feat: add --skip-verify flag to nerdctl save command #4520
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add --skip-verify flag to allow saving images when the original registry is unavailable but all layers are present locally. This addresses the issue where save operations fail due to network timeouts when trying to verify remote layers. Changes: - Add SkipVerify field to ImageSaveOptions type - Add --skip-verify command line flag with descriptive help text - Modify save logic to conditionally skip EnsureAllContent verification - Add informative log message when verification is skipped - Improve tag command success logging for better user feedback - Add basic test coverage for --skip-verify functionality Fixes issue where users cannot export locally tagged images when the original registry becomes inaccessible.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Add
--skip-verifyflag tonerdctl savecommand to allow saving images when the original registry is unavailable but all layers are present locally.Problem
Users encounter failures when trying to save locally tagged images if the original registry becomes inaccessible:
This happens because the save command calls EnsureAllContent which tries to verify all layers remotely, causing the operation to fail even when all necessary layers are available locally.
Solution
Add --skip-verify flag that allows users to bypass remote layer verification:
Changes
Add SkipVerify field to ImageSaveOptions type
Add --skip-verify command line flag with descriptive help text
Modify save logic to conditionally skip EnsureAllContent verification
Add informative log message when verification is skipped
Improve tag command logging for better user feedback
Add test coverage for the new functionality
Behavior
With --skip-verify (new):
Skips remote layer verification
Shows: INFO[xxxx] Skipping remote layer verification (--skip-verify enabled)
Works offline/when original registry is unavailable
Faster execution
Without --skip-verify (default):
Maintains existing behavior
Ensures backward compatibility
Still performs remote verification
Use Cases
Registry migration: Save images when old registry is decommissioned
Offline environments: Export images without network access to original registry
Network issues: Continue operations during temporary registry outages
Air-gapped deployments: Prepare images for offline environments
Testing
Added TestSaveSkipVerify test case
Verified command line flag parsing
Confirmed backward compatibility
Tested successful image export with both flags
Related Issues
Addresses user pain points related to:
Registry unavailability during image operations
Network timeout issues in EnsureAllContent
Inability to export locally available images
END
This change provides a practical solution for users who need to export images when the original registry is inaccessible, while maintaining full backward compatibility.