Document how to do create an image from scratch

[bastien-roucaries]

Hi

At debian we have special tools that create chroot.

We want to create a container from this without doing docker import.

How can we do using umoci ?

I achieved to init and create an image but repack fail.

Thanks

[cyphar]

What error do you get from umoci repack?

Something like the following should work:

% umoci init --layout my-new-image # create new OCI layout
% umoci new --image my-new-image:tag # create a new OCI image
% sudo umoci unpack --image my-new-image:tag bundle # unpack the empty image to modify it
% sudo tar x -f some-rootfs.tar -C bundle/rootfs # or any other command you like
% sudo umoci repack --image my-new-image:tag bundle # update the image with a new layer based on the rootfs changes
% umoci config --image my-new-image:tag --whatever-you-want-to-configure # (optional) update the image configuration

You need to use sudo because the directory tree is owned by root by default. You can use --rootless for rootless unpacking but there are some downsides (the correct file owner is stored as an xattr so you need to use something like https://github.com/rootless-containers/PRoot to make sure changes to files owned by the rootfs are correctly stored).

---

I may have discovered a possible issue in how we handle ownership of files in the OCI layout -- if you use sudo to update the image then index.json (and presumably the blob files) are owned by root. This means that your umask might result in umoci creating files that only root can read after umoci repack, meaning that all future umoci operations need root (or you need to chown -R the layout directory).