Skip to content

compare and swap of inconsistently typed value into Value #1659

New issue
New issue
Closed
Bug
#1705
#1702
Closed
compare and swap of inconsistently typed value into Value#1659
Bug
#1705
#1702
Labels
bugSomething isn't working
Milestone
v1.3.0-beta.3
@t0rr3sp3dr0

Description

@t0rr3sp3dr0
t0rr3sp3dr0
opened on Mar 14, 2025

What happened in your environment?

$ oras cp --debug --from-oci-layout /tmp/tmp.myy8yhEX0K/layout:latest docker.io/t0rr3sp3dr0/artifact:9
[2025-03-14T12:00:20.568929586-07:00][DEBUG]: --> Request #0
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:9962653ad9942a0395b0aaa3ede86df38c536e5f4a4f994e8e14f310cd02f060"
> Request method: "HEAD"
> Request headers:
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:21.412847735-07:00][DEBUG]: <-- Response #0
< Response Status: "401 Unauthorized"
< Response headers:
   "Date": "Fri, 14 Mar 2025 19:00:21 GMT"
   "Content-Length": "163"
   "Strict-Transport-Security": "max-age=31536000"
   "Docker-Ratelimit-Source": "199.7.158.237"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Www-Authenticate": "Bearer realm=\"https://auth.docker.io/token\",service=\"registry.docker.io\",scope=\"repository:t0rr3sp3dr0/artifact:pull\""
< Response body:
   No response body to print


[2025-03-14T12:00:21.41310947-07:00][DEBUG]: --> Request #1
> Request URL: "https://auth.docker.io/token?scope=repository%3At0rr3sp3dr0%2Fartifact%3Apull%2Cpush&service=registry.docker.io"
> Request method: "GET"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:22.335004909-07:00][DEBUG]: <-- Response #1
< Response Status: "200 OK"
< Response headers:
   "X-Trace-Id": "de3f05e3097ffb02cb4c4a88f0254e89"
   "X-Trace-Sampled": "false"
   "Date": "Fri, 14 Mar 2025 19:00:22 GMT"
   "Strict-Transport-Security": "max-age=31536000"
   "Content-Type": "application/json"
< Response body:
   Response body redacted due to potential credentials


[2025-03-14T12:00:22.335426785-07:00][DEBUG]: --> Request #2
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:9962653ad9942a0395b0aaa3ede86df38c536e5f4a4f994e8e14f310cd02f060"
> Request method: "HEAD"
> Request headers:
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:22.608872455-07:00][DEBUG]: <-- Response #2
< Response Status: "404 Not Found"
< Response headers:
   "Ratelimit-Limit": "100;w=21600"
   "Ratelimit-Remaining": "96;w=21600"
   "Docker-Ratelimit-Source": "199.7.158.237"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:22 GMT"
   "Content-Length": "205"
   "Strict-Transport-Security": "max-age=31536000"
< Response body:
   No response body to print


[2025-03-14T12:00:22.609748307-07:00][DEBUG]: --> Request #3
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:864600262b1e5038c414109347f29f2b2ce9a32f97bcbfca7171b4a3a432081d"
> Request method: "HEAD"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "Authorization": "*****"


[2025-03-14T12:00:22.609749038-07:00][DEBUG]: --> Request #4
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:3c07c728108d69cd8488fe2e0f9bfcb4f1f83b0e28cc73d2fd563127cacb58ef"
> Request method: "HEAD"
> Request headers:
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:22.609985225-07:00][DEBUG]: --> Request #5
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:ee463696d628f1d132b92719f0de0acc53efb1db39580abfd125ae0e757dc2bc"
> Request method: "HEAD"
> Request headers:
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:22.844818731-07:00][DEBUG]: <-- Response #3
< Response Status: "404 Not Found"
< Response headers:
   "Strict-Transport-Security": "max-age=31536000"
   "Ratelimit-Limit": "100;w=21600"
   "Ratelimit-Remaining": "96;w=21600"
   "Docker-Ratelimit-Source": "199.7.158.237"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:22 GMT"
   "Content-Length": "205"
< Response body:
   No response body to print


[2025-03-14T12:00:22.846803803-07:00][DEBUG]: --> Request #6
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:89f54a57ae089ddb1cd2051037c0ab588c96ebf22a7d57ff3220558f9bdacc5c"
> Request method: "HEAD"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "Authorization": "*****"


[2025-03-14T12:00:23.154470463-07:00][DEBUG]: <-- Response #4
< Response Status: "404 Not Found"
< Response headers:
   "Strict-Transport-Security": "max-age=31536000"
   "Ratelimit-Limit": "100;w=21600"
   "Ratelimit-Remaining": "96;w=21600"
   "Docker-Ratelimit-Source": "199.7.158.237"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:22 GMT"
   "Content-Length": "205"
< Response body:
   No response body to print


