ironcore-dev / ironcore-image Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 4.0 274 KB

IronCore OCI Image Specification, Library and Tooling

License: Apache License 2.0

Makefile 4.78% Go 95.22%

ironcore oci os-image

ironcore-image's People

Contributors

Stargazers

Watchers

Forkers

nanory kayrus hardikdr

ironcore-image's Issues

[rl-vulnerability_alerts-1] Violation against OSS Rules of Play

A violation against the OSS Rules of Play has been detected.

Rule ID: rl-vulnerability_alerts-1
Explanation: Are vulnerability alerts enabled? No

Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html

Enhance `ironcore-image` with Platform-Specific Layer Support and CPU Architecture Variants

Description

The ironcore-image project, responsible for defining the OCI manifest for our Operating System images, currently includes layers like rootfs, initramfs, and kernel. We need to improve this project by introducing platform-specific support, where each platform type holds a distinct subset of these layers. Additionally, the project should be capable of handling different CPU architectures, specifically arm64 and amd64.

Requirements

Platform Support:
- virtualization platform should include only the rootfs layer.
- baremetal platform should encompass kernel, initramfs, and rootfs layers.
CPU Architecture Support:
- Ensure compatibility with arm64 and amd64 architectures.

Expected Outcome

Enhanced flexibility in the ironcore-image project to generate OCI manifests tailored to specific platform requirements.
Robust support for the primary CPU architectures in use, enhancing our OS image's compatibility and reach.

Additional Context

This enhancement is crucial for optimizing our OS images for different deployment scenarios, like virtualized environments versus bare-metal setups.
Consideration for the varying requirements of arm64 and amd64 architectures is essential for broadening our OS's applicability.

Sample Manifest

An ironcore-image OCI Specification Draft could look like the following:

schemaVersion: 2.0
mediaType: application/vnd.oci.image.manifest.v1+json

# Manifests for different platforms and architectures
manifests:
  - # Virtualization platform - rootfs only
    mediaType: application/vnd.oci.image.manifest.v1+json
    platform:
      architecture: amd64
      os: linux
      variant: virtualization
    layers:
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-rootfs-amd64>"
        size: <size>
        annotations:
          title: "rootfs"

  - # Virtualization platform - rootfs only (ARM64)
    mediaType: application/vnd.oci.image.manifest.v1+json
    platform:
      architecture: arm64
      os: linux
      variant: virtualization
    layers:
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-rootfs-arm64>"
        size: <size>
        annotations:
          title: "rootfs"

  - # Baremetal platform - kernel, initramfs, rootfs (AMD64)
    mediaType: application/vnd.oci.image.manifest.v1+json
    platform:
      architecture: amd64
      os: linux
      variant: baremetal
    layers:
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-kernel-amd64>"
        size: <size>
        annotations:
          title: "kernel"
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-initramfs-amd64>"
        size: <size>
        annotations:
          title: "initramfs"
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-rootfs-amd64>"
        size: <size>
        annotations:
          title: "rootfs"

  - # Baremetal platform - kernel, initramfs, rootfs (ARM64)
    mediaType: application/vnd.oci.image.manifest.v1+json
    platform:
      architecture: arm64
      os: linux
      variant: baremetal
    layers:
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-kernel-arm64>"
        size: <size>
        annotations:
          title: "kernel"
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-initramfs-arm64>"
        size: <size>
        annotations:
          title: "initramfs"
      - mediaType: application/vnd.oci.image.layer.v1.tar+gzip
        digest: "<digest-rootfs-arm64>"
        size: <size>
        annotations:
          title: "rootfs"
# Replace <digest-*> and <size> with actual hash values and sizes of the layers.

[rl-reuse_tool-2] Violation against OSS Rules of Play

A violation against the OSS Rules of Play has been detected.

Rule ID: rl-reuse_tool-2
Explanation: Does it have LICENSES directory with licenses? No

Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html

docker pull results in invalid rootfs in image configuration

Describe the bug
A docker pull results in an "invalid rootfs in image configuration". This is reproducable using different computers and docker versions.

To Reproduce

$ docker pull ghcr.io/onmetal/onmetal-image/gardenlinux:latest
latest: Pulling from onmetal/onmetal-image/gardenlinux
c1e5e4977170: Pulling fs layer 
70e9885efd93: Downloading  285.8kB/27.76MB
d002d4426df1: Downloading  138.3kB/13.21MB
invalid rootfs in image configuration

Doing the same with podman:

$ podman pull ghcr.io/onmetal/onmetal-image/gardenlinux:latest
Trying to pull ghcr.io/onmetal/onmetal-image/gardenlinux:latest...
Getting image source signatures
Copying blob d002d4426df1 done  
Copying blob 70e9885efd93 done  
Copying blob c1e5e4977170 done  
ERRO[0036] While applying layer: ApplyLayer exit status 1 stdout:  stderr: archive/tar: invalid tar header 
Error: writing blob: adding layer with blob "sha256:c1e5e49771706cc61624ba86672be95bd1ee4c123161adc075341648c9f15678": ApplyLayer exit status 1 stdout:  stderr: archive/tar: invalid tar header

podman version is 3.4.7

Expected behavior
Receiving the image without problem.

[rl-reuse_tool-1] Violation against OSS Rules of Play

A violation against the OSS Rules of Play has been detected.

Rule ID: rl-reuse_tool-1
Explanation: Does README mention REUSE? No

Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html

version tags

Question?

For the Garden Linux project we create a package for onmetal-image, at the moment we identify the version we build by its commit hash since this project does not have any tags. Can you add tags to this project to make identifying versions easier?