|
|
|
|
|
|
by cyphar
3034 days ago
|
|
|
> It eschews docker, and Dockerfiles and their non-determinism, and builds the layers itself [...] But I suspect it's going to be painful doing things outside the mainstream supported stuff. This should not matter at all. The OCI specification provides an interoperable image format that doesn't care who built the image or how. Docker still doesn't support the OCI yet[1], but tools exist to do conversions[2]. To shamelessly plug my own projects, you can use umoci[3] as a completely unprivileged user to construct images (without using containers if you don't want to) and the resulting images are still usable with Docker (once you convert them from OCI images). This is how we build the official openSUSE images, and it doesn't affect any user of the images that we chose not to use Docker or Dockerfiles to build them. [1]: https://github.com/moby/moby/pull/33355
[2]: https://github.com/projectatomic/skopeo
[3]: https://github.com/openSUSE/umoci |
|
|
The OCI doesn't, but the build tool does care about how the image was built, because of reproducibility etc. But build tools will be able to leverage the kind of stuff you're doing, rather than doing it themselves (like Bazel does).
- umoci looks pretty cool, this is how things should have been done in the first place.