You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In implementing RFC 0095, we inadvertently made rebuilds much slower on a daemon when the previous image has a launch sbom. For launch layers, the sbom files must be restored to the buildpack layers directory (just like layer.toml files) on the next build; however the sbom files are stored in the previous image's filesystem (instead of labels in the config).
As a result, we need to download from the daemon a single layer from the previous image. However we didn't realize that in order to download a single layer from the daemon, you need to first download ALL layers from the image in order to find the one that you want (see imgutil implementation).
To fix this, we need to pass the -launch-cache to the phase that downloads the sbom. This is currently the analyzer (because the analyzer already has access to the previous image) but we think it would make more sense for this to move to the restorer, so that detect can fail faster if it is going to fail. Therefore we'll also need to add a -daemon flag to the restorer (we only allow cache images if they are on a registry, so this flag doesn't exist yet for restorer). This will require platforms like pack that use the daemon to mount in the daemon socket for restore.
The text was updated successfully, but these errors were encountered:
In implementing RFC 0095, we inadvertently made rebuilds much slower on a daemon when the previous image has a launch sbom. For launch layers, the sbom files must be restored to the buildpack layers directory (just like layer.toml files) on the next build; however the sbom files are stored in the previous image's filesystem (instead of labels in the config).
As a result, we need to download from the daemon a single layer from the previous image. However we didn't realize that in order to download a single layer from the daemon, you need to first download ALL layers from the image in order to find the one that you want (see imgutil implementation).
To fix this, we need to pass the
-launch-cache
to the phase that downloads the sbom. This is currently the analyzer (because the analyzer already has access to the previous image) but we think it would make more sense for this to move to the restorer, so that detect can fail faster if it is going to fail. Therefore we'll also need to add a-daemon
flag to the restorer (we only allow cache images if they are on a registry, so this flag doesn't exist yet for restorer). This will require platforms like pack that use the daemon to mount in the daemon socket for restore.The text was updated successfully, but these errors were encountered: