Open wking opened 8 years ago
kunalkushwaha
commented
8 years ago +1 for config validation as part of internal tool.
I think, spawn a runtime subprocess may fail depends on how application/binary is packaged inside image. OCI spec can only ensure if packaging is done as per specs or not.
liangchenye
commented
8 years ago https://github.com/mrunalp/ocitools/pull/10 I've submitted a PR which is similar with Kunal's tool, the orignial source code is in oct/bundleValidator. Two differences: 1) Don't check the 'required' session The relevant code will be added when OCI has a protobuf defination. Or the checking of 'required' session will never work perfectly since some options are not 'pointer' now. 2) Put all the 'bundle validating' functions into one file. Thanks to 1), there will not be much 'bundle validating' work. So one file is enough in my understanding.
I'm not sure if it's in-scope for this repository (@kunalkushwaha's octool is the only one that claims config validation in opencontainers/specs, since opencontainers/specs#195), but #3 looks like it landed some code that is intended to validate configs. If it is in scope for this repo, I think we want the config validation to be completely internal, and not spawn a runtime subprocess as part of the test. So validation has two separate steps:
If both of those are true and solidly implemented, there's no need for an additional “is this config compatible with this runtime” check, and it's unclear who would be to blame if that check failed after the previous two succeeded.