research, so here's the information.
This seems to be related to the provenance option when building with docker buildx (buildkit).
Recent versions seem to default to the equivalent of
--provenance true.An image built with it will have an error getting the manifest.
Even if you use the same version of docker buildx, the image built with
--provenance falsecan get the manifest normally.When built with
--provenance true, the MediaType in the manifest seems to beapplication/vnd.oci.*****.I think it's relevant here. (But I don't fully understand what this means.)
https://docs.docker.com/build/attestations/slsa-provenance/
Failure to retrieve the manifest appears to be due to the fact that the current(v1.2.1) GetManifestAsync() does not support this MediaType.
Specifically, the server seems to be returning a 404 Not Found because the Accept header of the request does not contain application/vnd.oci.*****.
For reference, here are the materials I used when I tried it.
https://github.com/toras9000/test-docker-registry
You may have already figured it out, but I've included it for reference.
I rely on translation tools. I'm sorry if there is a strange sentence.