image-layout: add an initial image layout spec

[philips]

In order to build tooling that converts the set of OCI Image objects
into an OCI Runtime object we need an Image Layout that test tools can
be built around.

Longer term this Image Layout could be used to define a "single object
image" that is a tar/zip/etc that could be posted over https/ftp/etc.

The layout comes from several different discussions:

#23
#92

Signed-off-by: Brandon Philips [email protected]

[wking]

"content-adressable ..."? I think you're missing"objects." or similar.

[philips]

fixed!

[philips]

Any other @opencontainers/image-spec-maintainers want to chime in?

[wking]

Looks like GitHub wants you to quote your single-characters, otherwise the underscore leads to a lot of italics (at least in the /pull/94/files view).

And while I'm generally against explicit charset restrictions, in this case I'm fine with them, because the “real” name (i.e. whatever is used for crypo-verification) is going to have to be stored in the contents of a blob. The refs/{nick} entries are just convenient nicknames.

[philips]

done, thanks.

[stevvooe]

I'm not sure I have an opinion either way, I'll regret not bringing this up: we use the term "blobs" because these are free-form binary data. They are not "objects" because they have no required structure, other than that imposed by their access path (ie, through a descriptor).

Using something like "objects" would imply structure or a header, similar to git.

I'm not sure if we include this distinction in the spec.

[wking]

On Fri, May 27, 2016 at 12:28:05PM -0700, Stephen Day wrote:

+- "blobs" contains content-addressable blobs

I'm not sure I have an opinion either way, I'll regret not bringing
this up: we use the term "blobs" because these are free-form binary
data. They are not "objects" because they have no required
structure, other than that imposed by their access path (ie, through
a descriptor).

I'm not sure what your comment is in response to, but I'm ok with
“objects” → “blobs” throughout this PR.

[stevvooe]

I am defending the use of the term "blobs" and wondering if we should enshrine said defense. Up until, we've just used it because that is what we've used, whereas there is a deliberate difference between an "object" and a "blob".

[wking]

On Fri, May 27, 2016 at 12:35:56PM -0700, Stephen Day wrote:

+- "blobs" contains content-addressable blobs

I am defending the use of the term "blobs" and wondering if we
should enshrine said defense…

How about:

The image layout does not specify an internal structure for blobs;
any semantics must be inferred from the blob content or the context
from which the blob was referenced.

[philips]

I will add some blobs are opaque language.

On Fri, May 27, 2016 at 1:25 PM W. Trevor King [email protected]
wrote:

In image-layout.md
#94 (comment)
:

@@ -0,0 +1,47 @@
+## Open Container Initiative Image Layout Specification
+
+The OCI Image Layout is a slash separated layout of OCI content-addressable objects and human significant references (refs)
+This layout MAY be used in a variety of different transport mechanisms from archive formats (e.g. tar, zip) or used in shared filesystem environments (e.g. nfs) or in networked file fetching systems (e.g. http, ftp, rsync).
+Given an image layout a tool can convert a given ref into a runnable OCI Image Format by finding an appopriate manifest from the manifest list, unpacking the filesystem serializations in the correct order, and then converting the image configuration into an OCI Runtime config.json.
+
+The image layout has two top level directories:
+
+- "blobs" contains content-addressable blobs

On Fri, May 27, 2016 at 12:35:56PM -0700, Stephen Day wrote: > +- "blobs"
contains content-addressable blobs I am defending the use of the term
"blobs" and wondering if we should enshrine said defense…
How about: The image layout does not specify an internal structure for
blobs; any semantics must be inferred from the blob content or the context
from which the blob was referenced.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/opencontainers/image-spec/pull/94/files/f6de720992cbc2db439b91d4bd1442cd44693e91#r64962020,
or mute the thread
https://github.com/notifications/unsubscribe/AACDCHGQigCzyqz8tPTcuP4y3DJm1gbHks5qF1NAgaJpZM4IoHyx
.

[wking]

Thinking over the backwards-compat discussion in #95, I think we want
to say something here about how we see that working with this layout.
Basically, we want to make it easy and extremely unambiguous to
identify content following this layout from content following some
other layout.

My guess is that we want to give this format a specific name
(application/vnd.oci.image.layout.v1?) in this PR, but punt exposing
that name to the transport mechanisms (e.g. file-based transports can
put it in a magic header, HTTP-based transport can have have a
/version path, etc.). Or maybe we want to require a ‘version’ file
holding the name, and folks who want to also add a magic header are
free to do so?

[philips]

I am fine adding a /oci-layout file with contents like:

{"ociLayoutVersion": "1.0.0"}

[wking]

On Fri, May 27, 2016 at 02:16:17PM -0700, Brandon Philips wrote:

I am fine adding a root /oci-layout file with contents like:

{"ociLayoutVersion": "1.0.0"}

Sounds fine to me, although I don't see a point to putting ‘oci’ in
both the filename and JSON content.

[philips]

@wking @stevvooe all feedback addressed.

@vbatts can you give this a review?

[wking]

I still don't see much point in the hard-to-define “human significant”, especially since location-addressable is sufficient to distinguish refs from blobs.

[vbatts]

Would this be an alternative to the combined layout?

[philips]

@vbatts yes, combined has been removed because it is based on a bunch of organically grown schemas that aren't super documented. See #95

[wking]

On Tue, May 31, 2016 at 02:18:46PM -0700, Vincent Batts wrote:

Would this be an alternative to the combined layout?

A replacement (see #95).

[vbatts]

oh wow. I'll move on from protecting the combined format then, once this is incorporated.

So definitely a shim or docker load --format=oci.v1 .. will be needed.

[philips]

@vbatts yes.

[philips]

@stevvooe @wking lets discuss companion data on #129

[philips]

The only thing blocking this is the continued discussion on some sort of prefix sharding: #94 (comment)

I personally feel like we should punt on the sharding. But, if someone can come up with some benchmarks or other evidence that it is necessary for performance or other reasons I am happy to add the language.

[stevvooe]

“Content-addressable violation” warning lights started flashing all
over at my house once I read “companion data” ;).

Yep. That is somewhat the point.

Let's say that you want to put something next to the target:

sha256/aa/aaaaaa/
   data

This allows you to later place something next to it:

sha256/aa/aaaaaa/
   data
   references

Its unverified in the default access path, but it can be handy for optimizations. Leaving the extra path component leaves space to add something here in the future.

The best argument against doing this is that most of this should be in the descriptor or other secured data.

I personally feel like we should punt on the sharding. But, if someone can come up with some benchmarks or other evidence that it is necessary for performance or other reasons I am happy to add the language.

This is a best practice. I do admit, there may be a cargo-cult aspect to it.

[wking]

On Wed, Jun 08, 2016 at 06:51:59PM -0700, Brandon Philips wrote:

The only thing blocking this is the continued discussion on some
sort of prefix sharding…

I also think it should be rebased around #111 so it can link to the
new descriptor docs.

[stevvooe]

@philips Let's not block on the directory layout.

LGTM

[vbatts]

LGTM
Though I feel like the structure will come up again