Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected diff produced for some distroless images #77

Open
lboynton opened this issue Mar 18, 2024 · 2 comments
Open

Unexpected diff produced for some distroless images #77

lboynton opened this issue Mar 18, 2024 · 2 comments
Labels
status/needs-more-info

Comments

@lboynton
Copy link

lboynton commented Mar 18, 2024
edited
Loading

Firstly, thanks for this tool 🙏 I've been reviewing diffoci after seeing this comment GoogleContainerTools/container-diff#419 (comment)

The issue: This may be a quirk of how the distroless images are produced (as suggested by the layer length mismatch warning), but thought I'd raise this here for discussion. Running diffoci diff with some distroless hashes produces some unexpected diffs.

diffoci diff --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]              
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL) 
TYPE     NAME                      INPUT-0                                                                     INPUT-1
Layer    ctx:/manifests-0/layer    name "etc/ssl/" appears 2 times in input 0, 1 times in input 1              
Layer    ctx:/manifests-0/layer    name "usr/lib/" appears 7 times in input 0, 6 times in input 1              
File     ./etc/passwd              ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "etc/ssl/certs/ca-certificates.crt" only appears in input 0            
File     ./root/                   ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "usr/share/doc/ca-certificates/" only appears in input 0               
Layer    ctx:/manifests-0/layer    name "etc/" appears 6 times in input 0, 4 times in input 1                  
File     ./home/nonroot/           ?                                                                           ?
File     ./                        ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "usr/lib/os-release" appears 2 times in input 0, 1 times in input 1    
Layer    ctx:/manifests-0/layer    name "usr/share/doc/ca-certificates/copyright" only appears in input 0      
Layer    ctx:/manifests-0/layer    name "./etc/" appears 1 times in input 0, 3 times in input 1                
Layer    ctx:/manifests-0/layer    name "usr/share/doc/" appears 10 times in input 0, 9 times in input 1       
Layer    ctx:/manifests-0/layer    name "usr/share/" appears 10 times in input 0, 9 times in input 1           
Layer    ctx:/manifests-0/layer    name "etc/ssl/certs/" appears 2 times in input 0, 1 times in input 1        
Layer    ctx:/manifests-0/layer    name "etc/group" only appears in input 0                                    
File     ./home/                   ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "usr/" appears 11 times in input 0, 9 times in input 1                 
Layer    ctx:/manifests-0/layer    name "tmp/" appears 2 times in input 0, 1 times in input 1                  
Layer    ctx:/manifests-0/layer    name "etc/ssl/" appears 2 times in input 0, 1 times in input 1              
Layer    ctx:/manifests-0/layer    name "./etc/ssl/certs/" only appears in input 1                             
Layer    ctx:/manifests-0/layer    name "./usr/share/doc/ca-certificates/copyright" only appears in input 1    
Layer    ctx:/manifests-0/layer    name "./usr/lib/" only appears in input 1                                   
Layer    ctx:/manifests-0/layer    name "./etc/ssl/certs/ca-certificates.crt" only appears in input 1          
Layer    ctx:/manifests-0/layer    name "./etc/" appears 1 times in input 0, 3 times in input 1                
Layer    ctx:/manifests-0/layer    name "./usr/" only appears in input 1                                       
Layer    ctx:/manifests-0/layer    name "./tmp/" only appears in input 1                                       
Layer    ctx:/manifests-0/layer    name "etc/" appears 6 times in input 0, 4 times in input 1                  
Layer    ctx:/manifests-0/layer    name "usr/share/" appears 10 times in input 0, 9 times in input 1           
Layer    ctx:/manifests-0/layer    name "tmp/" appears 2 times in input 0, 1 times in input 1                  
Layer    ctx:/manifests-0/layer    name "usr/lib/os-release" appears 2 times in input 0, 1 times in input 1    
Layer    ctx:/manifests-0/layer    name "./usr/share/doc/ca-certificates/" only appears in input 1             
Layer    ctx:/manifests-0/layer    name "./usr/share/doc/" only appears in input 1                             
Layer    ctx:/manifests-0/layer    name "./etc/group" only appears in input 1                                  
Layer    ctx:/manifests-0/layer    name "./etc/ssl/" only appears in input 1                                   
Layer    ctx:/manifests-0/layer    name "usr/share/doc/" appears 10 times in input 0, 9 times in input 1       
Layer    ctx:/manifests-0/layer    name "usr/lib/" appears 7 times in input 0, 6 times in input 1              
Layer    ctx:/manifests-0/layer    name "./usr/lib/os-release" only appears in input 1                         
Layer    ctx:/manifests-0/layer    name "./usr/share/" only appears in input 1                                 
Layer    ctx:/manifests-0/layer    name "usr/" appears 11 times in input 0, 9 times in input 1                 
Layer    ctx:/manifests-0/layer    name "etc/ssl/certs/" appears 2 times in input 0, 1 times in input 1

This diff is a bit unexpected to me. I don't think these are genuine differences?
@AkihiroSuda
Copy link
Member

Thanks for reporting, but I can't repro the issue

$ diffoci --version
diffoci version v0.1.4

$ diffoci diff --report-dir=/tmp/r --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]              
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL) 
TYPE    NAME            INPUT-0    INPUT-1
File    home/nonroot    ?          ?
File    .               ?          ?
File    root            ?          ?
File    etc             ?          ?
File    home            ?          ?
File    etc/passwd      ?          ?

@AkihiroSuda
Copy link
Member

The current master (d817470) just prints no diff

$ diffoci --version
diffoci version v0.1.4-34-gd817470

$ diffoci diff --report-dir=/tmp/r --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]              
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/needs-more-info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lboynton @AkihiroSuda