Content descriptor with optional embedded data field breaks manifest decoding #4340
Description
Environment:
- Jib version: 3.4.4
- Build tool: both
- OS: linux/amd64, macos/arm64
Description of the issue:
When an embedded data is present in the base image manifest's config JSON, Jib fails as it doesn't expect the field.
This is an issue with the latest Debian base images, which we use at work to build custom JVM images.
But I assume this will eventually trickle down to Debian based images for several popular JDK such as Adopt, Zulu and so on.
Example of this in the recent bookworm-slim images:
{
"config": {
"data": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJDbWQiOlsiYmFzaCJdLCJFbnRyeXBvaW50IjpbXSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl19LCJjcmVhdGVkIjoiMjAyNC0xMi0wMlQwMDowMDowMFoiLCJoaXN0b3J5IjpbeyJjb21tZW50IjoiZGVidWVycmVvdHlwZSAwLjE1IiwiY3JlYXRlZCI6IjIwMjQtMTItMDJUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6IiMgZGViaWFuLnNoIC0tYXJjaCAnYW1kNjQnIG91dC8gJ2Jvb2t3b3JtJyAnQDE3MzMwOTc2MDAnIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7ImRpZmZfaWRzIjpbInNoYTI1NjpjMGYxMDIyYjIyYTliMzY4NTFiMzU4ZjQ0ZTU0NzVlMzlkMTY2ZTcxYTgwNzNjZjUzYzg5NGEyOTkyMzliMWM1Il0sInR5cGUiOiJsYXllcnMifX0K",
"digest": "sha256:a815f2ceb3b0c8e16829cfa5c6b5a96dad4d17f5e35be3d52ee81ce2e3cc0ced",
"mediaType": "application/vnd.oci.image.config.v1+json",
"size": 453
},
"layers": [
{
"digest": "sha256:bc0965b23a04fe7f2d9fb20f597008fcf89891de1c705ffc1c80483a1f098e4f",
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 28231580
}
],
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"schemaVersion": 2
}Expected behavior:
data field is optional and should be decoded as such.
It's been part of the OCI spec for content descriptors since 2021:
Kaniko and other tools using go-containerregistry handle it properly:
- https://github.com/google/go-containerregistry/blob/main/pkg/v1/manifest.go#L48
- https://github.com/google/go-containerregistry/blob/main/pkg/v1/mutate/image.go#L140
Steps to reproduce:
- Set base image to an offending value
- Run jib:build
jib-maven-plugin Configuration:
<build>
<plugins>
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>3.4.4</version>
<configuration>
<from>
<image>internal.mirror/library/debian:bookworm-slim</image>
<platforms>
<platform>
<os>linux</os>
<architecture>amd64</architecture>
</platform>
</platforms>
</from>
<to>
<image>internal.mirror/foo/bar</image>
<tags>
<tag>${project.version}</tag>
<tag>latest</tag>
</tags>
</to>
</configuration>
</plugin>
</plugins>
</build>Log output:
[ERROR] I/O error for image [internal.mirror/library/debian]:
[ERROR] com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException
[ERROR] Unrecognized field "data" (class com.google.cloud.tools.jib.image.json.BuildableManifestTemplate$ContentDescriptorTemplate), not marked as ignorable (5 known properties: "size", "digest", "mediaType", "urls", "annotations"])
at [Source: (String)"{"config":{"data":"eyJhcmNoa...zIjpbI"[truncated 521 chars]; line: 1, column: 20]
(through reference chain: com.google.cloud.tools.jib.image.json.OciManifestTemplate["config"]->com.google.cloud.tools.jib.image.json.BuildableManifestTemplate$ContentDescriptorTemplate["data"])
Additional Information:
Obviously even if it succeeded, the plain Debian slim image doesn't include any JVM. This is for reproducibility illustration only.