Skip to content

dockerfile: download frozen images with regctl #50668

Draft
crazy-max wants to merge 2 commits intomoby:masterfrom
crazy-max:frozen-with-regctl
Draft

dockerfile: download frozen images with regctl #50668
crazy-max wants to merge 2 commits intomoby:masterfrom
crazy-max:frozen-with-regctl

Conversation

@crazy-max
Copy link
Member

@crazy-max crazy-max commented Aug 8, 2025

alternative to #50659

Use regctl to download frozen images instead of our script. About rate limitation that might happen in GHA so I was thinking we could mount docker config of the runner as secret when building on CI. Can be a follow-up if you want. Didn't remove the script yet as it lives in contrib dir so might be used by other projects. From a quick look, not many.

@crazy-max crazy-max changed the title Frozen with regctl dockerfile: download frozen images with regctl Aug 8, 2025
@crazy-max crazy-max force-pushed the frozen-with-regctl branch from 3304905 to c0a6551 Compare August 8, 2025 11:44
@thaJeztah
Copy link
Member

thaJeztah commented Aug 8, 2025
edited
Loading

we could mount docker config of the runner as secret when building on CI

Or - in future(?);

@thaJeztah thaJeztah mentioned this pull request Feb 10, 2026
Closed
@crazy-max crazy-max mentioned this pull request Feb 12, 2026
Merged
@crazy-max
Copy link
Member Author

crazy-max commented Feb 12, 2026

Argh OCI layout will not work with graphdriver obviously:

=== FAIL: amd64.docker.docker.integration.session  (0.00s)
Loaded image: arm32v7/hello-world:latest
panic: error loading frozen images: invalid archive: does not contain a manifest.json

goroutine 1 [running]:
github.com/moby/moby/v2/integration/session.TestMain(0xc0002950e0)
	/go/src/github.com/docker/docker/integration/session/main_test.go:37 +0x1d5
main.main()
	_testmain.go:59 +0xa5

goroutine 8 [runnable]:
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp.(*client).contextWithStop.func1({0xf0be38?, 0xc000383d10?}, 0xc000049a20)
	/go/src/github.com/docker/docker/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go:387 +0x76
created by go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp.(*client).contextWithStop in goroutine 18
	/go/src/github.com/docker/docker/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go:386 +0xe5

goroutine 11 [IO wait]:
internal/poll.runtime_pollWait(0x7f9ab3369000, 0x72)
	/usr/local/go/src/runtime/netpoll.go:351 +0x85
internal/poll.(*pollDesc).wait(0xc0000fde00?, 0xc0003dc000?, 0x0)
	/usr/local/go/src/internal/poll/fd_poll_runtime.go:84 +0x27
internal/poll.(*pollDesc).waitRead(...)
	/usr/local/go/src/internal/poll/fd_poll_runtime.go:89
internal/poll.(*FD).Read(0xc0000fde00, {0xc0003dc000, 0x1000, 0x1000})
	/usr/local/go/src/internal/poll/fd_unix.go:165 +0x279
net.(*netFD).Read(0xc0000fde00, {0xc0003dc000?, 0x40ae94?, 0x0?})
	/usr/local/go/src/net/fd_posix.go:68 +0x25
net.(*conn).Read(0xc000068240, {0xc0003dc000?, 0x40ac85?, 0xc0003d4210?})
	/usr/local/go/src/net/net.go:196 +0x45
net/http.(*persistConn).Read(0xc0003c06c0, {0xc0003dc000?, 0x7f2485?, 0xf019c0?})
	/usr/local/go/src/net/http/transport.go:2125 +0x47
bufio.(*Reader).fill(0xc000089aa0)
	/usr/local/go/src/bufio/bufio.go:113 +0x103
bufio.(*Reader).Peek(0xc000089aa0, 0x1)
	/usr/local/go/src/bufio/bufio.go:152 +0x53
net/http.(*persistConn).readLoop(0xc0003c06c0)
	/usr/local/go/src/net/http/transport.go:2278 +0x172
created by net/http.(*Transport).dialConn in goroutine 9
	/usr/local/go/src/net/http/transport.go:1947 +0x174f

goroutine 12 [select]:
net/http.(*persistConn).writeLoop(0xc0003c06c0)
	/usr/local/go/src/net/http/transport.go:2600 +0xe7
created by net/http.(*Transport).dialConn in goroutine 9
	/usr/local/go/src/net/http/transport.go:1948 +0x17a5

@thaJeztah
Copy link
Member

thaJeztah commented Feb 13, 2026

Argh OCI layout will not work with graphdriver obviously:

Curious; could graph drivers also do without the manifest.json? Otherwise, perhaps regctl could write a hybrid tar? (I think that's what docker and containerd do? So an OCI bundle with extra files?)

cc @sudo-bmitch

@sudo-bmitch
Copy link

sudo-bmitch commented Feb 13, 2026
edited
Loading

Argh OCI layout will not work with graphdriver obviously:

Curious; could graph drivers also do without the manifest.json? Otherwise, perhaps regctl could write a hybrid tar? (I think that's what docker and containerd do? So an OCI bundle with extra files?)

cc @sudo-bmitch

regctl only includes the manifest.json on single platform images. At least in the past, multi-platform images wouldn't import into docker. You can use --platform local on the commands where you want to dereference to the local platform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@crazy-max @thaJeztah @sudo-bmitch