Support images without tags

[amluto]

podman save --format=oci-dir does not appear to produce an org.opencontainers.image.ref.name annotation in index.json, but it does produce a "config" with the same hash that it uses through the podman CLI to refer to the image.

It would be nice if umoci had some way to list configs in the image and to unpack an OCI dir produced by podman. If I hack up index.json to have a ref.name, then umoci seem to be able to use it, but I don't see any way to do this using umoci without manually editing index.json.

I could imagine umoci tag gaining functionality for this or for the --image parameter to more generally gain the ability to refer to untagged images.

[cyphar]

What should the format look like? --image foo@sha256:...?

For operations that just take a tag, I suspect we will need to be careful to not make it impossible to create valid tags. I guess we would use a character not allowed to be in tags per the spec.

The operations that "update" images (repack, config, insert) will also need to have a way to provide the user the new hash (we cannot update the old tag if you are providing the has specifically).

[amluto]

I'm wondering if this is less important than I imagined, given the response to my bug against podman. I'm going to try to get podman's documentation improved.

Maybe no competent tool actually generates these problematic OCI structures.

[tych0]

Yeah, IMO it is kind of strange to generate an image without a top level tag.

[cyphar]

I think it would be useful to be able to specify the hash of the manifest to deal with those kinds of problematic images, but we would need to make sure that trying to do umoci repack (and similar operations) would fail unless you specify --tag. I don't think it'll be useful for most regular users though (in theory it would be useful for pinning hashes, but you can do that when pulling as well).