Package: podman Version: 3.4.4+ds1-1 Severity: normal When running containers for a foreign architecture, podman run will hit the networking looking for images on every invocation:
----------------8<----------------8<----------------8<----------------- terceiro@host:~$ podman run --arch=arm64 debian arch Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob fa223d8c149d done Copying config 05e8051d05 done Writing manifest to image destination Storing signatures aarch64 terceiro@host:~$ podman run --arch=arm64 debian arch Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob fa223d8c149d [-----------------] 0.0b / 0.0b Copying config 05e8051d05 done Writing manifest to image destination Storing signatures aarch64 ----------------8<----------------8<----------------8<----------------- This means that if I try run a foreign container while I'm offline, I can't: ----------------8<----------------8<----------------8<----------------- terceiro@host:~$ podman run --arch=arm64 debian arch Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Error: initializing source docker://debian:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: dial udp 10.0.2.3:53: connect: network is unreachable ----------------8<----------------8<----------------8<----------------- Weirder than that, is that from this point on, a plain `podman run` will run the foreign container, instead of a native one (but will not hit the network, as I'm able to do that while still offline): ----------------8<----------------8<----------------8<----------------- terceiro@host:~$ podman run debian arch aarch64 ----------------8<----------------8<----------------8<----------------- To "fix" this, I have to explicitly pull the same image without any architecture request after coming online again: ----------------8<----------------8<----------------8<----------------- terceiro@host:~$ podman pull debian Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob dbba69284b27 done Copying config d69c6cd3a2 done Writing manifest to image destination Storing signatures d69c6cd3a20d21ec91b677c3bcd10d9975f4fe67eff81afb5a09bdef5134afeb terceiro@host:~$ podman run debian arch x86_64 ----------------8<----------------8<----------------8<----------------- I have checked the version in experimental, and this bug still applies to it. -- System Information: Debian Release: bookworm/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.16.0-6-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=pt_BR:pt:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages podman depends on: ii conmon 2.0.25+ds1-1.1 ii containernetworking-plugins 1.1.0+ds1-1 ii crun 0.17+dfsg-1.1 ii golang-github-containers-common 0.47.2+ds1-1 ii init-system-helpers 1.62 ii libc6 2.33-7 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libgpgme11 1.16.0-1.2 ii libseccomp2 2.5.3-2 ii runc 1.1.1+ds1-1 Versions of packages podman recommends: ii buildah 1.24.1+ds1-1 ii catatonit 0.1.7-1 ii fuse-overlayfs 1.8.2-1 ii golang-github-containernetworking-plugin-dnsname 1.3.1+ds1-2 ii slirp4netns 1.0.1-2 ii tini 0.19.0-1 ii uidmap 1:4.11.1+dfsg1-2 Versions of packages podman suggests: pn containers-storage <none> ii docker-compose 1.29.2-1 ii iptables 1.8.7-1 -- no debconf information
signature.asc
Description: PGP signature