c8d/inspect: Fix image inspect for incomplete images#51629
Merged
thaJeztah merged 1 commit intomoby:masterfrom Dec 2, 2025
Merged
c8d/inspect: Fix image inspect for incomplete images#51629thaJeztah merged 1 commit intomoby:masterfrom
thaJeztah merged 1 commit intomoby:masterfrom
Conversation
vvoland
commented
Dec 1, 2025
| // }, | ||
| // ``` | ||
| func TestImageInspectWithoutSomeBlobs(t *testing.T) { | ||
| t.Skip("TODO(vvoland): Come up with minimal images for this test") |
Contributor
Author
There was a problem hiding this comment.
TODO, but perhaps still fine to merge if we were to do a patch release.
Contributor
Author
There was a problem hiding this comment.
A unit test is here:
moby/daemon/containerd/image_inspect_test.go
Lines 64 to 88 in 2e3a23c
196632b to
3b3c49b
Compare
thaJeztah
reviewed
Dec 1, 2025
thaJeztah
reviewed
Dec 1, 2025
1c9798b to
53bdde1
Compare
When inspecting multi-platform images where some layer blobs were missing from the content store, the image inspect operation would return too early causing some data (like config details or unpacked size) to be omitted even though are available. This ensures that `docker image inspect` returns as much information as possible. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
53bdde1 to
2e3a23c
Compare
thaJeztah
reviewed
Dec 1, 2025
Comment on lines
+112
to
+116
| resp.Author = img.Author | ||
| resp.Architecture = img.Architecture | ||
| resp.Variant = img.Variant | ||
| resp.Os = img.OS | ||
| resp.OsVersion = img.OSVersion |
Member
There was a problem hiding this comment.
Could possibly move some of these together with where we construct the initial response. Did a quick try to see what it would look like; https://github.com/vvoland/moby/compare/c8d-fix-images...thaJeztah:51629_suggestions?expand=1
Contributor
Author
There was a problem hiding this comment.
We could, not sure if that's better though - currently there's a nicer separation around which fields come from config and it's also in the same place as the special handling for Comment and DiffIDs.
maikelvl
pushed a commit
to maikelvl/rancher-desktop
that referenced
this pull request
Jan 10, 2026
Update alpineLimaISO from v0.2.46.rd5 (Alpine 3.22.2) to v0.2.47.rd1 (Alpine 3.23.0). Alpine 3.22 ships with Docker 28.3.3 which has a bug where `docker inspect` returns empty image config metadata for multi-platform OCI images (moby/moby#51566). This causes Kubernetes `runAsNonRoot` security context validation to fail even when images correctly specify a non-root USER. Alpine 3.23 ships with Docker 29.1.3 which includes the fix (moby/moby#51629). Fixes: rancher-sandbox#9671 Fixes: rancher-sandbox#9739
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
docker image inspectbecomes corrupted #51566When inspecting multi-platform images where some layer blobs were missing from the content store, the image inspect operation would return too early causing some data (like config details or unpacked size) to be omitted even though are available.
This ensures that
docker image inspectreturns as much information as possible.- What I did
- How I did it
- How to verify it
TestImageInspect/inspect image with one layer missingunit test- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)