@cyphar cyphar released this Dec 19, 2016 · 17 commits to master since this release

umoci has now gone a large amount of cleanup, and included the addition
of a few previously missing features. The main thing blocking a full
release is that manifest lists are still unsupported, and there are some
upstream PRs that define some of umoci's operations that need to be
merged before umoci can be considered a compliant implementation. In
addition, the logging library needs to be swapped (and the amount of
output reduced).

Here's a short list of features added:

  • xattr support for both packing and unpacking was added, in particular
    this code also handles the issue of security.selinux. More policy
    decisions need to be added, but those are being discussed upstream.
    cyphar/umoci#52 cyphar/umoci#49

  • Ensure that environment variables have no duplicates. This ensures
    that umoci won't duplicate environment variables in either Config.Env
    or the extracted process.env. cyphar/umoci#30

  • Add support for read-only CAS operations with a read-only filesystem.
    Previously, attempting to open an OCI image on a read-only filesystem
    would fail miserably, now you can do read-only operations without
    issue. cyphar/umoci#47

  • Garbage collection now also garbage collects old tmpdirs, and other
    garbage from inside an image layout. cyphar/umoci#17

  • Output a helpful comment about --rootless if you're getting EPERMs.

  • Enable stack traces from an error if the --debug flag was applied to
    umoci. This is a feature that hopefully will be added to pkg/errors

  • Cleanups to vendoring of go-mtree so that it's much more

Signed-off-by: Aleksa Sarai




@cyphar cyphar released this Dec 11, 2016 · 87 commits to master since this release

umoci now has a stable UX, as well as proper documentation for the UX in
the form of generated man pages. Here's the full list of cool features:

  • umoci v0.0.0-rc2 has support for rootless unpacking and repacking!

  • It also has support for regular UID and GID mapping! cyphar/umoci#26

  • Symlinks and other similarly tricky unpacking problems have been
    resolved. All symlink path components are resolved inside the root
    filesystem of the container during unpacking. cyphar/umoci#27

  • Tag modification commands (such as umoci-tag(1), umoci-rm(1),
    umoci-ls(1)) have been implemented. cyphar/umoci#6 cyphar/umoci#40

  • umoci-stat(1) has been implemented. Currently it only outputs history
    information, but this will change in the future. It has stable JSON
    output. cyphar/umoci#38

  • umoci-init(1) and umoci-new(1) have been implemented, allowing for the
    creation of entirely new images from scratch. cyphar/umoci#5

  • umoci-repack(1) and umoci-config(1) now automatically generate history
    entries (since the history is actually used by tooling like skopeo). In
    addition, the history mutation from umoci-config(1) has been removed
    because it was just unsafe. In order for users to be able to configure
    history entries' values, --history.* flags have been introduced.

  • umoci-unpack(1) now saves all of the important argument metadata
    provided to it inside the generated bundle. These saved arguments are
    loaded by umoci-repack(1) to make the workflow much more sane.

  • --image and --from arguments have been combined into skopeo-style
    [:] arguments to --image. cyphar/umoci#39

  • Errors encountered during generation of a delta layer now are
    correctly propagated. cyphar/umoci#33

  • Hardlinks are now correctly unpacked as bone-fide hardlinks.

  • Support for unpacking and configuring annotations (which is a
    v1.0.0-rc3 feature of the OCI image specification). There's still some
    work to be done upstream in making the unpacking procedure specified
    but this is as good as you're going to get for a while.

  • umoci has full integration and unit testing. cyphar/umoci#12

  • umoci now has validation integration tests to ensure that at every
    stage of a test we could stop and still have a completely valid OCI
    image and that every extracted bundle is a valid OCI runtime bundle.

This code is still being reworked (though much more slowly than before).
Hold off on using it anywhere until we hit the proper 0.0.0 release!

Signed-off-by: Aleksa Sarai




@cyphar cyphar released this Nov 9, 2016 · 200 commits to master since this release

At this point, umoci implements enough functionality to be able to
extract, repack and modify OCI images. It is still missing major
functionality (such as the ability to create an entirely new image or
just create tags for images), but should be enough for a demo.

Please don't use this anywhere important. There are known security
issues with this release (which will be fixed before 0.0.0).

Signed-off-by: Aleksa Sarai