Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document extensibility of the image layout #1230

Merged
merged 1 commit into from
Jan 9, 2025
Merged

Document extensibility of the image layout #1230

merged 1 commit into from
Jan 9, 2025

Conversation

sudo-bmitch
Copy link
Contributor

Implementations have been seen that error if a manifest.json is included inside the OCI Layout. This documents the extensibility of the directory structure.

See moby/moby#49141

@sudo-bmitch sudo-bmitch mentioned this pull request Dec 22, 2024
Closed
thaJeztah
thaJeztah approved these changes Dec 23, 2024
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

image-layout.md Outdated Show resolved Hide resolved
tianon
tianon reviewed Dec 23, 2024
View reviewed changes
image-layout.md Outdated Show resolved Hide resolved
@LTek-online
Copy link

Something else that could be helpful to add it to define which file has precedence over which.
In the example of a hybrid image with both manifest.json and index.json being present, without defining precedence the outcome of reading the image can still be non deterministic between different implementations as it very much depends on the implementation as to which file will be read and interpreted.

In my case of moby/moby#49141 the tool, nexus-iq scanner, assumed that the presence of the manifest.json file means that the layers are tarred.
Purely defining that unknown files have to be accepted might not be enough in this case as the tool happily accepts unknown files within the container image as long as it's not one of the layer files.

Adding that the index.json or any other files defined in the OCI spec have precedence over the manifest.json could be helpful here.
I have to acknowledge that I'm not an expert in the OCI image spec, so if anything is wrong / incorrect please feel free to point it out to me without hesitation.

@sudo-bmitch
Document extensibility of the image layout
60acaac 
Signed-off-by: Brandon Mitchell <git@bmitch.net>
@sudo-bmitch sudo-bmitch force-pushed the pr-layout-extensibility branch from 49ff577 to 60acaac Compare December 26, 2024 15:05
@sudo-bmitch
Copy link
Contributor Author

Something else that could be helpful to add it to define which file has precedence over which.

I'm hesitant to do this because it would be the specification trying to claim a priority over one of the projects that happens to implement the specification. It also feels like something much more appropriate for the projects consuming the content to decide individually. Some projects may prefer the docker save format, others may want the OCI Layout, and some may make that a user choice.

In the nexus-iq bug you are experiencing, I think that's a symptom of the docker save format not having a specification, only implementations (at least I couldn't find one in my brief searching). Docker is free to change their own implementation, and they may only focus on their own tooling interoperability. There may be some value in Docker documenting the requirements for the manifest.json, but I won't be surprise if this becomes a legacy format with their transition to containerd's image storage backend.

@sudo-bmitch sudo-bmitch merged commit 1a0b9f9 into opencontainers:main Jan 9, 2025
4 checks passed
@sudo-bmitch sudo-bmitch deleted the pr-layout-extensibility branch January 9, 2025 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sajayantony sajayantony sajayantony approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

@tianon tianon tianon approved these changes

@jonjohnsonjr jonjohnsonjr Awaiting requested review from jonjohnsonjr jonjohnsonjr is a code owner

@stevvooe stevvooe Awaiting requested review from stevvooe stevvooe is a code owner

@cyphar cyphar Awaiting requested review from cyphar cyphar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sudo-bmitch @LTek-online @tianon @thaJeztah @sajayantony