Some random musings on ostree vs OCI/Docker format
- From: Colin Walters <walters verbum org>
- To: ostree-list gnome org
- Subject: Some random musings on ostree vs OCI/Docker format
- Date: Tue, 09 Aug 2016 08:36:56 -0400
Since we've been using both ostree and docker/OCI in
Project Atomic, the format/management differences between the two
come up often. I added an entry about this in the docs even:
In some aspects, OSTree I think is better:
- git remote style model
- lossless unpack/reassemble ( tried and failed with Docker tarsum[1])
- meaningful commit checksums with gpg signatures
- Ability to do download + unpacking as streaming operations
One thing to note though is that for base OS trees, the content *has*
to be trusted since it runs as root. However, when looking at using OSTree
for container images, unlike the base OS case, we can't assume that the checksums
in the format are correct.
So currently, Flatpak is doing is forcing ostree to re-checksum. But if we're not
really trusting the format much, it seems the advantages of ostree as transport format
(as opposed to the tarballs underlying OCI/Docker) diminish.
However, we would clearly need to bring static deltas to
On the flip side though, I think there's a lot of interest in
using ostree's on-disk checksums for OCI images, and that's going
to continue.
So I see a few
[1] https://github.com/projectatomic/skopeo/issues/11
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]