Bug#1009376: running foreign architecture containers hits the network every time and confuses future `podman run` invocations
Control: forwarded -1 https://github.com/containers/podman/issues/13897 On Fri, Apr 15, 2022 at 05:25:31PM -0400, Reinhard Tartler wrote: > Control: tag -1 upstream > > Hi Antonio, > > Can you please file a report upstream here: > https://github.com/containers/podman/issues -- upstream is really friendly > with reports from other Distros, in particular from Debian. I'm not sure > what value I can bring as a package maintainer here. Fair enough. Just did that. signature.asc Description: PGP signature
Bug#1009376: running foreign architecture containers hits the network every time and confuses future `podman run` invocations
Control: tag -1 upstream Hi Antonio, Can you please file a report upstream here: https://github.com/containers/podman/issues -- upstream is really friendly with reports from other Distros, in particular from Debian. I'm not sure what value I can bring as a package maintainer here. Thanks. Regards, -rt On Tue, Apr 12, 2022 at 2:27 PM Antonio Terceiro wrote: > Package: podman > Version: 3.4.4+ds1-1 > Severity: normal > > When running containers for a foreign architecture, podman run will hit > the networking looking for images on every invocation: > > 8<8<8<- > terceiro@host:~$ podman run --arch=arm64 debian arch > Resolved "debian" as an alias > (/etc/containers/registries.conf.d/shortnames.conf) > Trying to pull docker.io/library/debian:latest... > Getting image source signatures > Copying blob fa223d8c149d done > Copying config 05e8051d05 done > Writing manifest to image destination > Storing signatures > aarch64 > terceiro@host:~$ podman run --arch=arm64 debian arch > Resolved "debian" as an alias > (/etc/containers/registries.conf.d/shortnames.conf) > Trying to pull docker.io/library/debian:latest... > Getting image source signatures > Copying blob fa223d8c149d [-] 0.0b / 0.0b > Copying config 05e8051d05 done > Writing manifest to image destination > Storing signatures > aarch64 > 8<8<8<- > > This means that if I try run a foreign container while I'm offline, I > can't: > > 8<8<8<- > terceiro@host:~$ podman run --arch=arm64 debian arch > Resolved "debian" as an alias > (/etc/containers/registries.conf.d/shortnames.conf) > Trying to pull docker.io/library/debian:latest... > Error: initializing source docker://debian:latest: pinging container > registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": > dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: dial udp 10.0.2.3:53: > connect: network is unreachable > 8<8<8<- > > Weirder than that, is that from this point on, a plain `podman run` will > run the foreign container, instead of a native one (but will not hit the > network, as I'm able to do that while still offline): > > 8<8<8<- > terceiro@host:~$ podman run debian arch > aarch64 > 8<8<8<- > > To "fix" this, I have to explicitly pull the same image without any > architecture request after coming online again: > > 8<8<8<- > terceiro@host:~$ podman pull debian > Trying to pull docker.io/library/debian:latest... > Getting image source signatures > Copying blob dbba69284b27 done > Copying config d69c6cd3a2 done > Writing manifest to image destination > Storing signatures > d69c6cd3a20d21ec91b677c3bcd10d9975f4fe67eff81afb5a09bdef5134afeb > terceiro@host:~$ podman run debian arch > x86_64 > 8<8<8<- > > I have checked the version in experimental, and this bug still applies > to it. > > -- System Information: > Debian Release: bookworm/sid > APT prefers testing-debug > APT policy: (900, 'testing-debug'), (900, 'testing'), (500, > 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, > 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.16.0-6-amd64 (SMP w/4 CPU threads; PREEMPT) > Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), > LANGUAGE=pt_BR:pt:en > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages podman depends on: > ii conmon 2.0.25+ds1-1.1 > ii containernetworking-plugins 1.1.0+ds1-1 > ii crun 0.17+dfsg-1.1 > ii golang-github-containers-common 0.47.2+ds1-1 > ii init-system-helpers 1.62 > ii libc62.33-7 > ii libdevmapper1.02.1 2:1.02.175-2.1 > ii libgpgme11 1.16.0-1.2 > ii libseccomp2 2.5.3-2 > ii runc 1.1.1+ds1-1 > > Versions of packages podman recommends: > ii buildah 1.24.1+ds1-1 > ii catatonit 0.1.7-1 > ii fuse-overlayfs1.8.2-1 > ii golang-github-containernetworking-plugin-dnsname 1.3.1+ds1-2 > ii slirp4netns 1.0.1-2 > ii tini 0.19.0-1 > ii uidmap1:4.11.1+dfsg1-2 > > Versions of packages podman suggests: > pn containers-storage > ii docker-compose 1.29.2-1 > ii iptables
Bug#1009376: running foreign architecture containers hits the network every time and confuses future `podman run` invocations
Package: podman Version: 3.4.4+ds1-1 Severity: normal When running containers for a foreign architecture, podman run will hit the networking looking for images on every invocation: 8<8<8<- terceiro@host:~$ podman run --arch=arm64 debian arch Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob fa223d8c149d done Copying config 05e8051d05 done Writing manifest to image destination Storing signatures aarch64 terceiro@host:~$ podman run --arch=arm64 debian arch Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob fa223d8c149d [-] 0.0b / 0.0b Copying config 05e8051d05 done Writing manifest to image destination Storing signatures aarch64 8<8<8<- This means that if I try run a foreign container while I'm offline, I can't: 8<8<8<- terceiro@host:~$ podman run --arch=arm64 debian arch Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Error: initializing source docker://debian:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: dial udp 10.0.2.3:53: connect: network is unreachable 8<8<8<- Weirder than that, is that from this point on, a plain `podman run` will run the foreign container, instead of a native one (but will not hit the network, as I'm able to do that while still offline): 8<8<8<- terceiro@host:~$ podman run debian arch aarch64 8<8<8<- To "fix" this, I have to explicitly pull the same image without any architecture request after coming online again: 8<8<8<- terceiro@host:~$ podman pull debian Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob dbba69284b27 done Copying config d69c6cd3a2 done Writing manifest to image destination Storing signatures d69c6cd3a20d21ec91b677c3bcd10d9975f4fe67eff81afb5a09bdef5134afeb terceiro@host:~$ podman run debian arch x86_64 8<8<8<- I have checked the version in experimental, and this bug still applies to it. -- System Information: Debian Release: bookworm/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.16.0-6-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=pt_BR:pt:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages podman depends on: ii conmon 2.0.25+ds1-1.1 ii containernetworking-plugins 1.1.0+ds1-1 ii crun 0.17+dfsg-1.1 ii golang-github-containers-common 0.47.2+ds1-1 ii init-system-helpers 1.62 ii libc62.33-7 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libgpgme11 1.16.0-1.2 ii libseccomp2 2.5.3-2 ii runc 1.1.1+ds1-1 Versions of packages podman recommends: ii buildah 1.24.1+ds1-1 ii catatonit 0.1.7-1 ii fuse-overlayfs1.8.2-1 ii golang-github-containernetworking-plugin-dnsname 1.3.1+ds1-2 ii slirp4netns 1.0.1-2 ii tini 0.19.0-1 ii uidmap1:4.11.1+dfsg1-2 Versions of packages podman suggests: pn containers-storage ii docker-compose 1.29.2-1 ii iptables1.8.7-1 -- no debconf information signature.asc Description: PGP signature
