dockerTools: support nix2container format

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

17.81k stars 13.91k forks source link

dockerTools: support nix2container format #175486

Open roberth opened 2 years ago

roberth commented 2 years ago

Project description

nix2container uses a custom format to represent images, similar to what streamLayeredImage does internally, and it goes a step further by integrating this format into container tooling (custom skopeo plugin) to further optimize loading and uploading.

Let's support this format in dockerTools!

streamLayeredImage was introduced in https://github.com/NixOS/nixpkgs/pull/91084

Metadata

homepage URL:
source URL:
license: mit, bsd, gpl2+ , ...
platforms: unix, linux, darwin, ...

roberth commented 2 years ago

@purcell As the author of streamLayeredImage, would you be interested in optimizing it further by adding nix2container support?

purcell commented 2 years ago

Hey, thanks so much for tagging me in — I'd be keen to see this happen, but I'm currently going to struggle to find time to help with it myself sorry.

terlar commented 3 months ago

This would be really good, I haven't looked into the details. But would be nice to have this as part of the native nixpkgs tooling.

Is it mainly about supporting the manifest/skopeo integration or do we want to go deeper and support the layering functionality that is supported in nix2container? I am currently using that and it is pretty neat.

terlar commented 3 months ago

Not the same format, but it was possible to use the streamLayeredImage output with skopeo like this:

./result | gzip -1 | skopeo --insecure-policy copy docker-archive:/dev/stdin containers-storage:xyz:123

Since that is supported the destination could be anything that skopeo supports. I am not sure about the performance of this yet though.

So would the plan be to create a patched skopeo in nixpkgs and then also support outputting in this format?

roberth commented 3 months ago

I think it could work like this:

streamLayeredImage produces a standards conforming image
dockerTools always produces a nix2container image internally
we have a new function or parameter to build the nix2container image only

This lets us get rid of some custom bash as well as the stream_layered_image.py script. (I'm sure skopeo is at least as efficient, as that's part of the nix2container story anyway.)

IIRC the nix2container format is distinct but probably equivalent to the json we produce internally as input to the streamLayeredImage program:

https://github.com/NixOS/nixpkgs/blob/df65e2fcb429878917940c7d21dd4695836eb04c/pkgs/build-support/docker/default.nix#L1074