Skip to content

Commit d4e00c6

Browse files
KavyaSree2610Kavya Sree Kaitepalli
andauthored
Fix multiarch image push in docker engine (#15548)
Co-authored-by: Kavya Sree Kaitepalli <kkaitepalli@microsoft.com>
1 parent e1db111 commit d4e00c6

2 files changed

Lines changed: 48 additions & 1 deletion

File tree

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
From a7ef4a208d96a71162ed3b0f04ec90112ead44fd Mon Sep 17 00:00:00 2001
2+
From: henry118 <henryw@amazon.com>
3+
Date: Sat, 10 May 2025 00:00:00 +0000
4+
Subject: [PATCH] Fix multiarch image push tag for containerd snapshotter
5+
6+
When the "containerd-snapshotter" feature is enabled and pushing multiarch
7+
images, all platform specific image manifests should be pushed by digest,
8+
but only the top level manifest index should be pushed by tag. In the previous
9+
implementation in moby, all of them were pushed by tag.
10+
11+
This replicates the similar logic in containerd:
12+
https://github.com/containerd/containerd/blob/main/client/client.go#L485-L488
13+
14+
Signed-off-by: henry118 <henryw@amazon.com>
15+
---
16+
daemon/containerd/image_push.go | 11 ++++++++++-
17+
1 file changed, 10 insertions(+), 1 deletion(-)
18+
19+
diff --git a/daemon/containerd/image_push.go b/daemon/containerd/image_push.go
20+
index 1234567..abcdefg 100644
21+
--- a/daemon/containerd/image_push.go
22+
+++ b/daemon/containerd/image_push.go
23+
@@ -144,7 +144,16 @@ func (i *ImageService) pushRef(ctx context.Context, targetRef reference.Named, p
24+
wrapped := wrapWithFakeMountableBlobs(store, mountableBlobs)
25+
store = wrapped
26+
27+
- pusher, err := resolver.Pusher(ctx, targetRef.String())
28+
+ // Annotate ref with digest to push only push tag for single digest
29+
+ ref := targetRef
30+
+ if _, digested := ref.(reference.Digested); !digested {
31+
+ ref, err = reference.WithDigest(ref, target.Digest)
32+
+ if err != nil {
33+
+ return err
34+
+ }
35+
+ }
36+
+
37+
+ pusher, err := resolver.Pusher(ctx, ref.String())
38+
if err != nil {
39+
return err
40+
}
41+
--
42+
2.39.0

SPECS/moby-engine/moby-engine.spec

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
Summary: The open-source application container engine
44
Name: moby-engine
55
Version: 25.0.3
6-
Release: 14%{?dist}
6+
Release: 15%{?dist}
77
License: ASL 2.0
88
Group: Tools/Container
99
URL: https://mobyproject.org
@@ -29,6 +29,8 @@ Patch11: CVE-2025-22869.patch
2929
Patch12: CVE-2025-30204.patch
3030
Patch13: CVE-2024-51744.patch
3131
Patch14: CVE-2025-58183.patch
32+
#This can be removed when upgraded to v25.0.15
33+
Patch15: fix-multiarch-image-push-tag.patch
3234

3335
%{?systemd_requires}
3436

@@ -124,6 +126,9 @@ fi
124126
%{_unitdir}/*
125127

126128
%changelog
129+
* Wed Jan 21 2025 Kavya Sree Kaitepalli <kkaitepalli@microsoft.com> - 25.0.3-15
130+
- Fix multiarch image push tag
131+
127132
* Sat Nov 15 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 25.0.3-14
128133
- Patch for CVE-2025-58183
129134

0 commit comments

Comments
 (0)