Kaniko fails to push images with duplicate layers with identical diff IDs but differing blobs

[JacobHenner]

Actual behavior

Kaniko fails to push images that have duplicated layers, where such layers have identical diff IDs but differing blobs.

This issue was previously reported in go-containerregistry: https://github.com/google/go-containerregistry/issues/2034

A fork of Kaniko purports to have worked around this limitation: https://github.com/coder/kaniko/pull/35

Expected behavior

Kaniko should be able to push the image, even if it has duplicated layers that match the conditions stated above. In case such images are considered invalid, Kaniko should at least display an error message explaining the cause of the problem.

To Reproduce

Steps to reproduce the behavior:

1. Generate a simple container image (A) using Kaniko
2. Append a tarball to image A using crane append, resulting in image A'
3. Generate a new container image (B), using A' as its parent image.
4. Append the same tarball from step 2 to image B using crane append, resulting in image B'
5. Attempt to push B' to an empty container repo
6. Observe MANIFEST_BLOB_UNKNOWN: blob unknown to registry when the duplicated layer is reached for the second time.

Additional Information

• Kaniko Image (fully qualified with digest): gcr.io/kaniko-project/executor:v1.23.2-debug@sha256:c3109d5926a997b100c4343944e06c6b30a6804b2f9abe0994d3de6ef92b028e

Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing	- [ ]
Please check if the build works in docker but not in kaniko	- [ ]
Please check if this error is seen when you use --cache flag	- [ ]
Please check if your dockerfile is a multistage dockerfile	- [ ]