Summary
The host-image passthrough test added in #95 (tests/dind/example-preload-images.sh) has a false-positive / coverage gap for the default public mode: it can pass even if public mode silently passes through nothing. The positive path — "a genuinely public image (carrying a RepoDigest from an allowlisted registry) IS copied into the inner daemon" — is never asserted.
This is the exact behavior downstream relies on (link-assistant/hive-mind#1879): in public mode the inner daemon must actually receive konard/hive-mind-dind from the host. A regression that makes host_image_passes_filter/registry_is_public reject everything in public mode would ship green.
Where
tests/dind/example-preload-images.sh, the DIND_HOST_PASSTHROUGH=public block:
run_dind_container "$public_container" \
-e DIND_HOST_PASSTHROUGH=public \
-e DIND_HOST_DOCKER_SOCK=/host-sock/docker.sock \
-v "$host_sock_dir:/host-sock:ro"
wait_for_inner_docker "$public_container"
wait_for_preload_complete "$public_container"
# (1) negative assertion: the local fixture (no RepoDigest) must NOT be copied
if docker exec "$public_container" docker image inspect "$fixture_image" >/dev/null 2>&1; then
fail "public mode must NOT pass through the local fixture image (no RepoDigest)"
fi
# (2) only checks the mode ran
if ! docker logs "$public_container" 2>&1 | grep -q "host-image passthrough (mode=public)"; then
fail "expected the consumer to run host-image passthrough in public mode"
fi
The throwaway host daemon is seeded with only the offline docker import fixture, which has no RepoDigest. So in public mode there is no eligible image at all:
- Assertion (1) passes whether
public copies-nothing-correctly or copies-nothing-due-to-a-bug.
- Assertion (2) only proves the code path executed, not that it copied anything.
There is no image in the scenario that should be passed through in public mode, so the "public image gets copied" path is structurally untested.
Why it matters
public is the default and the security-sensitive mode most deployments use. A silent "copies nothing" regression would defeat the whole feature (every inner docker run re-pulls again) while CI stays green — precisely the symptom #94 set out to fix.
Suggested fix
Add a positive assertion to the public-mode block: seed the throwaway host daemon with a small image that carries a RepoDigest from an allowlisted public registry (CI has network — the build jobs already pull base images), then assert it lands in the inner daemon under public mode.
# Give the throwaway host daemon a real public image (has a RepoDigest):
docker exec "$host_daemon_container" docker -H unix:///sockets/docker.sock pull alpine:3.20
# ... start the public consumer as today ...
# Positive assertion the suite is currently missing:
if ! docker exec "$public_container" docker image inspect alpine:3.20 >/dev/null 2>&1; then
docker exec "$public_container" docker images >&2 || true
fail "public mode must pass through a host image that has a public RepoDigest"
fi
(Optionally also assert the corresponding passthrough loading host image: alpine:3.20 log line.) That closes the gap so a "public copies nothing" regression fails the build.
Context
Found while verifying v2.2.0 (run https://github.com/link-foundation/box/actions/runs/27277556456) for the downstream consumer link-assistant/hive-mind (issue #1879 / PR #1880), which depends on public-mode passthrough actually copying konard/hive-mind-dind into the nested daemon.
Summary
The host-image passthrough test added in #95 (
tests/dind/example-preload-images.sh) has a false-positive / coverage gap for the defaultpublicmode: it can pass even ifpublicmode silently passes through nothing. The positive path — "a genuinely public image (carrying a RepoDigest from an allowlisted registry) IS copied into the inner daemon" — is never asserted.This is the exact behavior downstream relies on (
link-assistant/hive-mind#1879): inpublicmode the inner daemon must actually receivekonard/hive-mind-dindfrom the host. A regression that makeshost_image_passes_filter/registry_is_publicreject everything inpublicmode would ship green.Where
tests/dind/example-preload-images.sh, theDIND_HOST_PASSTHROUGH=publicblock:The throwaway host daemon is seeded with only the offline
docker importfixture, which has no RepoDigest. So inpublicmode there is no eligible image at all:publiccopies-nothing-correctly or copies-nothing-due-to-a-bug.There is no image in the scenario that should be passed through in
publicmode, so the "public image gets copied" path is structurally untested.Why it matters
publicis the default and the security-sensitive mode most deployments use. A silent "copies nothing" regression would defeat the whole feature (every innerdocker runre-pulls again) while CI stays green — precisely the symptom#94set out to fix.Suggested fix
Add a positive assertion to the
public-mode block: seed the throwaway host daemon with a small image that carries a RepoDigest from an allowlisted public registry (CI has network — the build jobs already pull base images), then assert it lands in the inner daemon underpublicmode.(Optionally also assert the corresponding
passthrough loading host image: alpine:3.20log line.) That closes the gap so a "public copies nothing" regression fails the build.Context
Found while verifying
v2.2.0(run https://github.com/link-foundation/box/actions/runs/27277556456) for the downstream consumerlink-assistant/hive-mind(issue #1879 / PR #1880), which depends onpublic-mode passthrough actually copyingkonard/hive-mind-dindinto the nested daemon.