Skip to content

Unexpected diff produced for some distroless images #77

New issue
New issue
Open
Open
Unexpected diff produced for some distroless images#77
Labels
status/needs-more-info
@lboynton

Description

@lboynton
lboynton
opened on Mar 18, 2024

Firstly, thanks for this tool 🙏 I've been reviewing diffoci after seeing this comment GoogleContainerTools/container-diff#419 (comment)

The issue: This may be a quirk of how the distroless images are produced (as suggested by the layer length mismatch warning), but thought I'd raise this here for discussion. Running diffoci diff with some distroless hashes produces some unexpected diffs.

diffoci diff --semantic gcr.io/distroless/cc-debian11@sha256:83e56fe32f54fd028d26afe19ac5500741f20cfe081b26ee26f2c98c55f707c9 gcr.io/distroless/cc-debian11@sha256:5b74521fc28acb53bc1a47185c638b64ffe3fc9766c38fa15ca6e7654a904b51 --platform linux/amd64
INFO[0000] Target platforms: [linux/amd64]              
WARN[0000] Layer length mismatch (15 vs 17), squashing for comparison (EXPERIMENTAL) 
TYPE     NAME                      INPUT-0                                                                     INPUT-1
Layer    ctx:/manifests-0/layer    name "etc/ssl/" appears 2 times in input 0, 1 times in input 1              
Layer    ctx:/manifests-0/layer    name "usr/lib/" appears 7 times in input 0, 6 times in input 1              
File     ./etc/passwd              ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "etc/ssl/certs/ca-certificates.crt" only appears in input 0            
File     ./root/                   ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "usr/share/doc/ca-certificates/" only appears in input 0               
Layer    ctx:/manifests-0/layer    name "etc/" appears 6 times in input 0, 4 times in input 1                  
File     ./home/nonroot/           ?                                                                           ?
File     ./                        ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "usr/lib/os-release" appears 2 times in input 0, 1 times in input 1    
Layer    ctx:/manifests-0/layer    name "usr/share/doc/ca-certificates/copyright" only appears in input 0      
Layer    ctx:/manifests-0/layer    name "./etc/" appears 1 times in input 0, 3 times in input 1                
Layer    ctx:/manifests-0/layer    name "usr/share/doc/" appears 10 times in input 0, 9 times in input 1       
Layer    ctx:/manifests-0/layer    name "usr/share/" appears 10 times in input 0, 9 times in input 1           
Layer    ctx:/manifests-0/layer    name "etc/ssl/certs/" appears 2 times in input 0, 1 times in input 1        
Layer    ctx:/manifests-0/layer    name "etc/group" only appears in input 0                                    
File     ./home/                   ?                                                                           ?
Layer    ctx:/manifests-0/layer    name "usr/" appears 11 times in input 0, 9 times in input 1                 
Layer    ctx:/manifests-0/layer    name "tmp/" appears 2 times in input 0, 1 times in input 1                  
Layer    ctx:/manifests-0/layer    name "etc/ssl/" appears 2 times in input 0, 1 times in input 1              
Layer    ctx:/manifests-0/layer    name "./etc/ssl/certs/" only appears in input 1                             
Layer    ctx:/manifests-0/layer    name "./usr/share/doc/ca-certificates/copyright" only appears in input 1    
Layer    ctx:/manifests-0/layer    name "./usr/lib/" only appears in input 1                                   
Layer    ctx:/manifests-0/layer    name "./etc/ssl/certs/ca-certificates.crt" only appears in input 1          
Layer    ctx:/manifests-0/layer    name "./etc/" appears 1 times in input 0, 3 times in input 1                
Layer    ctx:/manifests-0/layer    name "./usr/" only appears in input 1                                       
Layer    ctx:/manifests-0/layer    name "./tmp/" only appears in input 1                                       
Layer    ctx:/manifests-0/layer    name "etc/" appears 6 times in input 0, 4 times in input 1                  
Layer    ctx:/manifests-0/layer    name "usr/share/" appears 10 times in input 0, 9 times in input 1           
Layer    ctx:/manifests-0/layer    name "tmp/" appears 2 times in input 0, 1 times in input 1                  
Layer    ctx:/manifests-0/layer    name "usr/lib/os-release" appears 2 times in input 0, 1 times in input 1    
Layer    ctx:/manifests-0/layer    name "./usr/share/doc/ca-certificates/" only appears in input 1             
Layer    ctx:/manifests-0/layer    name "./usr/share/doc/" only appears in input 1                             
Layer    ctx:/manifests-0/layer    name "./etc/group" only appears in input 1                                  
Layer    ctx:/manifests-0/layer    name "./etc/ssl/" only appears in input 1                                   
Layer    ctx:/manifests-0/layer    name "usr/share/doc/" appears 10 times in input 0, 9 times in input 1       
Layer    ctx:/manifests-0/layer    name "usr/lib/" appears 7 times in input 0, 6 times in input 1              
Layer    ctx:/manifests-0/layer    name "./usr/lib/os-release" only appears in input 1                         
Layer    ctx:/manifests-0/layer    name "./usr/share/" only appears in input 1                                 
Layer    ctx:/manifests-0/layer    name "usr/" appears 11 times in input 0, 9 times in input 1                 
Layer    ctx:/manifests-0/layer    name "etc/ssl/certs/" appears 2 times in input 0, 1 times in input 1

This diff is a bit unexpected to me. I don't think these are genuine differences?

Metadata

Metadata

Assignees

No one assigned

    Labels

    status/needs-more-info

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions