Unable to read image using Docker daemon provider when architecture has variant #143
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was looking at anchore/grype#831, and it seems like this is ultimately a problem with how Stereoscope is determining "architecture" and "variant" values for a given image, particularly in the code path used for reading images using the
DaemonImageProvider.How to reproduce
With Stereoscope checked out locally, run:
go run ./examples/basic.go docker:ghcr.io/mattmoor/static@sha256:b7dcd21f108cfed6c394aa18240a26c02f904337a962ca0ffe17368de5c65a23And you'll see:
Analysis
On this line, It looks like when the Docker daemon provider is attaching metadata to the image, it's setting the architecture to
i.Architecture, and setting the variant to"". During the problem scenario,i.Architectureis set toarm/v7— which means the variant ("v7") hasn't been separated out correctly. This causes the error to bubble up out ofWithArchitecturebecausearm/v7isn't in the known architectures list (butarmis).So my first takeaway is: I think we shouldn't necessarily use
""as the variant in this code path.But what's also interesting is that the source of the
arm/v7value is this call into the Docker client library. The return type (ImageInspect) has explicit fields forArchitectureandVariantseparately, so I'm not sure why it's not separating out thev7into the variant for us so we don't have to.Curious for your all's thoughts! This issue ends up being a showstopper for Syft and Grype users with Apple Silicon using Docker Desktop and images with variants. 🙏
The text was updated successfully, but these errors were encountered: