/umoci

umoci modifies Open Container images

Primary LanguageGoApache License 2.0Apache-2.0

umoci Fork for Singularity

This is a fork of openSUSE/umoci that is required for sylabs/singularity.

The tag v0.4.2+singularity1 is the upstream v0.4.2 version of umoci, with patches required for Singularity applied.

Singularity requires this fork, as although the patches have been merged into umoci upstream, newer versions of umoci bring in dependencies that conflict with other libraries that Singularity is using. See https://github.com/sylabs/singularity/pull/4209. The main issue is around rdma/cgroups and newer image-spec.

Included Patches

(1) tar_extract: only warn for forbidden xattrs

https://github.com/openSUSE/umoci/commit/72ae591149af4a819e680a8f157a59cda2be6a26

This fixes the Singularity issue: https://github.com/sylabs/singularity/issues/4578

In umoci 0.4.2 rootless mode currently warns if a forbidden xattr is seen, while extractions as root error out. Make root extractions warn, so that docker images such as cern/sl6-base:latest can be extracted as root without failing due to this error.

(2) tar_extract: don't error on fs without xattr support

https://github.com/openSUSE/umoci/commit/3335a0dd0c582f2c6ea9fa12a658129a9c7572ac

This fixes the Singularity issue: https://github.com/sylabs/singularity/issues/4593

If we are extracting to a filesystem that does not support xattrs, make sure that an ENTOSUP from clearxattr or listxattr results in a warning, not an error.

umoci

Release Build Status License: Apache 2.0

Go Report Card CII Best Practices DOI

umoci modifies Open Container images. See the official website for more accessible documentation about how to use umoci.

umoci intends to be a complete manipulation tool for OCI images. In particular, it should be seen as a more end-user-focused version of the oci-image-tools provided by the OCI. The hope is that all of this tooling will eventually be merged with the upstream repository, so that it is always kept up-to-date by the Open Container Initiative community.

However, currently there is a lot of discussion about the new tooling going into the OCI image tools, and right now I need tooling that can abstract all of the internals of the OCI specification into a single CLI interface. The main purpose of this tool is to serve as example of what I would like to see in an oci-image tool.

If you wish to provide feedback or contribute, read the CONTRIBUTING.md for this project to refresh your knowledge about how to submit good bug reports and patches. Information about how to submit responsible security disclosures is also provided.

Releases

We regularly publish new releases, with each release being given a unique identifying version number (as governed by Semantic Versioning (SemVer)). Information about previous releases including the list of new features, bug fixes and resolved security issues is available in the change log. You can get pre-built binaries and corresponding source code for each release from the releases page.

Installation

If you wish to build umoci from source, follow these steps to build in with golang.

GOPATH=$HOME
go get -d github.com/openSUSE/umoci
cd $GOPATH/github.com/openSUSE/umoci
make install

Your umoci binary will be in $HOME/bin.

Usage

umoci has a subcommand-based command-line. For more detailed information, see the generated man pages (which you can build with make doc). You can also read through our quick start guide.

% umoci --help
NAME:
   umoci - umoci modifies Open Container images

USAGE:
   umoci [global options] command [command options] [arguments...]

VERSION:
   0.3.1

AUTHOR(S):
   Aleksa Sarai <asarai@suse.com>

COMMANDS:
     raw      advanced internal image tooling
     help, h  Shows a list of commands or help for one command

   image:
     config      modifies the image configuration of an OCI image
     unpack      unpacks a reference into an OCI runtime bundle
     repack      repacks an OCI runtime bundle into a reference
     new         creates a blank tagged OCI image
     tag         creates a new tag in an OCI image
     remove, rm  removes a tag from an OCI image
     stat        displays status information of an image manifest

   layout:
     gc        garbage-collects an OCI image's blobs
     init      create a new OCI layout
     list, ls  lists the set of tags in an OCI image

GLOBAL OPTIONS:
   --verbose      alias for --log=info
   --log value    set the log level (debug, info, [warn], error, fatal) (default: "warn")
   --help, -h     show help
   --version, -v  print the version

License

umoci is licensed under the terms of the Apache 2.0 license.

umoci: Umoci Modifies Open Containers' Images
Copyright (C) 2016, 2017, 2018 SUSE LLC.
Copyright (C) 2018 Cisco Systems

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Citation

If you have used umoci in your research, please cite it like you would any other useful software. Here is a handy BibTex citation.

@misc{umoci,
	title = {umoci - Standalone Tool For Manipulating Container Images},
	author = {Aleksa Sarai et al.},
	year = {2016},
	url = {https://umo.ci/},
	doi = {http://dx.doi.org/10.5281/zenodo.1188474},
}

Thank you.