Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFE: Containerfile: RUN --mount=type=oci,from=[stage|image] #5837

Open
allisonkarlitskaya opened this issue Nov 13, 2024 · 1 comment
Open
Labels
jira Issues which will be sync'd to a card at https://issues.redhat.com/projects/RUN

Comments

@allisonkarlitskaya
Copy link

It would be very useful to be able to access a previous stage of a multi-stage build of a container as a directory in the oci format output by (and supported for input by) skopeo.

The image in question could be specified via the from= field in the same way as it currently works for type=bind. In the case of type=oci, only build stages and images would be supported (not the build context) and there would be no source option.

allisonkarlitskaya added a commit to containers/composefs-rs that referenced this issue Nov 15, 2024
src/fs.rs contains code for writing the in-memory filesystem tree to a
directory on disk, so let's add the other direction: converting an
on-disk directory to an in-memory filesystem tree.  This will let us
scan container images from inside containers.  This is necessary because
we can't get access to the OCI layer tarballs during a container build
(even from a later stage in a multi-stage build) but we can bindmount
the root filesystem.

See containers/buildah#5837

With our recent changes to how we handle metadata on the root directory
we should now be producing the same image on the inside and the outside,
which gives us a nice way to produce a UKI with a built-in `composefs=`
command-line parameter.

Add a new 'unified' example.  This does the container build as a single
`podman build` command with no special arguments.

Closes #34
allisonkarlitskaya added a commit to containers/composefs-rs that referenced this issue Nov 15, 2024
src/fs.rs contains code for writing the in-memory filesystem tree to a
directory on disk, so let's add the other direction: converting an
on-disk directory to an in-memory filesystem tree.  This will let us
scan container images from inside containers.  This is necessary because
we can't get access to the OCI layer tarballs during a container build
(even from a later stage in a multi-stage build) but we can bindmount
the root filesystem.

See containers/buildah#5837

With our recent changes to how we handle metadata on the root directory
we should now be producing the same image on the inside and the outside,
which gives us a nice way to produce a UKI with a built-in `composefs=`
command-line parameter.

Add a new 'unified' example.  This does the container build as a single
`podman build` command with no special arguments.

Closes #34
allisonkarlitskaya added a commit to containers/composefs-rs that referenced this issue Nov 15, 2024
src/fs.rs contains code for writing the in-memory filesystem tree to a
directory on disk, so let's add the other direction: converting an
on-disk directory to an in-memory filesystem tree.  This will let us
scan container images from inside containers.  This is necessary because
we can't get access to the OCI layer tarballs during a container build
(even from a later stage in a multi-stage build) but we can bindmount
the root filesystem.

See containers/buildah#5837

With our recent changes to how we handle metadata on the root directory
we should now be producing the same image on the inside and the outside,
which gives us a nice way to produce a UKI with a built-in `composefs=`
command-line parameter.

Add a new 'unified' example.  This does the container build as a single
`podman build` command with no special arguments.

Closes #34

Signed-off-by: Allison Karlitskaya <[email protected]>
allisonkarlitskaya added a commit to containers/composefs-rs that referenced this issue Nov 15, 2024
src/fs.rs contains code for writing the in-memory filesystem tree to a
directory on disk, so let's add the other direction: converting an
on-disk directory to an in-memory filesystem tree.  This will let us
scan container images from inside containers.  This is necessary because
we can't get access to the OCI layer tarballs during a container build
(even from a later stage in a multi-stage build) but we can bindmount
the root filesystem.

See containers/buildah#5837

With our recent changes to how we handle metadata on the root directory
we should now be producing the same image on the inside and the outside,
which gives us a nice way to produce a UKI with a built-in `composefs=`
command-line parameter.

Add a new 'unified' example.  This does the container build as a single
`podman build` command with no special arguments.

Closes #34

Signed-off-by: Allison Karlitskaya <[email protected]>
allisonkarlitskaya added a commit to containers/composefs-rs that referenced this issue Nov 20, 2024
src/fs.rs contains code for writing the in-memory filesystem tree to a
directory on disk, so let's add the other direction: converting an
on-disk directory to an in-memory filesystem tree.  This will let us
scan container images from inside containers.  This is necessary because
we can't get access to the OCI layer tarballs during a container build
(even from a later stage in a multi-stage build) but we can bindmount
the root filesystem.

See containers/buildah#5837

With our recent changes to how we handle metadata on the root directory
we should now be producing the same image on the inside and the outside,
which gives us a nice way to produce a UKI with a built-in `composefs=`
command-line parameter.

Add a new 'unified' example.  This does the container build as a single
`podman build` command with no special arguments.

Closes #34

Signed-off-by: Allison Karlitskaya <[email protected]>
Copy link

A friendly reminder that this issue had no activity for 30 days.

@nalind nalind added jira Issues which will be sync'd to a card at https://issues.redhat.com/projects/RUN and removed stale-issue labels Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
jira Issues which will be sync'd to a card at https://issues.redhat.com/projects/RUN
Projects
None yet
Development

No branches or pull requests

2 participants