Add support for zstd compressed layers#40820
Conversation
|
I still need to test this with a real image. |
|
Also, should we use a zstd lib like I'm doing here or depend on distro zstd packages? |
I guess the latter one is faster |
|
seeing compile failures; and |
|
Oh nice. I tested this manually at the package level. |
|
does shelling out have security implications? guess we already do so for pigz we may want to add it to our "recommends" in the packages? |
This allows docker to decompress layers that are compressed with zstd (https://github.com/facebook/zstd). This is only for layer decompression. Since zstd support is part of the OCI spec, we should probably handle it here. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
1cb0e3f to
47ac254
Compare
Yep! I went ahead and updated this to use the |
Had a quick chat with @justincormack and he "trusts zstd more than pigz" 😂 so I think we should be ok there. |
|
Ok, I tested this by saving debian:buster, compressing the layer.tar with zstd, updating the layer SHA in the image config, and loading back into docker. |
|
Removed |
Do you think it would make sense to push a minimal image to docker hub, and include it in our "frozen images" ? https://github.com/moby/moby/blob/master/Dockerfile#L90-L95, so that we can do a test with that? (I'm ok with doing so in a follow-up if it needs more work) |
|
I was thinking about it, but the image will have the wrong media types, and fairly dependent on the image staying the same. |
|
The later I guess would not be a problem. |
thaJeztah
left a comment
There was a problem hiding this comment.
Left some comments inline; in addition: with this change, will we actually be able to pull such images? While I see that the image-spec accepted a PR to add layers with +zstd, those media-types are not yet in the current (v1.0.1) specification. I see containerd worked around this by implementing a "generic" media-type handling (separating "compression" from the media-type), and containers/image is vendoring a image-spec version from "master".
I opened opencontainers/image-spec#803 for discussion; a bit unsure what the best way forward is for this 😅 (open for input!)
| Bzip2: {0x42, 0x5A, 0x68}, | ||
| Gzip: {0x1F, 0x8B, 0x08}, | ||
| Xz: {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}, | ||
| Zstd: {0x28, 0xB5, 0x2F, 0xFD}, |
There was a problem hiding this comment.
I noticed that the original PR implementing this (#36754) had a much longer list; did this change, or was the original implementation incorrect?
There was a problem hiding this comment.
These are probably legacy forms, I'll investigate.
| return Uncompressed | ||
| } | ||
|
|
||
| func zstdDecompress(ctx context.Context, archive io.Reader) (io.ReadCloser, error) { |
There was a problem hiding this comment.
The original PR (#36754) seems to have some error handling for "compressing" (indicating compression is not supported), and handling of .zstd file-extensions; should we include those changes in this PR as well?
There was a problem hiding this comment.
re: zstd extension, this would be for ADD foo.zst. We could add it, though it's not really my intention here.
There was a problem hiding this comment.
Ah, yes, forgot that the other one also implemented exporting / saving (and for that used .tar.zst file-extension for the exported file)
|
From a discussion on slack to get an image with this compression;
|
|
What was the consensus on this for 20.0x? |
|
I think we were ok, but let's discuss again in the maintainers meeting to be sure |
@tonistiigi had some other comments 😅 |
|
Closing for now. We'd like to gain zstd support by switching to containerd for image distribution/management. |
|
@cpuguy83 is there an issue for switching to containerd for image management? If so, could this issue be linked here and added to v21.x? |
|
@mrueg Thanks, yep it's on the list :) |
|
related containerd/containerd#4263 |
$ skopeo copy --dest-compress-format=zstd docker://hello-world docker://ghcr.io/sjackman/hello-world-zstd
…
$ skopeo inspect --raw docker://ghcr.io/sjackman/hello-world-zstd | jq -r '.layers[].mediaType'
application/vnd.oci.image.layer.v1.tar+zstd
$ docker pull ghcr.io/sjackman/hello-world-zstd
latest: Pulling from sjackman/hello-world-zstd
91a477ba2178: Extracting 2.531kB/2.531kB
failed to register layer: Error processing tar file(exit status 1): archive/tar: invalid tar header
$ docker --version
Docker version 20.10.8, build 3967b7dThis Docker version 20.10.8 does not yet seem to support |
|
Woohoo! Thank you, Tianon! Unrelated, a neat GitHub hack that I learned recently is that by listing issue numbers in a list, GitHub expands the description of the issues: |
This allows docker to decompress layers that are compressed with
zstd (https://github.com/facebook/zstd).
This is only for layer decompression.
Since zstd support is part of the OCI spec, we should probably handle it
here.
Closes #28394