[2025-03-14T12:00:23.155085164-07:00][DEBUG]: --> Request #7
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/sha256:e94c0ba80a1157ffab5b5c6656fffc089c6446c7ed0604f3382910d1ef7dd40d"
> Request method: "HEAD"
> Request headers:
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:23.388815543-07:00][DEBUG]: <-- Response #5
< Response Status: "404 Not Found"
< Response headers:
   "Ratelimit-Remaining": "96;w=21600"
   "Docker-Ratelimit-Source": "199.7.158.237"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "205"
   "Strict-Transport-Security": "max-age=31536000"
   "Ratelimit-Limit": "100;w=21600"
< Response body:
   No response body to print


[2025-03-14T12:00:23.389223887-07:00][DEBUG]: --> Request #8
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/manifests/sha256:b32e436a009f91ccaf9c314c578e13fd10b87011ddb01b2332bae510da78bf17"
> Request method: "HEAD"
> Request headers:
   "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:23.441586719-07:00][DEBUG]: <-- Response #6
< Response Status: "404 Not Found"
< Response headers:
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "205"
   "Strict-Transport-Security": "max-age=31536000"
   "Ratelimit-Limit": "100;w=21600"
   "Ratelimit-Remaining": "96;w=21600"
   "Docker-Ratelimit-Source": "199.7.158.237"
< Response body:
   No response body to print


[2025-03-14T12:00:23.441786729-07:00][DEBUG]: <-- Response #7
< Response Status: "404 Not Found"
< Response headers:
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "157"
   "Strict-Transport-Security": "max-age=31536000"
   "Content-Type": "application/json"
< Response body:
   No response body to print


Copying e94c0ba80a11 application/vnd.oci.image.config.v1+json
[2025-03-14T12:00:23.441922587-07:00][DEBUG]: --> Request #9
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a"
> Request method: "HEAD"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"
   "Authorization": "*****"


[2025-03-14T12:00:23.441932354-07:00][DEBUG]: --> Request #10
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/uploads/"
> Request method: "POST"
> Request headers:
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:23.64364044-07:00][DEBUG]: <-- Response #8
< Response Status: "404 Not Found"
< Response headers:
   "Ratelimit-Limit": "100;w=21600"
   "Ratelimit-Remaining": "96;w=21600"
   "Docker-Ratelimit-Source": "199.7.158.237"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "205"
   "Strict-Transport-Security": "max-age=31536000"
< Response body:
   No response body to print


[2025-03-14T12:00:23.644410285-07:00][DEBUG]: --> Request #11
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/sha256:c35cc88a60ef455580256694b0e3027e7ff7918b4792109bec423d1c4807c0b9"
> Request method: "HEAD"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"
   "Authorization": "*****"


[2025-03-14T12:00:23.690947209-07:00][DEBUG]: <-- Response #10
< Response Status: "401 Unauthorized"
< Response headers:
   "Content-Length": "242"
   "Strict-Transport-Security": "max-age=31536000"
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Www-Authenticate": "Bearer realm=\"https://auth.docker.io/token\",service=\"registry.docker.io\",scope=\"repository:t0rr3sp3dr0/artifact:pull,push\",error=\"insufficient_scope\""
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
< Response body:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"t0rr3sp3dr0/artifact","Action":"pull"},{"Type":"repository","Class":"","Name":"t0rr3sp3dr0/artifact","Action":"push"}]}]}



[2025-03-14T12:00:23.691231676-07:00][DEBUG]: --> Request #12
> Request URL: "https://auth.docker.io/token?scope=repository%3At0rr3sp3dr0%2Fartifact%3Apull%2Cpush&service=registry.docker.io"
> Request method: "GET"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:23.79297986-07:00][DEBUG]: <-- Response #9
< Response Status: "307 Temporary Redirect"
< Response headers:
   "Content-Type": "application/octet-stream"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Location": "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/44/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a/data?expires=1741981823&signature=6qY%2FgnQdKnXdaZpOpSdMhXhOMQE%3D&version=2"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Strict-Transport-Security": "max-age=31536000"
< Response body:
   No response body to print


[2025-03-14T12:00:23.793665416-07:00][DEBUG]: --> Request #13
> Request URL: "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/44/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a/data?expires=1741981823&signature=6qY%2FgnQdKnXdaZpOpSdMhXhOMQE%3D&version=2"
> Request method: "HEAD"
> Request headers:
   "Referer": "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:23.86981237-07:00][DEBUG]: <-- Response #11
< Response Status: "404 Not Found"
< Response headers:
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "157"
   "Strict-Transport-Security": "max-age=31536000"
   "Content-Type": "application/json"
< Response body:
   No response body to print


