podman build fails with: --cache-from: repository must contain neither a tag nor digest

[jwendell]

Issue Description

podman build fails to accept an argument for --cache-from whereas docker accepts it. This breaks compatibility between the two tools.

Steps to reproduce the issue

Steps to reproduce the issue

1. Try any podman build with a cache image that makes use of a tag. e.g. podman build --cache-from gcr.io/istio-testing/build-tools:master-latest-amd64 -t quay.io/jwendell/a:a -f Dockerfile .
2. Replace podman with docker and the same command will succeed.

Describe the results you received

Error: unable to parse value provided [] to --cache-from: repository must contain neither a tag nor digest: gcr.io/istio-testing/build-tools:master-latest-amd64

Describe the results you expected

podman build to behave just like docker build and accept the image with tags.

podman info output

host:
  arch: amd64
  buildahVersion: 1.30.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.7-2.fc38.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.7, commit: '
  cpuUtilization:
    idlePercent: 91.39
    systemPercent: 1.44
    userPercent: 7.17
  cpus: 12
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    variant: workstation
    version: "38"
  eventLogger: journald
  hostname: jw-p1
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 1001
      size: 6665536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 1001
      size: 6665536
  kernel: 6.3.12-200.fc38.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 10985345024
  memTotal: 67157630976
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun-1.8.5-1.fc38.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.8.5
      commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-12.fc38.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 8589930496
  swapTotal: 8589930496
  uptime: 6h 30m 14.00s (Approximately 0.25 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/jwendell/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/jwendell/.local/share/containers/storage
  graphRootAllocated: 1022505254912
  graphRootUsed: 403197775872
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 3
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/jwendell/.local/share/containers/storage/volumes
version:
  APIVersion: 4.5.1
  Built: 1685123928
  BuiltTime: Fri May 26 13:58:48 2023
  GitCommit: ""
  GoVersion: go1.20.4
  Os: linux
  OsArch: linux/amd64
  Version: 4.5.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

No response

[Luap99]

@flouthoc PTAL

[flouthoc]

Buildah's distributed cache is different from docker's distributed cache are fundamentally different by design but functionally you can achieve similar cache result and there are few more perks which buildah's design provide.

Buildah expects and registry/rep format only and it will populate the registry with cache intermediate images however I do agree that this is not okay for compatibility purpose, I think one thing which we can do is start accepting tag and digest and silently ignore it ( with warning ) and only process registry/repo.

Lets see what other maintainers think on this @containers/buildah-maintainers @nalind WDYT ?

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[fjudith]

@flouthoc is correct.

As the error message says --cache-from and --cache-to does not support tags.

@jwendell: Simply remove the :master-latest-amd64

Notice that Docker/BuildX supports static tags for those command line argument, allowing to dramatically reduce the storage footprint in the registry. Podman/Buildah instead generates some random tag id.

[bjones]

AWS contributed support for import/export of OCI compatible image manifest for caching to buildkit and based on the information in this issue I'll assume this support isn't quite there in podman.

https://github.com/moby/buildkit/pull/3724

https://aws.amazon.com/blogs/containers/announcing-remote-cache-support-in-amazon-ecr-for-buildkit-clients/

--cache-to mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=.dkr.ecr..amazonaws.com/buildkit-test:cache
--cache-from type=registry,ref=.dkr.ecr..amazonaws.com/buildkit-test:cache