-
Notifications
You must be signed in to change notification settings - Fork 60
Conversation
This reverts commit c9666e6. Conflicts: lib/docker2aci.go
And layer label
Updated PR |
endpoints, | ||
// TODO(iaguis) discover if httpsOrHTTP | ||
fmt.Sprintf("https://%s/v1/", strings.TrimSpace(endpointEl))) | ||
layersOutputDir := "." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should just be outputDir no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ooops, good catch. Thanks!
The previous approach to squashing would simply go through the layers from the app layer to the base layer and add the files to the final ACI image file. This produced incorrect ACIs because it doesn't preserve the extraction order. When a file was overwriting a directory present in a previous layer, the squashed ACI had the directory entry *after* the file. We now create a map of files to ACI layers and populate it starting from the base image. If files are repeated we take the last one. Then, we do a second pass and add the file entry to the output tarball if the current layer is the correct one.
Since we can have entries like rootfs/.wh.what/ever without having rootfs/.wh.what/ the previous solution didn't work
The ACI format expects a rootfs entry in the tar file, we now add one when generating the ACIs. Also, aci.ArchiveWriter writes the manifest with current date, which leads to non-reproducable ACIs. I don't think modifying the aci package is the right thing to do so we write directly to the tar file.
I think we should just move this and keep moving forward. /cc @jonboulle |
@iaguis I was looking at the patchset. Wouldn't be better to reuse some existing code? Right now I splitted the acirenderer patch in two parts (rkt/rkt#464 and rkt/rkt#465) and the first one should be used also by docker2aci and doesn't need any previous PR. I was thinking of this code path:
|
I'd like to reuse your code. Right now I see two problems though:
Any thoughts on that? Maybe requiring root is not a big deal? |
Yep, no need for this to live in Rocket itself
Hmm, why does it need root (a priori of being applied to a filesystem that needs root)? |
Extracting files with the correct permissions/owners or with node files requires root since a regular user can't make the appropriate calls (chown, chmod...)
I agree |
Hah, OK, I was thinking completely backwards
|
@jonboulle @iaguis You're right! In the meantime I just changed acirenderer with a better algo so now it will create a list of files to extract for every aci. The extraction part is in its file (extract.go) so this can also be splitted and the acirenderer core (acirenderer.go and the tests) can be moved. PTAL (rkt/rkt#464) |
That's awesome! I'll try to use it in docker2aci and let you know any issues I find. |
I just found this library: https://github.com/winchman/libsquash |
This PR implements squash functionality for ACI images. The last 3 commits are the interesting ones, the rest is covered by #5.
Fixes #2