README
¶
umoci
Status: Pre-Alpha
umoci modifies Open Container images. Not a great name, but what are you going to do. It also is a cool way for people to "dip their toe" into OCI images ("umoci" also means "to dip" in Serbian).
umoci intends to be a complete manipulation tool for OCI images.
In particular, it should be seen as a more end-user-focused version of the
oci-image-tools provided by the OCI. The hope is that all
of this tooling will eventually be merged with the upstream repository, so that
it is always kept up-to-date by the Open Container Initiative community.
However, currently there is a lot of dicussion
about the new tooling going into the OCI image tools, and right now I need
tooling that can abstract all of the internals of the OCI specification into a
single CLI interface. The main purpose of this tool is to serve as example of
what I would like to see in an oci-image tool.
Some of the planned design has been written down, but is subject to change (once all of the in progress points below have been addressed).
In Progress
Here is a laundry list of features that are being worked on from the design document. Checked items have been "completed" (noting that the UX is likely to change and that there are certain issues documented in the code that probably result in technically invalid OCI images -- though testing showed that the OCI tooling didn't pick up on the transgressions).
-
umoci unpack. -
umoci repack. -
umoci/image/generate. -
umoci config. -
umoci gc. -
umoci init. -
umoci ref. -
umoci info. (optional) -
umoci verify. (optional) -
umoci sign. (optional)
Currently umoci relies on several from-scratch implementations of existing
PRs against upstream projects (or aliased vendor projects that include PRs
merged that are not merged upstream). This is because currently upstream
projects are simply not mature enough to be used. It also means that this code
is definitely not safe for production.
-
go-mtreeneeds to have better handling of comparing specifications and directories. I have an open pull request which is being reviewed and will hopefully be merged soon. -
Currently
image/layeris a complete reimplementation of the proposed implementation foroci-create-layer. This is because I needed to use[]gomtree.InodeDeltabut the hope is that my implementation will eventually be pushed upstream (oncego-mtreemerges my PR and gets more stable). -
In addition,
image/casis also a complete reimplementation of this PR. The reason for rewriting that code was because the proposed code doesn't implement some of the nice interfaces I would like (and has some other issues that I find frustrating). I hope that I can push my implementation upstream. -
Currently,
umocirequires root privileges to extract therootfsof an image. This is simply ludicrous, and I'm hoping that this upstream PR will be merged so that I can use an[]idtools.IDMapto allow for translation of the owners of files when generating thetararchives. There are almost certainly hacky ways around this but I would prefer to avoid them.
Also, some of the vendored opencontainers libraries have bugs which means
that I have to manually patch them after running hack/vendor.sh. Which is
just bad on so many levels.
License
umoci is licensed under the terms of the Apache 2.0 license.
umoci: Umoci Modifies Open Containers' Images
Copyright (C) 2016 SUSE LLC.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Directories