[pkg-go] Bug#1009376: running foreign architecture containers hits the network every time and confuses future `podman run` invocations

Antonio Terceiro terceiro at debian.org
Tue Apr 12 19:26:09 BST 2022 

Package: podman
Version: 3.4.4+ds1-1
Severity: normal

When running containers for a foreign architecture, podman run will hit
the networking looking for images on every invocation:

----------------8<----------------8<----------------8<-----------------
terceiro at host:~$ podman run --arch=arm64 debian arch
Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/debian:latest...
Getting image source signatures
Copying blob fa223d8c149d done
Copying config 05e8051d05 done
Writing manifest to image destination
Storing signatures
aarch64
terceiro at host:~$ podman run --arch=arm64 debian arch
Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/debian:latest...
Getting image source signatures
Copying blob fa223d8c149d [-----------------] 0.0b / 0.0b
Copying config 05e8051d05 done
Writing manifest to image destination
Storing signatures
aarch64
----------------8<----------------8<----------------8<-----------------

This means that if I try run a foreign container while I'm offline, I
can't:

----------------8<----------------8<----------------8<-----------------
terceiro at host:~$ podman run --arch=arm64 debian arch
Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/debian:latest...
Error: initializing source docker://debian:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: dial udp 10.0.2.3:53: connect: network is unreachable
----------------8<----------------8<----------------8<-----------------

Weirder than that, is that from this point on, a plain `podman run` will
run the foreign container, instead of a native one (but will not hit the
network, as I'm able to do that while still offline):

----------------8<----------------8<----------------8<-----------------
terceiro at host:~$ podman run debian arch
aarch64
----------------8<----------------8<----------------8<-----------------

To "fix" this, I have to explicitly pull the same image without any
architecture request after coming online again:

----------------8<----------------8<----------------8<-----------------
terceiro at host:~$ podman pull debian
Trying to pull docker.io/library/debian:latest...
Getting image source signatures
Copying blob dbba69284b27 done
Copying config d69c6cd3a2 done
Writing manifest to image destination
Storing signatures
d69c6cd3a20d21ec91b677c3bcd10d9975f4fe67eff81afb5a09bdef5134afeb
terceiro at host:~$ podman run debian arch
x86_64
----------------8<----------------8<----------------8<-----------------

I have checked the version in experimental, and this bug still applies
to it.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.16.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon                           2.0.25+ds1-1.1
ii  containernetworking-plugins      1.1.0+ds1-1
ii  crun                             0.17+dfsg-1.1
ii  golang-github-containers-common  0.47.2+ds1-1
ii  init-system-helpers              1.62
ii  libc6                            2.33-7
ii  libdevmapper1.02.1               2:1.02.175-2.1
ii  libgpgme11                       1.16.0-1.2
ii  libseccomp2                      2.5.3-2
ii  runc                             1.1.1+ds1-1

Versions of packages podman recommends:
ii  buildah                                           1.24.1+ds1-1
ii  catatonit                                         0.1.7-1
ii  fuse-overlayfs                                    1.8.2-1
ii  golang-github-containernetworking-plugin-dnsname  1.3.1+ds1-2
ii  slirp4netns                                       1.0.1-2
ii  tini                                              0.19.0-1
ii  uidmap                                            1:4.11.1+dfsg1-2

Versions of packages podman suggests:
pn  containers-storage  <none>
ii  docker-compose      1.29.2-1
ii  iptables            1.8.7-1

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20220412/c0e61dd3/attachment.sig>

More information about the Pkg-go-maintainers mailing list