From unknown Tue Aug 19 21:02:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#47525: docker layer DiffID incorrect Resent-From: Tom Hiller Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 31 Mar 2021 17:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 47525 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 47525@debbugs.gnu.org Cc: piotr.krol@3mdeb.com X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16172100659132 (code B ref -1); Wed, 31 Mar 2021 17:02:02 +0000 Received: (at submit) by debbugs.gnu.org; 31 Mar 2021 17:01:05 +0000 Received: from localhost ([127.0.0.1]:55378 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lReDI-0002ND-TE for submit@debbugs.gnu.org; Wed, 31 Mar 2021 13:01:05 -0400 Received: from lists.gnu.org ([209.51.188.17]:60968) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRe7m-0002D3-VE for submit@debbugs.gnu.org; Wed, 31 Mar 2021 12:55:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53466) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRe7m-0007Nv-IF for bug-guix@gnu.org; Wed, 31 Mar 2021 12:55:22 -0400 Received: from mail-qk1-x735.google.com ([2607:f8b0:4864:20::735]:42834) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lRe7k-00074K-SH for bug-guix@gnu.org; Wed, 31 Mar 2021 12:55:22 -0400 Received: by mail-qk1-x735.google.com with SMTP id y5so19996442qkl.9 for ; Wed, 31 Mar 2021 09:55:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:cc:from:subject:message-id:date:user-agent:mime-version :content-language; bh=FxGnz2s8/BKRT8REpJA+NdeEpGy6CLMe7b1Fkeh0cWw=; b=BVKTsy2UmBfyeZI4ssFrpf9OQruOVmkI5MD1WRo+RGp6DquYA/zkfxY44SRU7VFh5F 6lBksWBtw4W4akvVEW8oBOBGUAgRlCaAemC68zKVy1po4+uOtS7gR6sxF/q99BIHnNHx VWIOtnfCsc1T912zM2sCqu/p+W53u97iPxtARdrOcRUQArZvHjTwwIljeqXQS5zYAwSa aueXEKOmYEO3v/vmuj99hCCafQScUVo+mHI7dVMZCSwDdrkRT8t5VtFSSmQYEpQ+6VVX YmAhE9/uBsyZMtkw0H2K5piws04nHq1LncVRpOImVgoKqKDMRbbRRbxsZeFj9sPXYkW7 Ucng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:message-id:date:user-agent :mime-version:content-language; bh=FxGnz2s8/BKRT8REpJA+NdeEpGy6CLMe7b1Fkeh0cWw=; b=j0svXvzM4wfPBwpeFvWLAGKEzWnEzMylJh3YefOA4YhsB0bvDF4MskASFkzVTdEd/E /V27j4b9GO1oanVXUBQySQ+Eb/izlmjIU7jy2N3QK/Al4fqqark67BEOnlcoE2LDjg4R NA36YlsqzPIdwlKW3tyM56BG9U8VfCIFv8lyT7CnlTgEL2LcmVmt4Hn/5MAy1wu2zdCe +wIoOHWTDk8xwqmRvMMvtHSEY9sX9biYBEJK+rGdjuSGq/g03iloUKdO35Qw4MfoEdBp ACOUKdlPu9dF6bhrB/TGnHMg5ghQPwDiQavQCULP6wyttYz7xdp/kuN1Um8rKMRjWHrO SSDg== X-Gm-Message-State: AOAM532qVOVnF+DyInCBW4S39T/x5USr11p7tcZRqDI2qmB40KYcAVxY fTK5Vccqn7iaOmwZNIE+chhLFs9UwsT0RA== X-Google-Smtp-Source: ABdhPJy/kjBH7Cw6mTM4llDOdvaeW6UCIAR0OO8mgqjFDaOFBJuQhZUh+HYcBW4H1fSQGLnr0ZRD+Q== X-Received: by 2002:a05:620a:2f8:: with SMTP id a24mr4210207qko.124.1617209719199; Wed, 31 Mar 2021 09:55:19 -0700 (PDT) Received: from [10.69.28.93] ([86.106.143.30]) by smtp.gmail.com with ESMTPSA id l17sm1641598qtk.60.2021.03.31.09.55.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 31 Mar 2021 09:55:18 -0700 (PDT) From: Tom Hiller Message-ID: <858efb67-1d3c-9dfc-361f-b19fefe6a1f0@gmail.com> Date: Wed, 31 Mar 2021 12:55:17 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------256126E01E7193F7616A29FB" Content-Language: en-US-large Received-SPF: pass client-ip=2607:f8b0:4864:20::735; envelope-from=thrilleratplay@gmail.com; helo=mail-qk1-x735.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Mailman-Approved-At: Wed, 31 Mar 2021 13:01:04 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This is a multi-part message in MIME format. --------------256126E01E7193F7616A29FB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit The Docker image created using "guix pack -f Docker" generates the sha256 checksum of config.json as the layer diff id used in manifiest.json, repositories and the parent directory name of layer.tar.  When extracting the contents of the Docker image, the sha256 checksum of config.json does not match the used for the layer.  As Docker currently does not seem to verify this, the image will still work but may not always be the case. I am not familiar with Guile Scheme, but as best as I can determine in guix/gnu/services/docker.scm the checksum calculated in layer-diff-idis the of Scheme native. and not the ultimate JSON document.** --------------256126E01E7193F7616A29FB Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

The Docker image created using "guix pack -f Docker" generates the sha256 checksum of config.json as the layer diff id used in manifiest.json, repositories and the parent directory name of layer.tar.  When extracting the contents of the Docker image, the sha256 checksum of config.json does not match the used for the layer.  As Docker currently does not seem to verify this, the image will still work but may not always be the case.


I am not familiar with Guile Scheme, but as best as I can determine in guix/gnu/services/docker.scm the checksum calculated in layer-diff-id is the of Scheme native. and not the ultimate JSON document.

--------------256126E01E7193F7616A29FB--