From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id 646CF1FF164
for <inbox@lore.proxmox.com>; Fri, 6 Jun 2025 15:19:13 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 7EEDFDA11;
Fri, 6 Jun 2025 15:19:32 +0200 (CEST)
Date: Fri, 06 Jun 2025 15:19:27 +0200
Message-Id: <DAFHB5URQE68.3T44S1XZRISVD@proxmox.com>
To: "Filip Schauer" <f.schauer@proxmox.com>
From: "Christoph Heiss" <c.heiss@proxmox.com>
Mime-Version: 1.0
X-Mailer: aerc 0.20.1
References: <20250520124257.165949-1-f.schauer@proxmox.com>
In-Reply-To: <20250520124257.165949-1-f.schauer@proxmox.com>
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.097 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish
KAM_SHORT 0.001 Use of a URL Shortener for very short URL
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [docker.io, config.pm, oci.rs, lxc.pm, proxmox.com, plugin.pm,
storage.pm, lib.rs, ghcr.io, debian.pm, crates.io]
Subject: Re: [pve-devel] [PATCH container/proxmox{,
-perl-rs}/storage 0/9] support OCI images as container templates
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Tested this series a bit using the
`docker.io/library/nginx:mainline-{alpine,bookworm}` images, pulled &
exported using `podman`.
Came across the same Problem as Michael, that for `podman save` the
`--format=oci-archive` is required. According to podman-save(1), the
default format is "docker-archive":
"A tar archive interoperable with docker load(1) (the default)"
Probably the old, Docker-specific image format version? Might make sense
to support that too, if it isn't too different.
The nginx image, both -alpine and -bookworm, fail to start with:
lxc-info: 103: ../src/lxc/af_unix.c: lxc_abstract_unix_recv_fds_iov: 218 Connection reset by peer - Failed to receive response
lxc-info: 103: ../src/lxc/commands.c: lxc_cmd_rsp_recv_fds: 128 Failed to receive file descriptors for command "get_init_pid"
Not sure what's going on there.
Tested further with `ghcr.io/dani-garcia/vaultwarden:1.34.1-alpine`,
that worked w/o problem, being able to access the application on port 80
afterwards.
---
Also, as talked off-list, I sent a debcargo-conf patch for packaging the
`oci-spec` crate [0]. This is only for Trixie (for now), as packaging
for Bookworm would require backporting some dependent crate updates. And
I'm not sure if it's worth seeing the upcoming Trixie release.
But building it on Bookworm also works if you build the `darling`,
`derive-builder`, `strsim` and `zstd-sys` crates too - YMMV tho :^)
[0] https://lore.proxmox.com/pve-devel/20250606103719.533030-2-c.heiss@proxmox.com/
On Tue May 20, 2025 at 2:42 PM CEST, Filip Schauer wrote:
> Add basic support for OCI (Open Container Initiative) images [0] as
> container templates.
>
> An OCI image can be for example obtained from Docker Hub:
>
> ```
> $ docker pull httpd
> $ docker save httpd > httpd.tar
> ```
>
> The tarball can be uploaded to a storage as a container template and
> then used during container creation. It is automatically detected that
> the container template is an OCI image. The resulting container still
> uses the existing LXC framework.
>
> # Dependencies:
>
> Since the `oci-spec` crate is not in any Debian repository at the time
> of writing, it needs to be downloaded from crates.io, in order to be
> able to build `proxmox-oci`.
