Akihiro Suda
Akihiro Suda
Moving to v1.2 milestone
crun now supports "idmap" mount option https://github.com/containers/crun/commit/827b8731899d4febea3f27907bcde5e6065bb65b
Another option is to encode immutability into the “query” part of the ref string rather than into the tag, e.g., `docker.io/library/golang:1.23.4?immutable=1` https://github.com/opencontainers/distribution-spec/pull/320#issuecomment-1165639590
> A NAR archive is a completely reproducible TAR variant But `+gzip` might not be reproducible, right? We probably want to have a reproducible compression format before bringing NAR into...
> NixOS sets `GZIP="-n"` to make sure that gzip files are reproducible. Yes, but this requires the specific version of GNU gzip (and maybe the specific host CPU and `--configure`...
@sudo-bmitch: https://github.com/opencontainers/image-spec/issues/922#issuecomment-1147320966 > Unfortunately the CAS design of registries is based on the data in transit (typically compressed). We've looked at how that would be considered a storage and transit...
I can repro this, but only with the `native` snapshotter. ```console $ sudo nerdctl --snapshotter=native pull docker.io/weaveworks/weave-npc:2.8.1 docker.io/weaveworks/weave-npc:2.8.1: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:38d3e30a97a2260558f8deb0fc4c079442f7347f27c86660dbfc8ca91674f14c: exists |++++++++++++++++++++++++++++++++++++++| manifest-sha256:2be329164796241e72c530c4c8df5faf4e82fead28372a8cdbb651e74d4dba0a: exists |++++++++++++++++++++++++++++++++++++++| config-sha256:7f92d556d4ffebe2ba6d02872c2faa9a35ece816f6ca8ccfe5104dcb0a3fc063: exists |++++++++++++++++++++++++++++++++++++++| layer-sha256:ea9253f032e295b6dbeb7e688e928e74e78d8ac7995c9590e8af0a99034f978f:...
ctr (v1.6.6) has the same issue ```console $ sudo ctr images pull --snapshotter=native docker.io/weaveworks/weave-npc:2.8.1 docker.io/weaveworks/weave-npc:2.8.1: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:38d3e30a97a2260558f8deb0fc4c079442f7347f27c86660dbfc8ca91674f14c: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:2be329164796241e72c530c4c8df5faf4e82fead28372a8cdbb651e74d4dba0a: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:ea9253f032e295b6dbeb7e688e928e74e78d8ac7995c9590e8af0a99034f978f: done |++++++++++++++++++++++++++++++++++++++| config-sha256:7f92d556d4ffebe2ba6d02872c2faa9a35ece816f6ca8ccfe5104dcb0a3fc063: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:21c83c5242199776c232920ddb58cfa2a46b17e42ed831ca9001c8dbc532d22d:...
> Do you know why does Kubespary use Nerdctl with native Idk, perhaps misunderstanding of "native"
@kolyshkin PTAL