empty_config_descriptor doesn't create an empty descriptor #27

ariel-miculas · 2024-09-30T22:11:16Z

The empty descriptor is described in the image manifest doc.
I suggest we change the new_empty_manifest function to return a manifest with an empty config and to change empty_config_descriptor to create an empty config.
It would look something like get_empty_manifest from PuzzleFS. One caveat is that we need to write the actual empty descriptor in the sha256/blobs directory, otherwise other tools complain about the OCI dir structure integrity (e.g. skopeo), since all the blobs referenced from the metadata must exist on the disk.

The text was updated successfully, but these errors were encountered:

ariel-miculas · 2024-10-12T12:47:20Z

Well ideally we would use the typestate pattern and have new_empty_manifest return an ImageManifestBuilder<Incomplete> which would then build() an ImageManifest<Incomplete>. Then, insert_manifest_and_config would accept both an ImageManifest<Incomplete> and an ImageManifest<Complete>, but insert_manifest would only accept an ImageManifest<Complete>.
There would also be another function which would take an ImageManifest<Incomplete> and turn it into an ImageManifest<Complete>.
Of course, this is too convoluted and would require changes to the entire oci-spec-rs design. What I was hoping to address with this is the comment from empty_config_descriptor:

/// This digest should never actually be used for anything.

because the type system wouldn't allow you to forget to set an actual valid config.

Implementing my previous comment:

we need to write the actual empty descriptor in the sha256/blobs directory

would be counterproductive because we would then have to delete the empty descriptor when the user would replace the config with its own.
Maybe we can still change the dummy digest with the digest of the empty config (sha256("{}")), though I'm not sure if it brings any value.

cgwalters · 2024-10-12T13:16:07Z

Well ideally we would use the typestate pattern

I think that one snowballs in general to youki-dev/oci-spec-rs#242 right?

would be counterproductive because we would then have to delete the empty descriptor when the user would replace the config with its own.

Eh, if we "leak" an empty config descriptor by default that doesn't seem like a big deal. In the general case we need GC (which we don't implement here yet).

ariel-miculas · 2024-10-12T21:06:39Z

Ok, then short-term I will implement the solution which writes the empty config into blobs/sha256 and we live with the two bytes occupied by the {} blob. For the long-term we'll explore the type state builder idea.

…riptor The empty descriptor is described in the image spec [1]. `new_empty_manifest` writes an empty config descriptor in the blobs directory, which results in a valid image layout specification. This is validated using the fsck function in the `test_new_empty_manifest` test. Fixes containers#27 [1] https://github.com/opencontainers/image-spec/blob/main/manifest.md#guidance-for-an-empty-descriptor Signed-off-by: Ariel Miculas-Trif <[email protected]>

ariel-miculas mentioned this issue Oct 12, 2024

Add find_manifest_descriptor_with_tag #28

Merged

ariel-miculas mentioned this issue Oct 13, 2024

new_empty_manifest: create a valid manifest with an empty config desc… #31

Merged

cgwalters closed this as completed in #31 Oct 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

empty_config_descriptor doesn't create an empty descriptor #27

empty_config_descriptor doesn't create an empty descriptor #27

ariel-miculas commented Sep 30, 2024

ariel-miculas commented Oct 12, 2024

cgwalters commented Oct 12, 2024

ariel-miculas commented Oct 12, 2024

empty_config_descriptor doesn't create an empty descriptor #27

empty_config_descriptor doesn't create an empty descriptor #27

Comments

ariel-miculas commented Sep 30, 2024

ariel-miculas commented Oct 12, 2024

cgwalters commented Oct 12, 2024

ariel-miculas commented Oct 12, 2024