>
> Here is a little script to download the `oci-spec` crate along with its
> dependencies:
>
> ```sh
> download_crate() {
> CRATE_NAME=$1
> CRATE_VERSION=$2
> CRATE_SHA256=$3
>
> wget https://crates.io/api/v1/crates/$CRATE_NAME/$CRATE_VERSION/download
>
> COMPUTED_SHA256=$(sha256sum download | awk '{ print $1 }')
> if [ "$COMPUTED_SHA256" != "$CRATE_SHA256" ]; then
> echo "Checksum mismatch"; exit 1
> fi
>
> tar -xf download
> rm download
> mv $CRATE_NAME-$CRATE_VERSION /usr/share/cargo/registry/
> echo "{\"package\":\"$CRATE_SHA256\",\"files\":{}}" > /usr/share/cargo/registry/$CRATE_NAME-$CRATE_VERSION/.cargo-checksum.json
> }
>
> download_crate strsim 0.11.1 7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f
> download_crate ident_case 1.0.1 b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39
> download_crate darling_macro 0.20.11 fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead
> download_crate darling_core 0.20.11 0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e
> download_crate darling 0.20.11 fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee
> download_crate proc-macro-error-attr2 2.0.0 96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5
> download_crate derive_builder_core 0.20.2 2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8
> download_crate thiserror-impl 2.0.0 22efd00f33f93fa62848a7cab956c3d38c8d43095efda1decfc2b3a5dc0b8972
> download_crate rustversion 1.0.20 eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2
> download_crate heck 0.5.0 2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea
> download_crate proc-macro-error2 2.0.1 11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802
> download_crate derive_builder_macro 0.20.2 ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c
> download_crate thiserror 2.0.0 15291287e9bff1bc6f9ff3409ed9af665bec7a5fc8ac079ea96be07bca0e2668
> download_crate strum_macros 0.27.1 c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8
> download_crate strum 0.27.1 f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32
> download_crate getset 0.1.5 f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe
> download_crate derive_builder 0.20.2 507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947
> download_crate oci-spec 0.8.1 57e9beda9d92fac7bf4904c34c83340ef1024159faee67179a04e0277523da33
> ```
>
> Since librust-oci-spec-dev is in the proxmox-oci/debian/control file, a
> dummy package needs to be installed, so dpkg-checkbuilddeps does not
> complain.
>
> dummy_librust_oci_spec.equivs:
>
> ```
> Package: librust-oci-spec-dev
> Version: 0.8.1
> Provides: librust-oci-spec-0.8+default-dev (= 0.8.1-1)
> ```
>
> ```
> $ equivs-build dummy_librust_oci_spec.equivs
> $ dpkg -i ./librust-oci-spec-dev_0.8.1_all.deb
> ```
>
> # Build & install order:
>
> 1. proxmox
> 2. proxmox-perl-rs
> 3. pve-container
> * pve-storage (no particular order there)
>
> [0] https://github.com/opencontainers/image-spec/blob/main/spec.md
>
> proxmox:
>
> Filip Schauer (1):
> add proxmox-oci crate
>
> Cargo.toml | 1 +
> proxmox-oci/Cargo.toml | 21 ++++
> proxmox-oci/debian/changelog | 5 +
> proxmox-oci/debian/control | 45 ++++++++
> proxmox-oci/debian/debcargo.toml | 7 ++
> proxmox-oci/src/lib.rs | 165 +++++++++++++++++++++++++++++
> proxmox-oci/src/oci_tar_image.rs | 173 +++++++++++++++++++++++++++++++
> 7 files changed, 417 insertions(+)
> create mode 100644 proxmox-oci/Cargo.toml
> create mode 100644 proxmox-oci/debian/changelog
> create mode 100644 proxmox-oci/debian/control
> create mode 100644 proxmox-oci/debian/debcargo.toml
> create mode 100644 proxmox-oci/src/lib.rs
> create mode 100644 proxmox-oci/src/oci_tar_image.rs
>
>
> proxmox-perl-rs:
>
> Filip Schauer (1):
> add Perl mapping for OCI container image parser
>
> pve-rs/Cargo.toml | 2 ++
> pve-rs/Makefile | 1 +
> pve-rs/src/lib.rs | 1 +
> pve-rs/src/oci.rs | 20 ++++++++++++++++++++
> 4 files changed, 24 insertions(+)
> create mode 100644 pve-rs/src/oci.rs
>
>
> pve-storage:
>
> Filip Schauer (1):
> allow .tar container templates
>
> src/PVE/Storage.pm | 2 +-
> src/PVE/Storage/Plugin.pm | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>
> pve-container:
>
> Filip Schauer (6):
> config: whitelist lxc.init.cwd
> add support for OCI images as container templates
> config: add entrypoint parameter
> configure static IP in LXC config for custom entrypoint
> setup: debian: create /etc/network path if missing
> manage DHCP for containers with custom entrypoint
>
> src/PVE/API2/LXC.pm | 53 ++++++++++++++++++++--
> src/PVE/LXC.pm | 88 ++++++++++++++++++++++++++++++++++---
> src/PVE/LXC/Config.pm | 19 +++++++-
> src/PVE/LXC/Setup/Debian.pm | 1 +
> 4 files changed, 152 insertions(+), 9 deletions(-)
>
>
> Summary over all repositories:
> 17 files changed, 595 insertions(+), 11 deletions(-)
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel