Docker v29: FROM --platform ends up with wrong platform in manifest #52050
Description
Description
Building a Dockerfile with FROM --platform=linux/arm64 debian:latest on amd64 ends up having a manifest with a linux/amd64 entry.
Reproduce
dir=$(mktemp -d)
echo 'FROM --platform=linux/arm64 debian:latest' > "$dir/Dockerfile"
docker buildx build --load -t test-arm64-in-dockerfile "$dir"
docker image inspect test-arm64-in-dockerfile --format '{{.Architecture}}'
digest=$(docker image inspect test-arm64-in-dockerfile --format '{{.Id}}')
docker save test-arm64-in-dockerfile | tar -xO blobs/sha256/${digest#sha256:} | python3 -c "
import sys, json
data = json.load(sys.stdin)
if 'manifests' in data:
print('Manifest list found:')
for m in data['manifests']:
p = m.get('platform', {})
t = m.get('annotations', {}).get('vnd.docker.reference.type', 'image')
print(f' type={t} arch={p.get(\"architecture\")} os={p.get(\"os\")} variant={p.get(\"variant\", \"\")}')
else:
print('No manifest list (single manifest)')
"
This shows arm64 for the image inspect. And the following for the manifest:
Manifest list found:
type=image arch=amd64 os=linux variant=
type=attestation-manifest arch=unknown os=unknown variant=
This is using docker run --privileged --rm tonistiigi/binfmt --install all for the multi-platform support.
Expected behavior
The manifest should list the actual image platform, not the host platform.
docker version
Client: Docker Engine - Community
Version: 29.2.1
API version: 1.53
Go version: go1.25.6
Git commit: a5c7197
Built: Mon Feb 2 17:17:26 2026
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 29.2.1
API version: 1.53 (minimum version 1.44)
Go version: go1.25.6
Git commit: 6bc6209
Built: Mon Feb 2 17:17:26 2026
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v2.2.1
GitCommit: dea7da592f5d1d2b7755e3a161be07f43fad8f75
runc:
Version: 1.3.4
GitCommit: v1.3.4-0-gd6d73eb8
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client: Docker Engine - Community
Version: 29.2.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.31.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.40.3
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 29.2.1
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: dea7da592f5d1d2b7755e3a161be07f43fad8f75
runc version: v1.3.4-0-gd6d73eb8
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.14.0-1017-azure
Operating System: Ubuntu 24.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.62GiB
Name: runnervmjduv7
ID: 169aa517-19ec-4d49-bd61-4bb79f5886f6
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: githubactions
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
Firewall Backend: iptablesAdditional Info
Related: #51532