Trying to export to OCI Layout format using an untrusted builder is not working, it exports to the daemon

[jjbustamante]

Summary

Following the documentation for testing the new export to OCI layout feature, I noticed the final application is not actually saved in disk using the OCI Layout format, it is being saved in the daemon.

The reason for that is because the sample builder is not trusted, because of that pack is not using the creator and is not properly configuring each phase with the layout flags.

---

Reproduction

Steps

1. follow the steps from the documentation
2. execute the command pack build oci:sample-app --path samples/apps/java-maven --builder cnbs/sample-builder:bionic
3. the ouput folder sample-app is being created locally but it is empty, the image was saved in the daemon

Current behavior

The application image is being saved in the daemon

Expected behavior

The application image is exported to my local folder in OCI Layout format

---

Environment

pack info

Pack:
  Version:  0.30.0+git-c38f7da.build-4952
  OS/Arch:  darwin/amd64

Default Lifecycle Version:  0.17.0

Supported Platform APIs:  0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12

Config:
  default-builder-image = "[REDACTED]"
  experimental = true
  lifecycle-image = "buildpacksio/lifecycle:0.17.0"
  layout-repo-dir = "/Users/jbustamante/.pack/layout-repo"

docker info

Client:
 Version:    24.0.2
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.0
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.19.1
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.16.1
    Path:     /Users/jbustamante/.docker/cli-plugins/docker-scout

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 158
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 11.7GiB
 Name: docker-desktop
 ID: f0df3342-dc61-4524-8333-f54f56677016
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  192.168.2.20/32
  127.0.0.0/8
 Live Restore Enabled: false

[jjbustamante]

I just downloaded the RC1 vesion and checked everything is fine now.

