manifest: Explicitly base manifest.layers on an empty directory #318
Conversation
|
As this stands with 1472012, this PR focuses on the empty-directory base and is largely agnostic on whether
|
| @@ -140,9 +140,8 @@ Unlike the [Manifest List](#manifest-list), which contains information about a s | |||
| - **`layers`** *array* | |||
|
|
|||
| Each item in the array MUST be a [descriptor](descriptor.md). | |||
| The array MUST have the base image at index 0. | |||
| Subsequent layers MUST then follow in the order in which they are to be layered on top of each other. | |||
| The algorithm to create the final unpacked filesystem layout MUST be to first unpack the layer at index 0, then index 1, and so on. | |||
There was a problem hiding this comment.
Could we preserve the clarity of this wording?
There was a problem hiding this comment.
@wking Please respond inline on the review.
Do
you have a particular feature in the lines I'm removing that you feel
it doesn't cover?
You've changed the emphasis and meaning of the clause.
Before, the emphasis was on ordering, where now it is focusing on the nature of the base layer.
|
On Fri, Sep 16, 2016 at 01:31:50PM -0700, Stephen Day wrote:
One man's clarity is another's redundancy ;). The “MUST be … in the |
| @@ -140,9 +140,8 @@ Unlike the [Manifest List](#manifest-list), which contains information about a s | |||
| - **`layers`** *array* | |||
|
|
|||
| Each item in the array MUST be a [descriptor](descriptor.md). | |||
There was a problem hiding this comment.
must the descriptor point to a layer mediatype?
|
I've pushed 7b92852 → 809ff0e with a new commit to make layers |
|
On Fri, Sep 16, 2016 at 01:41:23PM -0700, Jonathan Boulle wrote:
Yes, but I think that's orthogonal (#304). |
|
On Fri, Sep 16, 2016 at 01:51:32PM -0700, Stephen Day wrote:
I'm just replying to GitHub's mail, and it's sending a lot since this
I tried to add meaning (for the initial state) without removing
We obviously want to emphasize both. There's a bit more to say about The root filesystem MUST match the result of applying I would rather start with the empty directory in the sentence, since |
|
I've pushed 809ff0e → c22efd8 changing: The root filesystem MUST match an empty directory onto which the to: The root filesystem MUST match the result of which I like more mostly because it avoid “onto which” and “have been |
| The array MUST have the base image at index 0. | ||
| Subsequent layers MUST then follow in the order in which they are to be layered on top of each other. | ||
| The algorithm to create the final unpacked filesystem layout MUST be to first unpack the layer at index 0, then index 1, and so on. | ||
| The root filesystem MUST match the result of [applying](layer.md#applying) the entries to an intially empty directory in the listed order. |
There was a problem hiding this comment.
initially (but I'd rather just scrap this word)
|
Getting better, though I'm not quite sure we're at the right wording yet... |
|
LGTM (good enough for now :-) |
|
@crosbymichael @mrunalp Could you please make sure this makes sense in the context of runc? In docker, we do have a "scratch" layer but I think we explicitly call that out. I am not sure about the effect of adding an implied empty layer. |
|
I don't think having a required empty is needed or a good thing. If I specify one layer in the array i should only have 1 dir, not two. |
|
On Tue, Sep 20, 2016 at 01:17:04PM -0700, Michael Crosby wrote:
How would you have two? If you specify one layer in the array, you'll With: $ tar -tf layer.tar This would be the legal result of the unpacking: $ mkdir rootfs 0 directories, 1 file But this would not be legal: $ mkdir rootfs 0 directories, 2 files |
|
Then I guess the wording is super confusing and hard to tell what is meant. |
|
On Tue, Sep 20, 2016 at 01:55:34PM -0700, Michael Crosby wrote:
“MUST match the result of applying the entries to an empty directory |
wking
force-pushed
the
layer-base
branch
2 times, most recently
from
57eb55c
to
28a4a9d
Compare
|
The bulk of the first commit here (which explicitly required an |
|
lgtm |
| Each item in the array MUST be a [descriptor](descriptor.md). | ||
| The array MUST have the base image at index 0. | ||
| Subsequent layers MUST then follow in stack order (i.e. from `layers[0]` to `layers[len(layers)]`). | ||
| Layers MUST must be [applied](layer.md#applying) in stack order (i.e. from `layers[0]` to `layers[len(layers)]`). |
There was a problem hiding this comment.
my mistake, but layers[len(layers)] -> layers[len(layers)-1]`
…ectory Point out that the layer's initial empty directory has unspecified attributes. Layer authors interested in the ownership and other attributes of the unpacked root directory should explicitly set an entry for it. This commit originally focused on requiring the initial directory to be empty before the layers are unpacked into it. But most of that was picked up in fed7241 (manifest: clarify the order of layers, 2016-09-29, opencontainers#349). I'd recommended "match" instead of "be" to allow folks to apply via a union filesystem or whatever. As long as the finished product is right, compliance testers and users should be satisfied. Signed-off-by: W. Trevor King <wking@tremily.us>
Most folks will distribute images containing layers, but the specified behavior applies cleanly to the layer-less case too. The unpacked rootfs will just be an empty directory with unspecified attributes. Folks might want to use that sort of thing for namespace pinning [1], distributing configs [2], setting up containers that mount the meat from the host [2], etc. [1]: opencontainers/runtime-spec#395 (comment) [2]: opencontainers#313 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
|
i think this LGTM (as an aside, it seems almost like the "layers" ought to just be "blobs" or "objects", as the config will reference the diff_ids as well in the expected order) |
|
On Thu, Oct 06, 2016 at 11:12:45AM -0700, Vincent Batts wrote:
The manifest links to the config blob too, and that blob is not |
|
LGTM |
|
LGTM but needs approval from steeeeve |
|
While this is elegant, I am slightly worried there is nothing practical here. From a conceptual point of few, it is interesting that layers are applied to an empty directory. I did investigate this and ended up filing moby/moby#27568. I think other language in this PR is sufficient for a merge. |
|
On Wed, Oct 19, 2016 at 05:48:56PM -0700, Stephen Day wrote:
There was previous discussion about an ./ entry in a layer in 1. If And the empty initial directory also protects from 2, which I think |
|
@wking 100 image spec maintainers could agree and still be wrong. There are three things at issue:
For the most part, the discussion around 1 and 2, which is partially addressed in this PR, is important and relevant. Number 3 is novel, the use cases aren't clear and introduces something that is not already done in practice, the implications of which aren't clear. |
|
On Thu, Oct 20, 2016 at 10:46:46AM -0700, Stephen Day wrote:
Part of (1) and all of (2) has already been addressed by #349 using |
We doesn't define a `base image`, use `base layer` is correct. This issue first being addressed in pr opencontainers#312, and then being addressed in pr opencontainers#318, and then in pr opencontainers#407, but landing opencontainers#407 has a long way to go. We could addressed this first to avoid confusing. Signed-off-by: Lei Jitang <leijitang@huawei.com>
And point out that layer authors interested in the ownership and other attributes of the unpacked root directory should explicitly set an entry for it. I expect folks will mostly use
./, but have made that an example in case they want to use other spellings (which unpackers should respect).I've used "match"” instead of "be" to allow folks to apply via a union filesystem or whatever. As long as the finished product is right, compliance testers and users should be satisfied.
Spun off from this comment to answer this request, cc @jonboulle.