Skip to content
Branch: master
Go to file

Latest commit

cyphar committed 94c2fe2 Nov 21, 2018
merge branch 'pr-18'
  fail if python version is < 3.5

LGTMs: @cyphar
Closes #18


Failed to load latest commit information.
Latest commit message
Commit time


orca-build allows you to build OCI images from a Dockerfile or Orcafile. It doesn't require a daemon or root privileges to operate. It is a fairly small Python wrapper around the following projects (which are obviously requirements to use orca-build):

This was a SUSE Hackweek project and is mainly intended to be a simple tool for users that might want to create images as a rootless user, or to play around with a simple PoC of how various OCI technologies can interact with each other.


The usage is kinda like docker build. You provide it a build context that contains a Dockerfile and orca-build does the rest. I plan to add support for some more of the docker build flags in the near future, but at the moment it works pretty well.

usage: orca-build [-h] [--clean] [--gc] [--output OUTPUT] [--verbose]
                  [--rootless] [--build-arg NAME=value] [-t TAGS]

Build an OCI image from a Dockerfile context. Rootless containers are also
supported out-of-the-box.

positional arguments:
  ctx                   Build context which is used when referencing host
                        files. Files outside the build context cannot be
                        accessed by the build script.

optional arguments:
  -h, --help            show this help message and exit
  --clean               Remove all intermediate image tags after successful
  --gc                  Run a final garbage collection on output image.
  --output OUTPUT       Path of OCI image to output to (if unspecified, a new
                        image is created in /tmp).
  --verbose             Output debugging information.
  --rootless            Enable rootless containers mode.
  --build-arg NAME=value
                        Build-time arguments used in conjunction with ARG.
  -t TAGS, --tag TAGS   Tag(s) of the output image (by default, randomly

Here's an example session of building a standard Dockerfile:

% orca-build -t some-tag .
orca-build[INFO] BUILD[1 of 2]: from ['opensuse/amd64:42.2'] [json=False]
orca-build[INFO] Created new image for build: /tmp/orca-build.r2xp0v8h
  ---> [skopeo]
Getting image source signatures
Copying blob sha256:ed6542b73fb1330e3eee8294a805b9a231e30b3efa71390f938ce89f210db860
 47.09 MB / 47.09 MB [=========================================================]
Copying config sha256:56fae18e2688b7d7caf2dd39960f0e6fda4383c174926e2ee47128f29de066cf
 0 B / 805 B [-----------------------------------------------------------------]
Writing manifest to image destination
Storing signatures
  <--- [skopeo]
orca-build[INFO] BUILD[2 of 2]: run ['echo', 'Hello orca-build!', '&&', 'cat', '/etc/os-release'] [json=False]
  ---> [umoci]
  <--- [umoci]
  ---> [runc]
Hello orca-build!
NAME="openSUSE Leap"
PRETTY_NAME="openSUSE Leap 42.2"
  <--- [runc]
  ---> [umoci]
  <--- [umoci]
orca-build[INFO] BUILD: finished
  ---> [umoci]
  <--- [umoci]
orca-build[INFO] BUILD: created tags ['some-tag']


I don't know how to do the whole "installation" thing with Python, so here's how you install orca-build. It only depends on the standard library (and having the above tools in your $PATH).

% sudo make install

If you want to make sure that umoci, skopeo and runc will play nicely together, you can use make check. It will attempt to run through a trivial usage of rootless containers with the tools above. If this fails, update your installation accordingly. This tweaking should not be necessary in future versions.

% make check

I've only tested it with Python 3.6, but it should work with most modern Python 3 versions.


orca-build is licensed under the terms of the GPLv3 (or later).

orca-build: container image builder
Copyright (C) 2017 SUSE LLC

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <>.
You can’t perform that action at this time.