Adds image and oci exporter option "oci-mediatypes"
Ensures that the images created in the content store
have the correct type which matches the manifest.
Sets the correct media type on the descriptor in push from
reading the type specified in the manifest.
Removes use of distribution manifest packages.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
This allows two things:
- The caller to set a shorter timeout than previously hardcoded 30s. In
`buildctl` reduce the timeout to 5s. Since the existing timeout has gone
callers will need to arrange to pass one themselves.
- The caller can arrange for the context to be cancelled for other reasons, use
this in `buildctl` to plumb through the Ctrl-C handling, meaning that
`buildctl` now exits almost immediately on Ctrl-C instead of after several
seconds.
Signed-off-by: Ian Campbell <ijc@docker.com>
This needs to be plumbed through to `imageutil.Config` which is also used from
the `containerimage` package. Since that is used in the context of a Worker the
`platforms.Default()` (corresponding to the platform of the worker itself) is
appropriate so apply a default at that level.
Signed-off-by: Ian Campbell <ijc@docker.com>
This makes `tcp://w.x.y.z:port` work from Windows based clients (perhaps
talking to a remote Linux based buildkitd or one running in a container with
Docker for Windows and TCP port forwarding).
Signed-off-by: Ian Campbell <ijc@docker.com>
e.g. with busybox image:
OCI runtime create failed: container_linux.go:348:
starting container process caused "process_linux.go:402:
container init caused \"rootfs_linux.go:58:
mounting \\\"proc\\\" to rootfs \\\"/.../rootfs\\\" at \\\"/proc\\\"
caused \\\"mkdir /.../rootfs/proc: read-only file system\\\"\"": unknown
This is because we were setting the underlying snapshot readonly so the various
mountpoints (here /proc) cannot be created. This would not be necessary if
those mountpoints were present in images but they typically are not.
The right way to get around this (used e.g. by `ctr`) is to use a writeable
snapshot but to set root readonly in the OCI spec. In this configuration the
rootfs is writeable when mounts are processed but is then made readonly by the
runtime (runc) just before entering the user specified binary within the
container.
This involved a surprising amount of plumbing.
Use this new found ability in the dockerfile converter's `dispatchCopy`
function.
Signed-off-by: Ian Campbell <ijc@docker.com>
Otherwise the daemon panics when generating the OCI spec.
For belt and braces check in the ExecOp Run function but also when generating the spec.
Signed-off-by: Ian Campbell <ijc@docker.com>
This seems to have missed out on an update/refactor at some point and was not
usable in its previous form without duplicating the `runOptionFunc`
scaffolding.
Signed-off-by: Ian Campbell <ijc@docker.com>
Tõnis Tiigi
Derek McGowan
Akihiro Suda
Ian Campbell
Akihiro Suda
Nao YONASHIRO
Vincent Demeester