From c8ffa1911ce211318a975853385e527896591dbc Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sun, 21 Jan 2024 23:44:35 +0900
Subject: [PATCH] pkg/build/nodeimage: EditArchive: disable broken OCI in
 Docker v25

`docker save` in Docker v25 produces Docker/OCI dual-format archives:
  - "repositories", "manifest.json": for legacy Docker format
  - "oci-layout", "index.json" (and blobs): for OCI format

However, as of Docker v25.0.0, the OCI format blobs are broken.
See moby/moby issue 47150.

As a workaround, we have to omit "oci-layout" and "index.json" here to disable
the OCI format to avoid confusing `ctr images import`.

When the issue above is fixed, we may add back "oci-layout" and "index.json"
here, but we still have to make sure to update the "io.containerd.image.name"
annotation in manifests in "index.json".

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 .../internal/container/docker/archive.go          | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pkg/build/nodeimage/internal/container/docker/archive.go b/pkg/build/nodeimage/internal/container/docker/archive.go
index ebdc8fc2cd..32d4aee7ed 100644
--- a/pkg/build/nodeimage/internal/container/docker/archive.go
+++ b/pkg/build/nodeimage/internal/container/docker/archive.go
@@ -126,6 +126,21 @@ func EditArchive(reader io.Reader, writer io.Writer, editRepositories func(strin
 				return err
 			}
 			hdr.Size = int64(len(b))
+		} else if hdr.Name == "oci-layout" || hdr.Name == "index.json" {
+			// `docker save` in Docker v25 produces Docker/OCI dual-format archives:
+			// - "repositories", "manifest.json": for legacy Docker format
+			// - "oci-layout", "index.json" (and blobs): for OCI format
+			//
+			// However, as of Docker v25.0.0, the OCI format blobs are broken:
+			// https://github.com/moby/moby/issues/47150
+			//
+			// As a workaround, we have to omit "oci-layout" and "index.json" here to
+			// disable the OCI format to avoid confusing `ctr images import`.
+			//
+			// When the issue above is fixed, we may add back "oci-layout" and
+			// "index.json" here, but we still have to make sure to update the
+			// "io.containerd.image.name" annotation in manifests in "index.json".
+			continue
 			// edit image config when we find that
 		} else if strings.HasSuffix(hdr.Name, ".json") {
 			if architectureOverride != "" {