-
Notifications
You must be signed in to change notification settings - Fork 669
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redunant definition of layers #115
Comments
@philips I'm not sure saying we have redundant definitions of layers is correct. We have two different identifiers depending on the context. With the manifest, we have a simple, byte-stream digest. Within image config, We can look at these as two components, numbered according to the above:
The benefit of this distinction is that images can be fetched without having to understand anything about a container runtime or actual image format. It also simplifies content storage, in that we no longer need to couple storage with the content format. Most of this can be avoided if we opt to store artifacts, rather than try to reassemble. |
On Thu, Jun 02, 2016 at 12:59:05PM -0700, Stephen Day wrote:
I haven't wrapped my head around DiffID, so this may be off target.
This sounds like the best approach to me. Disk space is cheap and |
Ideally, but with compressed layers, there is little that can be done to ensure this. Including the
👃 👈 I'd love to resolve this in OCI, but doing this in the 1.0 time frame is unrealistic. We need to be careful not to impose an artifact store on implementations, as there are cases where that is untenable or impractical. |
On Thu, Jun 02, 2016 at 01:29:52PM -0700, Stephen Day wrote:
If we drop DiffID in favor of descriptors for layers, the only I'm not clear on the security angle (although I have a guess 2). |
@stevvooe So, if I were to add a clarifying point to help out @s-urbaniak and other people new to the spec the config diffID is the ungzipped hash? While the layers digest is gzipd? |
@philips That is a fair differentiation but not binding. The digest is the hash of the unprocessed content. It can be verified without understand tar or layers or images. The diffID must be the ungzipped hash. |
@stevvooe what do you mean by non-binding? I will try and get some language together to close out this bug. |
This is what I meant:
A digest reference can be verified without understanding the content, a diffID cannot. |
DiffIDs and Manifest list digests were a bit confusing. Explain the difference. Fixes: opencontainers#115
DiffIDs and Manifest list digests were a bit confusing. Explain the difference. Fixes: opencontainers#115 Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
DiffIDs and Manifest list digests were a bit confusing. Explain the difference. Fixes: opencontainers#115 Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
DiffIDs and Manifest list digests were a bit confusing. Explain the difference. Fixes: opencontainers#115 Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
We have two definitions of layers:
Which list should we consider for unpacking/oci-runtime-bundling?
The text was updated successfully, but these errors were encountered: