compose icon indicating copy to clipboard operation
compose copied to clipboard
verified publisher icon docker

[BUG] No referrers-API backwards compatibility on "publish --app"

Open Silvanoc opened this issue 2 weeks ago • 1 comments

Description

According the OCI Distribution spec v1.1 "Backwards compatibiltiy" section:

Client implementations MUST support registries that implement partial or older versions of the OCI Distribution Spec. This section describes client fallback procedures that MUST be implemented when a new/optional API is not available from a registry.

Neither GitHub nor GitLab support the referrers API. So the current implementation of the feature publish --app is useless with these registries, because there is no way to recover the digest of the "referrer" (except analyzing verbose publish).

The specification describes how to detect lack of support for the referrers API.

And how to implement backwards compatibility over the so-called "Referrers tag schema".

Steps To Reproduce

No response

Compose Version

`Docker Compose version 5.0.0`

Docker Environment

Client: Docker Engine - Community
 Version:    29.1.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.30.1
    Path:     /opt/homebrew/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  5.0.0
    Path:     /opt/homebrew/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 2
  Running: 1
  Paused: 0
  Stopped: 1
 Images: 22
 Server Version: 29.1.2
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Discovered Devices:
  cdi: lima-vm.io/rosetta=cached
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1c4457e00facac03ce1d75f7b6777a7a851e5c41
 runc version: v1.3.4-0-gd6d73eb8
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-47-generic
 Operating System: Ubuntu 24.04.1 LTS
 OSType: linux
 Architecture: aarch64
 CPUs: 2
 Total Memory: 3.814GiB
 Name: colima
 ID: b6eece13-9e52-41d5-8562-23f5e5b35c24
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  localhost:20000
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Firewall Backend: iptables

Anything else?

No response

Silvanoc avatar Dec 08 '25 08:12 Silvanoc

The specification describes how to detect lack of support for the referrers API.

This is the challenging part: as compose relies on containerd's oci client, which transparently manages fallback, we can't detect lack of Referers API support by the target registry

ndeloof avatar Dec 09 '25 09:12 ndeloof

This is the challenging part: as compose relies on containerd's oci client, which transparently manages fallback, we can't detect lack of Referers API support by the target registry

Well, that's an intrinsic consequence of components integration. You inherit their bugs 😄

The specification is clear and containerd probably wants to be conformant, so I'd propose that you file a bug there and make this bug dependent on that one.

Silvanoc avatar Dec 12 '25 18:12 Silvanoc