-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build fails if containerd is used with an untrusted builder #2270
Comments
Have you tried this on an intel Macos machine? I think |
No, I sadly cannot test on Intel. Building works on my machine if I disable containerd, both use AMD64 builder images. What I noticed is that imgutil uses different code paths when for saving if containerd is enabled or not. I was unsure where to file the issue, but I can open is there as well if you like. |
Yeah, if I remember correctly, using containerd has a performance penalty right now, some context here and we have that different path on imgutil, I will try to reproduce it on intel with containerd |
It's weird that trusted / untrusted seems to make a difference here. What image are we trying to fetch the base layers for? |
FWIW the error message seems to be coming from here: https://github.com/containerd/containerd/blob/61f91b963ef244daec1bda6700fe3f0b1aee50c6/core/images/archive/exporter.go#L335 I haven't found any references to this error in issues in any of buildpacks/moby/containerd. Would take some digging to understand how this could occur. This reminds me of this issue we encountered when iterating between storage drivers. I know this is unsatisfying, but could you perhaps try clearing your image cache to see if that helps at all? |
@modulo11 any further thoughts on this one? |
Not really. After #2266 has been merged, the situation improved a bit for me. |
Based on your comment I will close this issue for now, if something comes up, feel free to reopen it and leave us a comment. |
FWIW, you can recreate this pretty consistently (not exactly the same message, and I'm running on Mac intel, in a devcontainer) with skaffold. There is probably an issue on skaffold side too, but if you're looking for reproductions, here it is. Not Working:
error (I patched this skaffold version to run 0.36.0 of pack, to see if I could get a better error):
With the "stock" lib of skaffold v2.13.2 (0.35.1):
Working
Works fine:
|
Summary
Using the containerd backend in Docker together with an untrusted builder fails the build:
Docker Desktop enabled the containerd backend for new installations starting with v4.34.0.
Reproduction
Steps
git clone https://github.com/paketo-buildpacks/samples.git
cd samples/nodejs/npm
pack --verbose build --clear-cache --builder paketobuildpacks/builder-jammy-base:latest sample-node
Current behavior
Build fails.
Expected behavior
Build succeeds.
Environment
pack info
docker info
The text was updated successfully, but these errors were encountered: