oras icon indicating copy to clipboard operation
oras copied to clipboard
verified publisher icon oras-project

make image spec flag defaults to `v1.1`

Open qweeah opened this issue 1 year ago • 1 comments

Historically ORAS user is able to push an artifact with pre-baked config data:

> oras version
Version:        1.2.0-beta.1
Go version:     go1.21.6
Git commit:     9ffdb3eec60b969d842af1a9e699202e0827fa01
Git tree state: clean
> echo "my config" > config
> oras push localhost:5000/test:config --config config
✓ Uploaded  application/vnd.unknown.config.v1+json                                                                             10/10  B 100.00%   65ms
  └─ sha256:d2dd07b796dd3f3c95c4d0f05f3807428e1ab9010bcfc704d55f2de9536589a4
✓ Uploaded  application/vnd.oci.empty.v1+json                                                                                    2/2  B 100.00%   73ms
  └─ sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
✓ Uploaded  application/vnd.oci.image.manifest.v1+json                                                                       474/474  B 100.00%   33ms
  └─ sha256:b43de09173341653d188292e0e507b1bc8be0fad45ed4a23d12f9533aebe9c7e
Pushed [registry] localhost:5000/test:config
Digest: sha256:b43de09173341653d188292e0e507b1bc8be0fad45ed4a23d12f9533aebe9c7e
> oras manifest fetch localhost:5000/test:config --pretty
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.unknown.config.v1+json",
    "digest": "sha256:d2dd07b796dd3f3c95c4d0f05f3807428e1ab9010bcfc704d55f2de9536589a4",
    "size": 10
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.empty.v1+json",
      "digest": "sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "size": 2,
      "data": "e30="
    }
  ],
  "annotations": {
    "org.opencontainers.image.created": "2024-04-08T08:22:23Z"
  }
}

The baked artifact doesn't contain artifactType field, which is not compliant to the OCI artifact guidance.

We still allow the above behavior to avoid breaking change in 1.* versions. The workaround is to set the default value of --image-spec to auto, when --artifact-type is not provided, switch to v1.0 automatically.

In v2 we should

  1. Remove the auto switch: set the default value of --image-spec to v1.1
  2. Ban the behavior and user need to use --image-spec v1.0 --config xxx to bake v1.0 OCI artifacts (without artifactType) explicitly.

qweeah avatar Apr 08 '24 08:04 qweeah

Linking related comment https://github.com/oras-project/oras/issues/1061#issuecomment-2042085185

FeynmanZhou avatar Apr 09 '24 05:04 FeynmanZhou