Unexpected diff produced for some distroless images
lboynton opened this issue Β· comments
Firstly, thanks for this tool π I've been reviewing diffoci after seeing this comment GoogleContainerTools/container-diff#419 (comment)
The issue: This may be a quirk of how the distroless images are produced (as suggested by the layer length mismatch warning), but thought I'd raise this here for discussion. Running diffoci diff with some distroless hashes produces some unexpected diffs.
diffoci diff --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL)
TYPE NAME INPUT-0 INPUT-1
Layer ctx:/manifests-0/layer name "etc/ssl/" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "usr/lib/" appears 7 times in input 0, 6 times in input 1
File ./etc/passwd ? ?
Layer ctx:/manifests-0/layer name "etc/ssl/certs/ca-certificates.crt" only appears in input 0
File ./root/ ? ?
Layer ctx:/manifests-0/layer name "usr/share/doc/ca-certificates/" only appears in input 0
Layer ctx:/manifests-0/layer name "etc/" appears 6 times in input 0, 4 times in input 1
File ./home/nonroot/ ? ?
File ./ ? ?
Layer ctx:/manifests-0/layer name "usr/lib/os-release" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "usr/share/doc/ca-certificates/copyright" only appears in input 0
Layer ctx:/manifests-0/layer name "./etc/" appears 1 times in input 0, 3 times in input 1
Layer ctx:/manifests-0/layer name "usr/share/doc/" appears 10 times in input 0, 9 times in input 1
Layer ctx:/manifests-0/layer name "usr/share/" appears 10 times in input 0, 9 times in input 1
Layer ctx:/manifests-0/layer name "etc/ssl/certs/" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "etc/group" only appears in input 0
File ./home/ ? ?
Layer ctx:/manifests-0/layer name "usr/" appears 11 times in input 0, 9 times in input 1
Layer ctx:/manifests-0/layer name "tmp/" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "etc/ssl/" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "./etc/ssl/certs/" only appears in input 1
Layer ctx:/manifests-0/layer name "./usr/share/doc/ca-certificates/copyright" only appears in input 1
Layer ctx:/manifests-0/layer name "./usr/lib/" only appears in input 1
Layer ctx:/manifests-0/layer name "./etc/ssl/certs/ca-certificates.crt" only appears in input 1
Layer ctx:/manifests-0/layer name "./etc/" appears 1 times in input 0, 3 times in input 1
Layer ctx:/manifests-0/layer name "./usr/" only appears in input 1
Layer ctx:/manifests-0/layer name "./tmp/" only appears in input 1
Layer ctx:/manifests-0/layer name "etc/" appears 6 times in input 0, 4 times in input 1
Layer ctx:/manifests-0/layer name "usr/share/" appears 10 times in input 0, 9 times in input 1
Layer ctx:/manifests-0/layer name "tmp/" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "usr/lib/os-release" appears 2 times in input 0, 1 times in input 1
Layer ctx:/manifests-0/layer name "./usr/share/doc/ca-certificates/" only appears in input 1
Layer ctx:/manifests-0/layer name "./usr/share/doc/" only appears in input 1
Layer ctx:/manifests-0/layer name "./etc/group" only appears in input 1
Layer ctx:/manifests-0/layer name "./etc/ssl/" only appears in input 1
Layer ctx:/manifests-0/layer name "usr/share/doc/" appears 10 times in input 0, 9 times in input 1
Layer ctx:/manifests-0/layer name "usr/lib/" appears 7 times in input 0, 6 times in input 1
Layer ctx:/manifests-0/layer name "./usr/lib/os-release" only appears in input 1
Layer ctx:/manifests-0/layer name "./usr/share/" only appears in input 1
Layer ctx:/manifests-0/layer name "usr/" appears 11 times in input 0, 9 times in input 1
Layer ctx:/manifests-0/layer name "etc/ssl/certs/" appears 2 times in input 0, 1 times in input 1
This diff is a bit unexpected to me. I don't think these are genuine differences?
Thanks for reporting, but I can't repro the issue
$ diffoci --version
diffoci version v0.1.4
$ diffoci diff --report-dir=/tmp/r --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL)
TYPE NAME INPUT-0 INPUT-1
File home/nonroot ? ?
File . ? ?
File root ? ?
File etc ? ?
File home ? ?
File etc/passwd ? ?The current master (d817470) just prints no diff
$ diffoci --version
diffoci version v0.1.4-34-gd817470
$ diffoci diff --report-dir=/tmp/r --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL)