Add some restriction to "org.opencontainers.ref.name"#591
Add some restriction to "org.opencontainers.ref.name"#591coolljt0725 wants to merge 1 commit intoopencontainers:masterfrom
Conversation
A common use case of `org.opencontainers.ref.name` is representing a `tag` for a container image. In docker, there is some restriction of the name see https://github.com/docker/docker/blob/master/vendor/github.com/docker/distribution/reference/regexp.go#L37. Without these restrictions, I'm afraid the tag of oci image is invalid for docker. These restrictions used to exist but removed in opencontainers#533. Signed-off-by: Lei Jitang <leijitang@huawei.com>
|
Cross-reference #581 (comment) |
| This index provides an established path (`/index.json`) to have an entry point for an image-layout and to discover auxiliary descriptors. | ||
|
|
||
| No semantic restriction is given for the "org.opencontainers.ref.name" annotation of descriptors. | ||
| The value of "org.opencontainers.ref.name" annotation is a string which MUST NOT include characters outside of the set of "A" to "Z", "a" to "z", "0" to "9", the hyphen `-`, the dot `.`, and the underscore `_`. |
There was a problem hiding this comment.
The original regexp also has some more constraints on corner-cases which are allowed by your wording:
- empty string
- arbitrarily-long string (> 128 chars)
- symbol-only string (eg.
..) - string starting with a symbol (eg.
.hidden)
|
I'm not sure this is always wanted though. It had been a request in the past for nested names, like including the "/" but not possible due to file names. It there are hard requirement for these restrictions? |
|
We'll have to rethink restrictions here. These were really to support mapping to arbitrary filesystems. We have a lot more options, now that this is just a json string. Recently, I have done some research in specification names in the context of containered. This format provides a superset of docker+rkt(based on examples) and is intended to be a lot less opinionated. It is based around schema-less URIs. Now, I am not suggesting we adopt this, but I think the approach of restricting this to the URI charset may be viable for this use case. |
|
|
|
Closing in favor of addressing full scope of problem in #599. |
Arises where a container is a composition of several containers. See Buildah issue opencontainers#591 specifically the current use case given in [comment](containers/buildah#591 (comment))
4 participants
A common use case of
org.opencontainers.ref.nameis representing a
tagfor a container image. In docker,there is some restriction of the tag see
https://github.com/docker/docker/blob/master/vendor/github.com/docker/distribution/reference/regexp.go#L37.
Without these restrictions, I'm afraid the tag of
oci image is invalid for docker. These restrictions used to exist but removed in
#533, removed it by accidents or by intention?
Signed-off-by: Lei Jitang leijitang@huawei.com
ping @stevvooe @vbatts