skopeo icon indicating copy to clipboard operation
skopeo copied to clipboard
verified publisher icon containers

Speculative: Make it easier to run Skopeo as a container

Open mtrmac opened this issue 5 years ago • 6 comments

Skopeo (and c/image it wraps) is currently configured as a traditional UNIX application — with various files in /etc and the users’ home directory.

This makes it operationally difficult to package Skopeo as a container; mounting all the various configuration into a container as a volume is a lot of error-prone work. Also, things like podman login (skopeo login?) are inherently stateful and don’t make sense in an one-shot container without taking care to maintain the credentials across container runs.

Consider some way of consolidating most the necessary configuration, into a single directory (single file?), + somehow dealing with credentials.

The bulk of that work would probably have to happen in c/image, maybe enhancing types.SystemContext to ship the configuration (instead of frequently only paths to it). [That would also be useful for using c/image features in other library code which has the data in Go data structures and doesn’t really want to deal with temporary configuration files). Or allowing everything in c/image to be configured via a single configuration file (part of a larger configuration file?).

(See also https://github.com/containers/common/blob/master/docs/containers.conf.5.md , although there seems to be very little in common with c/image configuration.)

mtrmac avatar Mar 13 '20 20:03 mtrmac

With the work that @QiWang19 has done to support rootless skopeo, we should be most of the way there. But will this work correctly for a root running container? IE Can we get podman login to write to $HOME directly, and read registries.conf in $HOME, what about certificates?

rhatdan avatar Oct 08 '20 14:10 rhatdan

@rhatdan this has very little to do with not requiring root; it’s about having so many different configuration files.

mtrmac avatar Oct 08 '20 19:10 mtrmac

My question is,whether we could volume mount in one directory and handle the situation. IE You always vendor in the $home/.config/containers directory. The question about root, was whether this works for a root user, IE does skopeo pay attention to the $home/.config/containers directory when run by the root user?

rhatdan avatar Oct 09 '20 11:10 rhatdan

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Jun 05 '21 00:06 github-actions[bot]

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Apr 22 '22 00:04 github-actions[bot]