From 88901e4b20190689f035a184f3c37878fd70d94f Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Fri, 16 Sep 2016 10:41:20 -0700 Subject: [PATCH 1/2] manifest: Explicitly unspecified attributes for the initial layer directory Point out that the layer's initial empty directory has unspecified attributes. Layer authors interested in the ownership and other attributes of the unpacked root directory should explicitly set an entry for it. This commit originally focused on requiring the initial directory to be empty before the layers are unpacked into it. But most of that was picked up in fed7241f (manifest: clarify the order of layers, 2016-09-29, #349). I'd recommended "match" instead of "be" to allow folks to apply via a union filesystem or whatever. As long as the finished product is right, compliance testers and users should be satisfied. Signed-off-by: W. Trevor King --- manifest.md | 1 + 1 file changed, 1 insertion(+) diff --git a/manifest.md b/manifest.md index 71fc35bb8..7622e6b59 100644 --- a/manifest.md +++ b/manifest.md @@ -45,6 +45,7 @@ Unlike the [Manifest List](manifest-list.md), which contains information about a The array MUST have the base image at index 0. Subsequent layers MUST then follow in stack order (i.e. from `layers[0]` to `layers[len(layers)-1]`). The final filesystem layout MUST match the result of [applying](layer.md#applying) the layers to an empty directory. + The [ownership, mode, and other attributes](layer.md#file-attributes) of the initial empty directory are unspecified. Beyond the [descriptor requirements](descriptor.md#properties), the value has the following additional restrictions: From ded80c09afb4b966e6d9973564b19c2cc94eb164 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Fri, 16 Sep 2016 13:42:37 -0700 Subject: [PATCH 2/2] manifest: Explicitly make 'layers' optional Most folks will distribute images containing layers, but the specified behavior applies cleanly to the layer-less case too. The unpacked rootfs will just be an empty directory with unspecified attributes. Folks might want to use that sort of thing for namespace pinning [1], distributing configs [2], setting up containers that mount the meat from the host [2], etc. [1]: https://github.com/opencontainers/runtime-spec/pull/395#issuecomment-213605476 [2]: https://github.com/opencontainers/image-spec/pull/313#issuecomment-247701273 Signed-off-by: W. Trevor King --- manifest.md | 4 ++-- schema/image-manifest-schema.json | 3 +-- specs-go/v1/manifest.go | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/manifest.md b/manifest.md index 7622e6b59..810f4515c 100644 --- a/manifest.md +++ b/manifest.md @@ -41,9 +41,9 @@ Unlike the [Manifest List](manifest-list.md), which contains information about a - **`layers`** *array* + This OPTIONAL property references the [layers](layer.md) defining the container's root filesystem. Each item in the array MUST be a [descriptor](descriptor.md). - The array MUST have the base image at index 0. - Subsequent layers MUST then follow in stack order (i.e. from `layers[0]` to `layers[len(layers)-1]`). + Layers MUST be [applied](layer.md#applying) in stack order (i.e. from `layers[0]` to `layers[len(layers)-1]`). The final filesystem layout MUST match the result of [applying](layer.md#applying) the layers to an empty directory. The [ownership, mode, and other attributes](layer.md#file-attributes) of the initial empty directory are unspecified. diff --git a/schema/image-manifest-schema.json b/schema/image-manifest-schema.json index f25c85fd2..a5e09c518 100644 --- a/schema/image-manifest-schema.json +++ b/schema/image-manifest-schema.json @@ -30,7 +30,6 @@ "required": [ "schemaVersion", "mediaType", - "config", - "layers" + "config" ] } diff --git a/specs-go/v1/manifest.go b/specs-go/v1/manifest.go index d8b06306c..5adea783a 100644 --- a/specs-go/v1/manifest.go +++ b/specs-go/v1/manifest.go @@ -25,7 +25,7 @@ type Manifest struct { Config Descriptor `json:"config"` // Layers is an indexed list of layers referenced by the manifest. - Layers []Descriptor `json:"layers"` + Layers []Descriptor `json:"layers,omitempty"` // Annotations contains arbitrary metadata for the manifest list. Annotations map[string]string `json:"annotations"`