Skip to content

Issues with manifest lists | KeyError: 'config' #93

New issue
New issue
Open
Open
Issues with manifest lists | KeyError: 'config'#93
@judokan9

Description

@judokan9
judokan9
opened on Feb 28, 2025

The check has problems with images that use manifest lists. Ironically, for example, the Icinga2 image cannot be checked and the check gives the following error:

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/check_docker/check_docker.py", line 998, in main
    [x.result() for x in futures.as_completed(threads)]
  File "/usr/local/lib/python3.11/dist-packages/check_docker/check_docker.py", line 998, in <listcomp>
    [x.result() for x in futures.as_completed(threads)]
     ^^^^^^^^^^
  File "/usr/lib/python3.11/concurrent/futures/_base.py", line 449, in result
    return self.__get_result()
           ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/concurrent/futures/_base.py", line 401, in __get_result
    raise self._exception
  File "/usr/lib/python3.11/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/check_docker/check_docker.py", line 632, in check_version
    registry_hash = get_digest_from_registry(url)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/check_docker/check_docker.py", line 378, in get_digest_from_registry
    return registry_info['config'].get('digest', None)
           ~~~~~~~~~~~~~^^^^^^^^^^
KeyError: 'config'

This happens because the manifest does not contain a Config entry:

{
    'schemaVersion': 2, 
    'mediaType': 'application/vnd.oci.image.index.v1+json', 
    'manifests': [
        {'mediaType': 'application/vnd.oci.image.manifest.v1+json', 'digest': 'sha256:dacfc0b8d5bc567b5de103296529c72fddc2688dcc821aa08caf9c301b5d6c35', 'size': 2385, 'platform': {'architecture': 'amd64', 'os': 'linux'
            }
        },
        {'mediaType': 'application/vnd.oci.image.manifest.v1+json', 'digest': 'sha256:fed9386c1ec1564707e95520b4c7b9af153ab4341e5b9bec558222e44a4d2acc', 'size': 2385, 'platform': {'architecture': 'arm64', 'os': 'linux'
            }
        },
        {'mediaType': 'application/vnd.oci.image.manifest.v1+json', 'digest': 'sha256: 3b58251d1c86f2d4ec37123ffdce146e7d7e1652112accdccd34dccc3ff6a658', 'size': 566, 'annotations': {'vnd.docker.reference.digest': 'sha256:dacfc0b8d5bc567b5de103296529c72fddc2688dcc821aa08caf9c301b5d6c35', 'vnd.docker.reference.type': 'attestation-manifest'
            }, 'platform': {'architecture': 'unknown', 'os': 'unknown'
            }
        },
        {'mediaType': 'application/vnd.oci.image.manifest.v1+json', 'digest': 'sha256: 3b14989985a71fa8adc77c92ed3f738c2cbd9ccb47dc6037a9106629878c59d1', 'size': 566, 'annotations': {'vnd.docker.reference.digest': 'sha256:fed9386c1ec1564707e95520b4c7b9af153ab4341e5b9bec558222e44a4d2acc', 'vnd.docker.reference.type': 'attestation-manifest'
            }, 'platform': {'architecture': 'unknown', 'os': 'unknown'
            }
        }
    ]
}

To solve this, the manifest for the target architecture must be downloaded by using the digest hash from the manifest list instead of the latest tag to get the correct image digest hash:

{'schemaVersion': 2, 'mediaType': 'application/vnd.oci.image.manifest.v1+json', 'config': {'mediaType': 'application/vnd.oci.image.config.v1+json', 'digest': 'sha256: 667de65f235bb86b8423e4bf670d93227430257ad32deaaeab778bc9e26697ec', 'size': 3989
    }, 'layers': [
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256:c29f5b76f736a8b555fd191c48d6581bb918bcd605a7cbcc76205dd6acff3260', 'size': 28212303
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 6454c3450d268c04910a3d96cc09c70250d6da07e9fa7489a91917f535e611b5', 'size': 99753703
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 5a59cfc41ef2ee01f61cd07aedd96836577332b8b65bd8a6770b3cd23a073af2', 'size': 1786292
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 76772d7c47d48075dddad3cf62f12bad7e8ac8af0d0b333f20612e2b71819818', 'size': 1194
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 9e66e0420e15afb5a6fd7d7ad08d1cc0f6c54dbdcc85d926192a86d6e40d7046', 'size': 25437
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256:cfc9491d8558dd7aecf83a87882faee5aab3b5fe570b06a179fcf62e83d2c785', 'size': 38126
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 047c7797326c8233e6d2ea32ba54f278378cd28dacd49a43b2276c8aeb81e232', 'size': 118597
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256:0ec2b999dccf896bbdf1c71d5d5acae74375f4cd466d5a4d07ca111e5c137d2b', 'size': 54486
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 31f88142c6475fe02c719f227e3bc0ed89b6df1c122abce0a15418da1cad0d9e', 'size': 8123583
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 064771a6dcb5d10374aff02aabfc8460147fd1a65f097c9d7f75fff4ef1626c9', 'size': 98
        },
        {'mediaType': 'application/vnd.oci.image.layer.v1.tar+gzip', 'digest': 'sha256: 73b6bcc0bb40e9c207235eb0761cb531facd5f18c4a462a40950cdcb4a0e5b4e', 'size': 9285
        }
    ]
}

I have incorporated the fix in #92

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions