Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cache: don't skip unlazy without blob check #4210

Merged
merged 2 commits into from
Sep 26, 2023

Conversation

tonistiigi
Copy link
Member

@tonistiigi tonistiigi commented Sep 7, 2023

fixes #3809

What's happening is that two builds interact with layer that has same uncompressed digest and different compressed digest. In that case we detect this and "link" the records so they will use the same snapshot and avoid duplicates. https://github.com/moby/buildkit/blob/master/cache/manager.go#L218 This means that because of lazy references the blob saved with getBlob() has not been pulled while snapshot exists.

In the #3809 problem arises when Filelist is called because of the SBOM attestation

// lazy blobs need to be pulled first
if err := sr.Extract(ctx, s); err != nil {
return nil, err
}
desc, err := sr.ociDesc(ctx, sr.descHandlers, false)
if err != nil {
return nil, err
}
ra, err := sr.cm.ContentStore.ReaderAt(ctx, desc)
if err != nil {
return nil, err
}
. The "not found" error happens inside the ReaderAt because it can't find the blob. While there is an Unlazy step before this call to make sure we have local data, the current check only looks for the snapshot and not the blob. I guess another way to trigger this would be to try to push the second build into a different registry that doesn't already have any of the base layers.

Marking as draft for now as I try to find a way to trigger this with integration test.

@sipsma

@aaronlehmann
Copy link
Collaborator

Perhaps a long shot, but I wonder if #3856 might be fixed by this or have a similar cause?

@tonistiigi
Copy link
Member Author

@aaronlehmann I think it's unlikely

@tonistiigi tonistiigi force-pushed the unlazy-missing-blob branch 2 times, most recently from 14f21d1 to dfcb140 Compare September 9, 2023 02:12
@tonistiigi tonistiigi marked this pull request as ready for review September 9, 2023 02:13
@tonistiigi
Copy link
Member Author

@ktock Looks like this PR has some effect on stargz cache import tests. Could you take a look?

@ktock
Copy link
Collaborator

ktock commented Sep 11, 2023

@tonistiigi Thanks for notifying me. Extract() method with remote snapshotters doesn't guarantee that the layer content exists in the content store (because it defers downloading the layer until the actual image creation). And the tests check that behaviour.

I agree with the current implementation of FileList() that computes the filelist from the raw tarball rather than snapshot differ. So can we add a flag to unlazy() to enable forcibly downloading the layer contents to the content store even on remote snapshotters? And this should be enabled only from FileList().

Example patch based on your commit is like this : ktock@2c8acb0

@tonistiigi
Copy link
Member Author

@ktock I used your commit as a base and changed it around a bit. PTAL.

Copy link
Collaborator

@ktock ktock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM about unlazy-related codes.
Left a comment about the containerd worker's differ.

Attrs: map[string]string{
"name": name2,
"push": "true",
"compression-level": "9",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

containerd-rootless test uses containerd worker + native snapshotter. In this configuration, buildkitd relies on containred's differ via containerd client that doesn't support changing the compression level. So this doesn't produce the difference for the created blob. Can we use something like non-compressed tar or zstd here so that we can make sure the same layer with different compressed blobs?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ktock I ran into the compression-level directive being ignored by exporters in another context, is that behavior documented somewhere?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pjonsson FYI #4275 solves the issue. Please post an issue if that doesn't fix it.

@ktock
Copy link
Collaborator

ktock commented Sep 25, 2023

@tonistiigi This PR seems accidentally closed? #4275 doesn't include commits of this PR so could you rebase this PR on top of #4275 ?

@ktock ktock reopened this Sep 26, 2023
@ktock
Copy link
Collaborator

ktock commented Sep 26, 2023

d733225 is still needed to pass CI.

@tonistiigi
Copy link
Member Author

@ktock Sorry, I rebased the wrong branch.

@jedevc jedevc merged commit 5e6497c into moby:master Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ERROR: content digest sha256:***: not found
5 participants