image save: make output tarball OCI compliant#44598
Merged
thaJeztah merged 2 commits intomoby:masterfrom Jun 9, 2023
Merged
Conversation
Member
|
Looks like there's some tests to adjust (or perhaps separate tests) |
AkihiroSuda
reviewed
Dec 7, 2022
| ociLayoutFilename = "oci-layout" | ||
| ociLayoutContent = `{"imageLayoutVersion": "1.0.0"}` | ||
| ) | ||
|
|
Member
There was a problem hiding this comment.
Can we just use https://github.com/containerd/containerd/blob/main/images/archive/exporter.go ?
For containerd-integration mode.
Member
Author
There was a problem hiding this comment.
I believe that's the plan.
tianon
approved these changes
Apr 7, 2023
Member
tianon
left a comment
There was a problem hiding this comment.
Generally looks OK to me! I made a couple minor comments, but I don't think it's anything very serious. I'm both looking forward to having/using this and to this code going away with the containerd integration. 😄
This moves the blobs around so they follow the OCI spec. Note that because docker reads paths from the manifest.json inside the tar this is not a breaking change. This does, however, remove the old layer "VERSION" file which had a big "why is this even here" in the code comments. I suspect it does not matter at all even for really old versions of Docker. In any case it is a useless file for any even relatively modern version of Docker. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
f8f7e23 to
8c5db61
Compare
cpuguy83
commented
May 24, 2023
| assert.NilError(c, err, "failed to save repo with image ID and 'repositories' file: %s, %v", out, err) | ||
| } | ||
|
|
||
| func (s *DockerCLISaveLoadSuite) TestSaveCheckTimes(c *testing.T) { |
Member
Author
There was a problem hiding this comment.
Note, these tests were incorrectly poking at the saved tarball (assuming a file location instead of looking at the manifest).
I had to do major surgery on these so I just moved them over to integration/.
thaJeztah
requested changes
May 24, 2023
Member
thaJeztah
left a comment
There was a problem hiding this comment.
Went through some of the changes (but perhaps need to take another look later); left some comments / suggestions / questions inline, but overall looking 👍
| f, err := tarfs.Open(p) | ||
| assert.NilError(t, err) | ||
|
|
||
| entries, err := listTar(f) |
Member
There was a problem hiding this comment.
Wondering if this listTar could (not for this PR) also handled by your tar2go (fs.Glob(tarfs, "dev/*") and/or fs.WalkDir(tarfs)) 🤩
8f28912 to
0bc8bde
Compare
This makes the output of `docker save` fully OCI compliant. When using the containerd image store, this code is not used. That exporter will just use containerd's export method and should give us the output we want for multi-arch images. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Member
Author
|
This is all updated. |
tianon
approved these changes
Jun 8, 2023
AkihiroSuda
reviewed
Jan 12, 2024
| Size: int64(len(imageDescr.image.RawJSON())), | ||
| Platform: &imgPlat, | ||
| }, | ||
| Layers: foreign, |
Member
There was a problem hiding this comment.
Non-foreign layers were accidentally dropped?
tixxdz
added a commit
to cilium/tetragon
that referenced
this pull request
Feb 28, 2024
Starting from Docker 25.0 , the save command will dump the image layers in OCI compatible format: moby/moby#44598 This breaks our tarball build that was using the 'layer.tar' file to contruct the final tarball. Let's make the target a bit smart so it can handle all variants by parsing the docker manifest.json file to find the layer and use it. The 'make tarball' now requires jq for simplicity. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
tixxdz
added a commit
to cilium/tetragon
that referenced
this pull request
Feb 28, 2024
Starting from Docker 25.0 , the save command will dump the image layers in OCI compatible format: moby/moby#44598 This breaks our tarball build that was using the 'layer.tar' file to construct the final tarball. Let's make the target a bit smart so it can handle all variants by parsing the docker manifest.json file to find the layer and use it. The 'make tarball' now requires jq for simplicity. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
tixxdz
added a commit
to cilium/tetragon
that referenced
this pull request
Feb 28, 2024
Starting from Docker 25.0 , the save command will dump the image layers in OCI compatible format: moby/moby#44598 This breaks our tarball build that was using the 'layer.tar' file to construct the final tarball. Let's make the target a bit smart so it can handle all variants by parsing the docker manifest.json file to find the layer and use it. The 'make tarball' now requires jq for simplicity. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
tixxdz
added a commit
to cilium/tetragon
that referenced
this pull request
Jun 24, 2024
[ Upstream main 5cc9bce ] Starting from Docker 25.0 , the save command will dump the image layers in OCI compatible format: moby/moby#44598 This breaks our tarball build that was using the 'layer.tar' file to construct the final tarball. Let's make the target a bit smart so it can handle all variants by parsing the docker manifest.json file to find the layer and use it. The 'make tarball' now requires jq for simplicity. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
tixxdz
added a commit
to cilium/tetragon
that referenced
this pull request
Jun 24, 2024
[ Upstream main 5cc9bce ] Starting from Docker 25.0 , the save command will dump the image layers in OCI compatible format: moby/moby#44598 This breaks our tarball build that was using the 'layer.tar' file to construct the final tarball. Let's make the target a bit smart so it can handle all variants by parsing the docker manifest.json file to find the layer and use it. The 'make tarball' now requires jq for simplicity. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
blobs/<alg>/<digest>)VERSIONfile which has no meaning and can't be used anyway in the new formatFor the new files this just goes ahead and uses OCI media types (instead of old docker types) since these are new and should not break anything.
All this works because the old docker layout is dependent on the
manifest.jsonfile at the root of the tar which has paths to each of the blobs in the tarball. The change updates the paths in the manifest to point to the new paths.This is the same technique used by buildkit to support both OCI tar formats as well as legacy docker ones.