➜  apps git:(main) ✗ ./pack-0.31.0RC1 build -p ruby-bundler --builder cnbs/sample-builder:jammy oci:ruby-app
jammy: Pulling from cnbs/sample-builder
Digest: sha256:e4a4e984c4374a58c138c974101faa126cc9193bf33968092bac2a62aa5a1b67
Status: Image is up to date for cnbs/sample-builder:jammy
0.17.1: Pulling from buildpacksio/lifecycle
Digest: sha256:d2198a1940e80d6261d4cc4512c0303d56436836e59a71b90d28d03a5b9ba373
Status: Image is up to date for buildpacksio/lifecycle:0.17.1
===> ANALYZING
[analyzer] Warning: Ignoring -launch-cache, only intended for use with -daemon
[analyzer] Warning: Platform requested experimental feature 'export to OCI layout format'
[analyzer] Timer: Analyzer started at 2023-09-22T13:42:00Z
[analyzer] Image with name "/layout-repo/index.docker.io/library/ruby-app/latest" not found
[analyzer] Image with name "/layout-repo/index.docker.io/cnbs/sample-base-run/jammy" not found
[analyzer] Timer: Analyzer ran for 53.444µs and ended at 2023-09-22T13:42:00Z
===> DETECTING
[detector] Timer: Detector started at 2023-09-22T13:42:00Z
[detector] Warning: buildpack samples/ruby-bundler has a "version" key. This key is deprecated in build plan requirements in buildpack API 0.3. "metadata.version" should be used instead
[detector] samples/ruby-bundler 0.0.1
[detector] Timer: Detector ran for 9.611632ms and ended at 2023-09-22T13:42:00Z
===> RESTORING
[restorer] Timer: Restorer started at 2023-09-22T13:42:01Z
[restorer] Timer: Restorer ran for 227.661µs and ended at 2023-09-22T13:42:01Z
===> BUILDING
[builder] Timer: Builder started at 2023-09-22T13:42:01Z
[builder] ---> Ruby Buildpack
[builder] ---> Downloading and extracting Ruby 3.1.3
[builder] cat: /layers/samples_ruby-bundler/bundler.toml: No such file or directory
[builder] ---> Installing gems
[builder] [DEPRECATED] The `--path` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set --local path '/layers/samples_ruby-bundler/bundler'`, and stop using this flag
[builder] Bundler 2.3.26 is running, but your lockfile was generated with 2.0.2. Installing Bundler 2.0.2 and restarting using that version.
[builder] Fetching gem metadata from https://rubygems.org/.
[builder] Fetching bundler 2.0.2
[builder] Installing bundler 2.0.2
[builder] Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
....
[builder] Fetching gem metadata from https://rubygems.org/....
....
[builder] Using bundler 2.0.2
[builder] /layers/samples_ruby-bundler/ruby/lib/ruby/gems/3.1.0/gems/bundler-2.0.2/lib/bundler/shared_helpers.rb:36: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2.
[builder] Using ruby2_keywords 0.0.5
[builder] Fetching mustermann 1.1.1
[builder] Installing mustermann 1.1.1
....
[builder] Bundle complete! 1 Gemfile dependency, 7 gems now installed.
[builder] Bundled gems are installed into `/layers/samples_ruby-bundler/bundler`
[builder] Timer: Builder ran for 7.594026863s and ended at 2023-09-22T13:42:09Z
===> EXPORTING
[exporter] Warning: Platform requested experimental feature 'export to OCI layout format'
[exporter] Using app image: /layout-repo/index.docker.io/library/ruby-app/latest
[exporter] Timer: Exporter started at 2023-09-22T13:42:10Z
[exporter] Adding layer 'samples/ruby-bundler:bundler'
[exporter] Adding layer 'samples/ruby-bundler:ruby'
[exporter] Adding layer 'buildpacksio/lifecycle:launch.sbom'
[exporter] Adding 1/1 app layer(s)
[exporter] Adding layer 'buildpacksio/lifecycle:launcher'
[exporter] Adding layer 'buildpacksio/lifecycle:config'
[exporter] Adding layer 'buildpacksio/lifecycle:process-types'
[exporter] Adding label 'io.buildpacks.lifecycle.metadata'
[exporter] Adding label 'io.buildpacks.build.metadata'
[exporter] Adding label 'io.buildpacks.project.metadata'
[exporter] no default process type
[exporter] Timer: Saving /layout-repo/index.docker.io/library/ruby-app/latest... started at 2023-09-22T13:42:10Z
[exporter] *** Images (/layout-repo/index.docker.io/library/ruby-app/latest@sha256:1f9ad9202fdf867d417d0802a3374b31b54184888f7e5b74e8612dbc226848c1):
[exporter]       /layout-repo/index.docker.io/library/ruby-app/latest
[exporter] Timer: Saving /layout-repo/index.docker.io/library/ruby-app/latest... ran for 1.175262956s and ended at 2023-09-22T13:42:12Z
[exporter] Timer: Exporter ran for 2.118156693s and ended at 2023-09-22T13:42:12Z
[exporter] Timer: Cache started at 2023-09-22T13:42:12Z
[exporter] Adding cache layer 'samples/ruby-bundler:bundler'
[exporter] Timer: Cache ran for 2.342584ms and ended at 2023-09-22T13:42:12Z
Successfully built image ruby-app
➜  apps git:(main) ✗ tree ruby-app
ruby-app
├── blobs
│   └── sha256
│       ├── 14eaea7168b1fc4b8b30f7a20f7609335cc3dbcfb6d4c1afeb1e5daefd26cdf9
│       ├── 1f9ad9202fdf867d417d0802a3374b31b54184888f7e5b74e8612dbc226848c1
│       ├── 20cfe2ded6fd6c48bd169d33abac892beb759aefec14b611e17e0db7e9bf9086
│       ├── 445a6a12be2be54b4da18d7c77d4a41bc4746bc422f1f4325a60ff4fc7ea2e5d
│       ├── 7bbbe99c825fbc3312c7846e3b6208c7874f2df853cbce0a8dd7f9d34dc82977
│       ├── 7cd2fe3e31da94ada5da6748005c3165a3aa427d910d90014fca3ceeeb3ee9de
│       ├── 816977796ef8b50562f6525992fc5084a6aa37c9a0967f602d9007343ed9a616
│       ├── 854a10cdb0380253c0fdba9d109aef5be31fa8cdc78be89819abcb6621a1bc7a
│       ├── a080445d2a84e2e5ffbcd9a8d885e268fadd3d89cff3066e3f0d373ad79d5b59
│       ├── b5924ae372f83399cf78fdfd38608f6d0ae79a9df23b06336d5767e2f407d0c8
│       ├── cf82337a2c58b50f0515b062146bf939bd5405002a73fbff9705172d9f6ff244
│       └── ff859d946ff8bf4ca15d5c1ae27d3f11be821ad3ef857d8b935cbb3be7f29eb2
├── index.json
└── oci-layout

3 directories, 14 files