This is a fairly major update to umoci.
This update to umoci includes support for v1.1.1 of the OCI image
specification. For the most part, this mostly involves supporting reading new
features added to the specification (such as embedded-data descriptors and
subject references used by OCI artifact images), but at the moment umoci does
not yet support creating images utilising these features.
In addition, umoci also now supports generating config.json blobs that are
compliant with v1.2.1 of the OCI runtime specification. Note that we do not
explicitly use any of the newer features, this is mostly a quality-of-life
update to move away from our ancient pinned version of the runtime-spec.
Breaking
github.com/opencontainers/umoci/oci/config/generate.Generatorhas had the
following breaking API changes made to it:- The existing
ConfigExposedPortsandConfigVolumesmethods now return a
sorted[]stringinstead of amap. - The
(Set)OSand(Set)Architecturemethods have been renamed to have a
Platformprefix (to match image-spec v1.1's organisational changes). They
now read as(Set)PlatformOSand(Set)PlatformArchitecturerespectively.
- The existing
Added
-
umoci statnow includes information about the manifest and configuration of
the image, both in the regular and JSON-formatted outputs. -
umoci now has
SOURCE_DATE_EPOCHsupport, to attempt to
make it easier to create reproducible images. Our behaviour is modelled after
tar --clamp-mtime, meaning thatSOURCE_DATE_EPOCHwill only be used to
modify the timestamps of files newer thanSOURCE_DATE_EPOCH.As
umoci repackworks based on diffs, this also means that only files that
were modified (and will thus be usually be included in the new layer) will
have their timestamps rewritten.--history.createdandumoci config --createdwill also now default to
SOURCE_DATE_EPOCH(if set).With this change, umoci should be fairly compliant with reproducible builds.
Please let us know if you find any other problematic areas in umoci (we are
investigating some other possible causes of instability such as Go map
iteration). -
In order to avoid the need for a patched
gomtreepackage
that supports rootless mode, umoci now has aumoci raw mtree-validate
subcommand that implements the keygomtree validatefeatures we need for
our integration tests.Note that this subcommand is not intended for wider use outside of our tests
(and it is hidden from the help pages for a reason). Most users are probably
better off just usinggomtree. -
umoci --versionnow provides more information about the specification
versions supported by theumocibinary as well as the Go version used. -
umoci confignow supports specifying the architecture variant of the image
with--platform.variant. In addition,--osand--architecturecan now
be set using--platform.osand--platform.archrespectively. -
umoci newwill not automatically fill the architecture variant on ARM
systems to match the host CPU.
Changed
- The output format of
umoci stathas had some minor changes made to how
special characters are escaped and when quoting is carried out.
Fixed
- Some minor aspects of how
umoci statwould filter special characters in
history entries have been resolved. umoci repackwill now truncate themtimeof files added to the layer tar
archives. Previously, we would defer to the Go stdlib'sarchive/tarwhich
rounds to the nearest second (which is incompatible withgomtreeand so in
theory could lead to inconsistent results).- Previously, when generating the runtime-spec
config.json,umoci unpack
would incorrectly prioritise the automatically generated annotations over
explicitly configured labels. This precdence was the opposite of what the
image-spec requires, and has now been resolved.
Thanks to the following contributors for making this release possible:
- Aleksa Sarai [email protected]
- Danish Prakash [email protected]
Signed-off-by: Aleksa Sarai [email protected]