Skip to content
Choose a tag to compare


@reidpr reidpr released this
· 309 commits to master since this release
Choose a tag to compare

This release contains two important new features that I’ll discuss in a little more detail than usual.

  1. Completely unprivileged end-to-end workflow, with no root, no sudo, and no setuid/setcap helper programs (#184). We have two separate, new options for building images from Dockerfiles:

    1. Our internal builder, ch-grow (#455).

    2. Buildah, with our patches to remove the dependency the setuid/setcap helper programs newuidmap and newgidmap (#479). You can also use stock Buildah in privileged mode with the helpers (#364). We are working with Buildah to have our fully-unprivileged features merged upstream, so the need for a patched Buildah should go away soon.

    Note that these workflows are experimental. Please let us know what bugs you find.

    As part of this, ch-build now knows how to use different builders via the --builder option, and ch-docker2tar has been renamed to ch-builder2tar.

  2. SquashFS wrapper scripts to facilitate a workflow based on SquashFS files rather than tarballs, using SquashFUSE (#408): ch-docker2squash, ch-mount, ch-umount, ch-dir2squash, ch-tar2squash. SquashFS files are roughly mountable tarballs; this workflow lets you mount the archive file on the run host instead of copying and unpacking it in full.

Recall that Charliecloud tries hard to be workflow-agnostic. If you can provide an archive or directory that looks like a Linux filesystem tree, that should work as a container image. This is still true. However, we like to provide wrapper scripts for key workflows, which is the motivation for the Buildah and SquashFS support above.

More new stuff:

More details:
Even more details: v0.9.10...v0.10

Known bugs:
Road map: