singularity icon indicating copy to clipboard operation
singularity copied to clipboard
verified publisher icon sylabs

singularity build --oci doesn't support URI targets

Open nathanweeks opened this issue 11 months ago • 2 comments

Before you report an issue...

Only issues that can be replicated on the latest release, or development branch, of SingularityCE will be investigated and fixed. The open source project does not maintain long-term stable branches or fix bugs in prior versions. If you require LTS support then please see the Sylabs website.

Version of Singularity

What version of Singularity are you using? Run:

$ singularity --version
singularity-ce version 4.2.2-1.el8

Describe the bug

singularity build --oci doesn't support URI targets, unlike singularity shell --oci, singularity pull --oci, or singularity build (without --oci)

To Reproduce

$ singularity build --oci ubuntu.oci.sif docker://docker.io/library/ubuntu
INFO:    Did not find usable system buildkitd daemon. Starting built-in singularity-buildkitd.
WARN[0000] git source cannot be enabled: failed to find git binary: exec: "git": executable file not found in $PATH 
INFO:    singularity-buildkitd: running server on /run/user/1000/singularity-buildkitd/singularity-buildkitd-16888.sock
[+] Building 0.0s (0/0)                                                                                                                                                      
INFO:    Terminating singularity-buildkitd (PID 16910)
FATAL:   while building from dockerfile: resolve : lstat docker:: no such file or directory

Expected behavior

I would expect "ubuntu.oci.sif" to be created, as with with an regular SIF if --oci is omitted:

$ singularity build ubuntu.sif docker://docker.io/library/ubuntu
INFO:    Starting build...
INFO:    Fetching OCI image...
28.4MiB / 28.4MiB [========================================================] 100 %0s
INFO:    Extracting OCI image...
INFO:    Inserting Singularity configuration...
INFO:    Creating SIF file...
INFO:    Build complete: ubuntu.sif

OS / Linux Distribution

Which Linux distribution are you using? Is it up-to-date?

$ cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.10 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.10 (Green Obsidian)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2029-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-8"
ROCKY_SUPPORT_PRODUCT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"

Installation Method

RPM from EPEL

Additional context

nathanweeks avatar Jan 16 '25 23:01 nathanweeks

There's a bit of history around 'pull' vs 'build' here...

Back in the mists of time it was deemed for a while that 'pull' inferred a container image was going to be fetched as-is, while 'build' inferred a container was being (re)-constructed.

Singularity's native images are not OCI images. If you are not using --oci mode then you never really fetch an OCI image as-is. You are re-constructing, or building from, an OCI image into a singularity image. So... you can't technically 'pull' a docker:// container to a native SIF file as-is.

However... this distinction is a bit subtle and somewhat confusing for users who assume a Singularity version of docker://alpine should be able to be pull-ed as-is. As a consequence, pull and build were effectively aliased with eachother (for the URI case), so... you can build and pull from any of the URI sources into a native mode SIF. Sometimes things are a true as-is fetch of an image. Sometimes a singularity image is being created/built from an OCI image.

With the new OCI-mode we chose to go back to the distinction between buildand pull, partly to follow the CLI of other OCI runtimes... docker, podman etc. You pull an existing OCI container without change. You build a container to construct it from a Dockerfile.

The error message does need to be improved, where you attempt to specify a URI. But the overall behavior is as intended.

dtrudg avatar Jan 28 '25 17:01 dtrudg

That makes sense---thanks for the historical context. I agree that improving the error message (and perhaps clarifying the singularity build --help output?) should help resolve any user confusion regarding the semantics of singularity build with and without --oci in this case.

nathanweeks avatar Jan 28 '25 18:01 nathanweeks