Copying c35cc88a60ef /tmp/tmp.myy8yhEX0K/layer.tgz
[2025-03-14T12:00:23.87045686-07:00][DEBUG]: --> Request #14
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/uploads/"
> Request method: "POST"
> Request headers:
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:23.870486991-07:00][DEBUG]: <-- Response #12
< Response Status: "200 OK"
< Response headers:
   "X-Trace-Sampled": "false"
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Strict-Transport-Security": "max-age=31536000"
   "Content-Type": "application/json"
   "X-Trace-Id": "83970b2bbf0ca162dad341bf2bf97292"
< Response body:
   Response body redacted due to potential credentials


[2025-03-14T12:00:23.871041605-07:00][DEBUG]: --> Request #15
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/uploads/"
> Request method: "POST"
> Request headers:
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:24.079761578-07:00][DEBUG]: <-- Response #14
< Response Status: "401 Unauthorized"
< Response headers:
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Www-Authenticate": "Bearer realm=\"https://auth.docker.io/token\",service=\"registry.docker.io\",scope=\"repository:t0rr3sp3dr0/artifact:push,pull\",error=\"insufficient_scope\""
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "242"
   "Strict-Transport-Security": "max-age=31536000"
< Response body:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"t0rr3sp3dr0/artifact","Action":"pull"},{"Type":"repository","Class":"","Name":"t0rr3sp3dr0/artifact","Action":"push"}]}]}



[2025-03-14T12:00:24.080084685-07:00][DEBUG]: --> Request #16
> Request URL: "https://auth.docker.io/token?scope=repository%3At0rr3sp3dr0%2Fartifact%3Apull%2Cpush&service=registry.docker.io"
> Request method: "GET"
> Request headers:
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:24.10777585-07:00][DEBUG]: <-- Response #15
< Response Status: "401 Unauthorized"
< Response headers:
   "Content-Type": "application/json"
   "Docker-Distribution-Api-Version": "registry/2.0"
   "Www-Authenticate": "Bearer realm=\"https://auth.docker.io/token\",service=\"registry.docker.io\",scope=\"repository:t0rr3sp3dr0/artifact:pull,push\",error=\"insufficient_scope\""
   "Date": "Fri, 14 Mar 2025 19:00:23 GMT"
   "Content-Length": "242"
   "Strict-Transport-Security": "max-age=31536000"
< Response body:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"t0rr3sp3dr0/artifact","Action":"pull"},{"Type":"repository","Class":"","Name":"t0rr3sp3dr0/artifact","Action":"push"}]}]}



[2025-03-14T12:00:24.108667277-07:00][DEBUG]: --> Request #17
> Request URL: "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/sha256:e9302bbb2fb8f6c2df866d3c4e41917849442f89a575f36f43366a7279804f70"
> Request method: "HEAD"
> Request headers:
   "Authorization": "*****"
   "User-Agent": "oras/1.3.0-beta.2"


[2025-03-14T12:00:24.108832789-07:00][ERROR]: <-- Response #16
Error in getting response: POST "https://registry-1.docker.io/v2/t0rr3sp3dr0/artifact/blobs/uploads/": response status code 401: unauthorized: authentication required: [map[Action:pull Class: Name:t0rr3sp3dr0/artifact Type:repository] map[Action:push Class: Name:t0rr3sp3dr0/artifact Type:repository]]


panic: sync/atomic: compare and swap of inconsistently typed value into Value

goroutine 226 [running]:
sync/atomic.(*Value).CompareAndSwap(0xc0004c40b0, {0x0, 0x0}, {0x978720, 0xc00049e7e0})
        sync/atomic/value.go:174 +0x150
oras.land/oras-go/v2/internal/syncutil.Go[...].func1.func2()
        oras.land/oras-go/v2@v2.5.1-0.20250221033735-cb6d75be7dd4/internal/syncutil/limit.go:86 +0xe6
golang.org/x/sync/errgroup.(*Group).Go.func1()
        golang.org/x/sync@v0.11.0/errgroup/errgroup.go:78 +0x50
created by golang.org/x/sync/errgroup.(*Group).Go in goroutine 74
        golang.org/x/sync@v0.11.0/errgroup/errgroup.go:75 +0x93

What did you expect to happen?

ORAS should not panic when it receives 401 from the registry.

How can we reproduce it?

Run oras cp to push an image to a registry that you are not authenticated.

What is the version of your ORAS CLI?

Version: 1.3.0-beta.2
Go version: go1.24.0
OS/Arch: linux/amd64
Git commit: 87379d2
Git tree state: clean

What is your OS environment?

Ubuntu 24.04 LTS

Are you willing to submit PRs to fix it?

  • Yes, I am willing to fix it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions