-
Notifications
You must be signed in to change notification settings - Fork 664
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make the order more clear #330
Conversation
@@ -244,7 +244,7 @@ This specification uses the following terms: | |||
Implementations MUST generate an error if they encounter a unknown value while verifying or unpacking an image. | |||
</li> | |||
<li> | |||
<code>diff_ids</code> is an array of layer content hashes (<code>DiffIDs</code>), in order from bottom-most to top-most. | |||
<code>diff_ids</code> is an array of layer content hashes (<code>DiffIDs</code>), in order from bottom-most to top-most and bottom-most at index 0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#318 is proposing consolidated language for the manifest's layers
. Having layers
in one JSON blob and diff_ids
in another is awkward, but I'd suggest leaning on the layers
definition with something like:
<code>diff_ids</code> has the same semantics as the <a href="manifest.md#image-manifest-property-descriptions">manifest's `layers`</a>, except that the digests MUST all be taken after removing any compression.
Without layers
, diff_ids
seems pretty useless. How do you recover the type of the referenced blob? Can we land the +gzip
suffix being discussed in #316 and convert diff_ids
to an array of descriptors? Then you could tell that one entry pointed at anapplication/vnd.oci.image.layer.tar
while another pointed at an application/vnd.oci.image.layer.nondistributable.tar
and another pointed at an application/vnd.example.image.extension
. Then diff_ids
would have a shot at being useful in its own right (in cases where the consumer had access to a CAS engine holding the uncompressed blobs).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wking Frow what I understanding, layers
and diff_ids
are different concept at some point. layers
is defined in manifest to reference layers in image layout, and diff_ids
is defined in config.json
to reference layers in image local storage for engine like docker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wking Be very careful: I have explained the concept of diff_ids
several times and you keep keeping it absolutely wrong. I would prefer if you could take the time to understand the difference before commenting further on this matter. You are causing a lot of confusion and wasting a lot of time of the maintainers and contributors.
This literally has nothing to do with #316, #318 or descriptors. The CAS system has no meaning when inside the image config. This is for calculating the secure ChainID which is used as the image id.
On Mon, Sep 19, 2016 at 07:06:46PM -0700, Lei Jitang wrote:
There's no fundamental distinction between CAS blobs in image-layout "diff_ids": [ is just as stable (especially with a SHOULD canonical JSON, #259) as "diff_ids": [ and the descriptor version has the added benefit that you know which And with the descriptor form, the only difference between ‘layers’ and If we stick with the digest-only array, it's a bit harder to lean on |
Not LGTM: this addition makes it less clear. The statement says it is "in order from bottom-most to top-most", which implies index 0. Adding the extra sentence makes the clause very confusing. |
On Tue, Sep 20, 2016 at 02:37:31PM -0700, Stephen Day wrote:
I'm trying very hard to understand it, but am unclear on why having a
I understood the image ID to be a hash over the config JSON 1. That |
I don't know if |
@wking You're continuing to confuse two concepts. There is no CAS at the image config level. By the time the system is processing the diff ids, CAS doesn't matter. If you couple CAS at this layer, you make for a very bad design. These are only to be used in the calculation of the ChainID. The fact that these share structure with the uncompressed layer artifacts is just a convenience. It is not supposed to be used for fetching content or integrated with some other ill-conceived contraption. Even worse, this has not a thing to do with this PR. You've taken yet another discussion and made it completely off topic and completely unproductive. The fact that you responded within 10 minutes of my earlier comments tells me that you've put no further effort into understanding the concept. Taking time to understand the problem doesn't mean crapping out another paragraph of nonsense. It means reading the docker code and trying to understand the behavior and intent. Try to calculate an image ID using the image config and chain ID and match it with the docker implementation. Then, look at the issues faced when pulling images that arise when you couple remote identification (ie digests) with local verification values. That will build true understanding. |
On Tue, Sep 20, 2016 at 07:52:59PM -0700, Stephen Day wrote:
All you need for CAS is a digest, and we have that now. It's also
Then just include a ChainID and skip diff_ids altogether. But I don't buy CAS-coupling here being a very bad idea. Say I store
You certainly want to be transmitting compressed layers over the wire.
If ‘diff_ids’ hold descriptors, it becomes very easy to define it
“you keep keeping it absolutely wrong” didn't give me a lot to go on
docker --versionDocker version 1.11.2, build b9f10c9 docker images --no-trunc debianREPOSITORY TAG IMAGE ID CREATED SIZE sha256sum /var/lib/docker/image/btrfs/imagedb/content/sha256/dc81f1af026c21c1b2eb9861da188a154027ef11a46df42986165ce7b8e952c2dc81f1af026c21c1b2eb9861da188a154027ef11a46df42986165ce7b8e952c2 /var/lib/docker/image/btrfs/imagedb/content/sha256/dc81f1af026c21c1b2eb9861da188a154027ef11a46df42986165ce7b8e952c2 jq . /var/lib/docker/image/btrfs/imagedb/content/sha256/dc81f1af026c21c1b2eb9861da188a154027ef11a46df42986165ce7b8e952c2{ So it's pretty clear that the image ID is a hash over the config JSON, For the ChainID: $ cat x.go import (
) func main() { Which is also unsurprising because the specs clearly say the chain ID
I'm missing the issues you're pointing at here. Is this “we can't use I fail to see how adding media type information about the uncompressed |
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Obsolete after #349?
|
Signed-off-by: Lei Jitang leijitang@huawei.com
order could be ascending order of descending order,
to avoid confusing, make it clear about the order of layer.