Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-7471

Quay can't list referrers of manifest with artifact type using V2 API

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • quay-v3.12.0
    • quay
    • False
    • Hide

      None

      Show
      None
    • False

      Description:

      This is an issue found in Quay.io when checking OCI list referrers, the testing results show when use "artifactType=text/spdx", quay can return the referrers successfully, but when use "artifactType=application/spdx+json", quay can't return the referrers, pls review this issue.

      OCI Spec:

      https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-referrers 

      Quay:  quay.io

      skopeo inspect docker://quay.io/lzha/ocilistreferrs:sha256-0de63ba2d98ab328218a1b6373def69ec0d0e7535866f50589111285f2bf3fb8  --raw | jq 
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:342bba778f804eb916006c952ebb51d281d0d4f982bd9fc1d4a120eef4075166",
      "size": 793,
      "annotations": {
        "org.opencontainers.image.created": "2024-07-15T04:57:32Z",
        "producer": "syft 0.63.0"
      },
      "artifactType": "application/spdx+json"
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:814a632fddc16a7ad93a714691cf8429375c9a15bab0d2f14be449cc8f7bd9eb",
      "size": 776,
      "annotations": {
        "org.opencontainers.image.created": "2024-07-15T04:58:14Z",
        "producer": "syft 0.63.0"
      },
      "artifactType": "text/spdx"
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:f195f9f73b0e30aab9014237d3a5f25a42673b072956d03215c984dfb4ee2a6f",
      "size": 806,
      "annotations": {
        "org.opencontainers.image.created": "2024-07-15T04:58:43Z",
        "producer": "syft 0.63.0"
      },
      "artifactType": "application/vnd.cyclonedx+json"
    }
  ]
}

//https://quay.io/v2/lzha/ocilistreferrs/referrers/sha256:0de63ba2d98ab328218a1b6373def69ec0d0e7535866f50589111285f2bf3fb8?artifactType=application/spdx+json
curl --location 'https://quay.io/v2/lzha/ocilistreferrs/referrers/sha256:0de63ba2d98ab328218a1b6373def69ec0d0e7535866f50589111285f2bf3fb8?artifactType=application%2Fspdx+json' \
--header 'Authorization: Bearer ******' | jq
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": []
}

//https://quay.io/v2/lzha/ocilistreferrs/referrers/sha256:0de63ba2d98ab328218a1b6373def69ec0d0e7535866f50589111285f2bf3fb8?artifactType=text/spdx
curl --location 'https://quay.io/v2/lzha/ocilistreferrs/referrers/sha256:0de63ba2d98ab328218a1b6373def69ec0d0e7535866f50589111285f2bf3fb8?artifactType=text%2Fspdx' \
--header 'Authorization: Bearer ******'
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:814a632fddc16a7ad93a714691cf8429375c9a15bab0d2f14be449cc8f7bd9eb",
      "size": 776
    }
  ]
}

        1. image-2024-07-18-16-30-19-472.png
          image-2024-07-18-16-30-19-472.png
          252 kB
        2. image-2024-07-18-16-28-46-055.png
          image-2024-07-18-16-28-46-055.png
          401 kB

              sleesinc Kenny Lee Sin Cheong
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: