official-images icon indicating copy to clipboard operation
official-images copied to clipboard
verified publisher icon docker-library

The `org.opencontainers.image.version` and `org.opencontainers.image.source` may not be correct for the rust images

Open yeikel opened this issue 3 months ago • 1 comments

I noticed that the OCI annotations org.opencontainers.image.version and org.opencontainers.image.source may not be correct for the library/rust images

For example, this is the current state for the image library/rust:1.91.1-bookworm (some fields were removed for brevity) image

docker buildx imagetools inspect docker.io/library/rust:1.91.1-bookworm
Name:      docker.io/library/rust:1.91.1-bookworm
Digest:    sha256:af8fc166ddc0b7aa469f695dbb57c6f859dd440162dab6130d7e4714cbbf8dca

Manifests:
  Name:        docker.io/library/rust:1.91.1-bookworm@sha256:ac601c8b7ab8dd3999347ec85e7a77cc741677450ee0201e15d7f9a074501443
  Annotations:
    org.opencontainers.image.source:          https://github.com/rust-lang/docker-rust.git#0ad6d349fa1a5d6cc64e3bd9a27e5f6762df9abc:stable/bookworm
    org.opencontainers.image.version:         1-bookworm

In this example, org.opencontainers.image.version is set to 1-bookworm, which isn’t what I would expect for this tag. While I understand that it refers to the OS version, I believe it should instead reflect the Rust version as the OS is an abstraction detail.

For org.opencontainers.image.source, the value https://github.com/rust-lang/docker-rust.git#0ad6d349fa1a5d6cc64e3bd9a27e5f6762df9abc:stable/ is not a valid Git reference or clone URL, and it's unclear what the current value means. I suspect the correct value should be https://github.com/rust-lang/docker-rust/tree/0ad6d349fa1a5d6cc64e3bd9a27e5f6762df9abc instead

Additionally, as the image is not actually maintained in https://github.com/rust-lang/docker-rust as noted in https://github.com/rust-lang/docker-rust/issues/257, perhaps it should point to this repo instead

Additional context

https://github.com/rust-lang/docker-rust/issues/257

yeikel avatar Nov 17 '25 18:11 yeikel

  1. org.opencontainers.image.version is controlled by the library file for rust (library/rust in this repo). Technically it is the first value in the image tags for that image: https://github.com/docker-library/official-images/blob/5e38717491c05fbe58d57720031ec030ae0862d1/library/rust#L8

    In order to push the images, the tags must be unique across images within the rust repo. Since 1.91.1 is a tag on the Trixie variant, this bookworm image could not also use that tag (so the image.version annotation will likely contain the OS version and/or variant, like slim). https://github.com/docker-library/official-images/blob/5e38717491c05fbe58d57720031ec030ae0862d1/library/rust#L28

  2. https://github.com/rust-lang/docker-rust.git#0ad6d349fa1a5d6cc64e3bd9a27e5f6762df9abc:stable/

    This is the value that can be directly used by buildkit to docker buildx build it (https://docs.docker.com/build/concepts/context/#url-fragments).

  1. Additionally, as the image is not actually maintained in https://github.com/rust-lang/docker-rust

    The Dockerfiles are maintained over there. The things maintained here are a commit reference to those Dockerfiles (the library/rust file that is updated by the rust-lang/docker-rust maintainers and reviewed by Docker Official Images maintainers) and the multi-architecture infrastructure and tooling to build the images.

yosifkit avatar Nov 17 '25 19:11 yosifkit