buildah: Unknown media type during manifest conversion: "application/vnd.docker.image.rootfs.diff.tar.gzip"

Description

Steps to reproduce the issue:

I have an image built with Kaniko in CI, that I am trying to use as base image for another that I am building locally with podman build.

The local image has the following Containerfile

FROM ci-registry.company.com/image_build_with_kaniko
RUN echo "Hello"

If I build the image with podman build -f Containerfile -t tmp-image . I get the following error: (Adding --format=docker gets the same error)

Trying to pull ci-registry.company.com/image_build_with_kaniko
Getting image source signatures
Copying blob c408bb006db1 done  
Copying blob 60c686673fbf done  
Copying blob 46da271691fa done  
Copying blob 1aa347c632b6 done  
Copying config 04ee292f7a done  
Writing manifest to image destination
Storing signatures
Error: error creating build container: error preparing image configuration: error converting image 
"containers-storage:[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev]@04ee292f7a5549e765c99205acc567738a09eb084409cd71f6600facd3743c51" 
from "application/vnd.oci.image.manifest.v1+json" to "application/vnd.docker.distribution.manifest.v2+json": 
Unknown media type during manifest conversion: "application/vnd.docker.image.rootfs.diff.tar.gzip"

Describe the results you expected:

The build should continue, maybe? What is going wrong here?

Output of podman version if reporting a podman build issue:

3.4.4-1

Output of cat /etc/*release:

cat /etc/os-release
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"

Output of uname -a:

Linux PC 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

Did not touch this / Default one

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 22 (7 by maintainers)

Most upvoted comments

I found a potential solution to solve this issue.

If you build your base image with podman build -t base_image . as usual, you will obtain an OCI mediaType manifest.

{
  "schemaVersion": 2,
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "digest": "sha256:a5d8d05897e1e276091ddedaf52f71a9de72c79a0fba215e9d6a0c3197cbd2c2",
    "size": 1553
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar",
      "digest": "sha256:59880d7ef6d202374f5f4775b63d61a1e2930c432c3a4f08237ed0f7f0c8e704",
      "size": 165120000
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar",
      "digest": "sha256:a11181b4bd92e5bf3c9589104bafa2e147d4cc5ee6b6c7f68a8d0baf7b1454cc",
      "size": 154247680
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar",
      "digest": "sha256:869d2f57befc8c54774604bb3646484f3e5691d4b1ff1da24b4e89f51573f03e",
      "size": 1978880
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar",
      "digest": "sha256:151e4cb91d30564ead5de52542bc9b40e2eb71c54b48fc394d5eebb0586c6353",
      "size": 251123200
    }
  ]
}

then you do:

podman push -f v2s2 registry.company.ch/base_image

when you push it to your registry.

This will allow you to have a Docker mediaType manifest.

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
  "config": {
    "mediaType": "application/vnd.docker.container.image.v1+json",
    "size": 1555,
    "digest": "sha256:a78f1cad57997e34791a23c64c031d0221cc6420fe5f284acfd1b369c9a4dda3"
  },
  "layers": [
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 64239979,
      "digest": "sha256:07132c1cc1a35ac077e1e2dd3de6875ebb1c74940398b56de41f214d6b3ebf51"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 97080546,
      "digest": "sha256:d10c72bf83d8e121602feee8a3b2a525c6426ce0b8058ac417182c78c7142444"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 515713,
      "digest": "sha256:86d3ca747a85bba71e083de35aaa72aa9ecc47c379f9664d26643a4c3e7e37be"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 122365225,
      "digest": "sha256:88e39919aa9eb54475ed8b43fc2d034642f91a2dba5b04a822ea25926d1ed490"
    }
  ]
}

which will no more be a problem for Kaniko and its way of adding Docker mediaType layers in your manifest.

+5
K-A-R-I-M on Mar 17, 2022

I dunno. https://github.com/GoogleContainerTools/kaniko/issues/1836 is labeled “help wanted”, so one or both of:

  • Contribute a fix in Kaniko
  • Modify c/image to accept (and canonicalize??) such images.

Obviously doing neither, and hoping Kaniko fixes it without help, is attractive.

+1
mtrmac on Jan 14, 2022

We have images built with Kaniko that can be run by Podman 3.3.1 on CentOS Stream 8, but not pushed to another registry because of this.

Yes, that’s the same underlying cause. The Kaniko-built images are inconsistent, and basically any kind of consumption (not just builds using Buildah) could, in principle, cause them to be rejected. (The actual implementation only rejects them on some code paths, but that’s just an implementation detail, not a maintained feature.)

+1
mtrmac on Dec 14, 2021
Read more comments on GitHub
← buildah: Unable to push an image builded using buildah with overlayfs storage drive
buildah: Unprivileged Rootless Buildah on Kubernetes fails due to newgidmap/newuidmap: Operation not permitted error →