Skip to content

c8d: buildx build, load, and import don't preserve dangling image #48907

New issue
New issue
Open
Bug
Open
c8d: buildx build, load, and import don't preserve dangling image#48907
Bug
Assignees
jsternberg
Labels
containerd-integrationIssues and PRs related to containerd integrationkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.status/0-triageversion/27.3
Milestone
29.0.0
@yosifkit

Description

@yosifkit
yosifkit
opened on Nov 20, 2024

Description

With containerd enabled, docker buildx build -t repo:tag (whether using the in-daemon build or a docker-container builder), docker import and docker load fail to preserve an image that already exists as the specified repo:tag.

docker pull and docker build (classic) do not exhibit this failure.

Reproduce

$ docker pull busybox:latest
Using default tag: latest
latest: Pulling from library/busybox
430378704d12: Download complete
Digest: sha256:5b0f33c83a97f5f7d12698df6732098b0cdb860d377f6307b68efe2c6821296f
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
$ docker images
...
busybox                                   latest          5b0f33c83a97   7 weeks ago     6.56MB

$ docker buildx build --progress=plain -t busybox:latest - <<EOF
FROM debian:bullseye
RUN touch foo
EOF
...
#6 exporting manifest sha256:3e76f5ea99fc0e229db1d62904b35049898a3bf08bbc0ca1038ad72604361926 done
#6 exporting config sha256:0962991c94f182518173b0e367ffe896a2609643b1fc8a9d78891224a06355b0 done
#6 exporting attestation manifest sha256:af89643f4c323de8d5a1ffb48df44109e30f547fc76e1144befee5702874df2a 0.0s done
#6 exporting manifest list sha256:ff5864949de931b93494acac119c99f4f7e6cb001860fe0486ac41f222744896
#6 exporting manifest list sha256:ff5864949de931b93494acac119c99f4f7e6cb001860fe0486ac41f222744896 done
#6 naming to docker.io/library/busybox:latest done
#6 unpacking to docker.io/library/busybox:latest 0.0s done
#6 DONE 0.1s
$ docker images
REPOSITORY                                TAG             IMAGE ID       CREATED          SIZE
busybox                                   latest          ff5864949de9   17 seconds ago   197MB
...
$ # 5b0f33c83a97 is not is the images output
$ $ docker image inspect 5b0f33c83a97
[]
Error response from daemon: No such image: 5b0f33c83a97:latest

The same happens if you replace the docker buildx build ... with a docker load that contains an image with that tag or a docker import /dev/null busybox:latest.

Expected behavior

docker buildx build, docker load and docker import should behave the same way as docker pull and docker build (classic) and keep the old image as a dangling reference.

docker version

Client: Docker Engine - Community
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:41:11 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Desktop  ()
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:11 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    27.3.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1-desktop.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-buildx

... removed irrelevant plugins ...

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 30
 Server Version: 27.3.1
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 5.15.153.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 20
 Total Memory: 31.18GiB
 Name: docker-desktop
 ID: 78016afb-38ee-4a54-a6ca-19d78c22412c
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///var/run/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

Additional Info

Loading in non-containerd would warn users that the image would be renamed as the "empty string"

moby/image/tarexport/load.go

Line 248 in 1c00dfc

fmt.Fprintf(outStream, "The image %s already exists, renaming the old one with ID %s to empty string\n", reference.FamiliarString(ref), string(prevID)) // todo: this message is wrong in case of multiple tags

Metadata

Metadata

Assignees

Labels

containerd-integrationIssues and PRs related to containerd integrationkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.status/0-triageversion/27.3

Type

Bug

Projects

containerd integration

Status

To do
Containerd-as-default

Status

Required for default containerd
🔦 Maintainer spotlight

Status

Complete

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions