Comments (5)
If you think with can replace docker/docker
with docker/distribution
dependency, we would be happy to make PRs that implement the required changes. WDYT?
from image.
just a quick reply w/o actually looking at the whole code I think this is reasonable if it can be done, ping @mtrmac
from image.
Hello,
containers/image imports
docker/docker
for thereference
package which is used for types of for reference parsing.docker/docker
is a quite big repository and would prefer to avoid having it as a dependency in GrootFS, which consumescontainers/image
.Would it be possible to use
docker/distribution
instead for the reference types/parsing?
Not trivially; we use the canonicalization facilities from docker/distribution
(FullName
and the effect of normalize
).
Of course this could be copy&pasted into this repo, at the risk of divergence.
But we explicitly went the other way in #32 , though there is little discussion about rationale in there.
Additionally, the Docker transport package seems to be doing all the requests to a Docker registry [3]. Could this behavior be delegated to
docker/distribution
?
That would probably be possible, I have no idea about the cost/benefit. To the extent the current code “works” (admittedly it’s not nearly as polished as docker/distribution
) I wasn’t personally motivated to change it, though that wouldn’t prevent accepting a PR of course.
In abstract the question is whether to import from external dependencies to avoid behavior divergence and effort duplication, or whether to copy&paste / reimplement to avoid breakage on API or behavior changes, and possibly to make it easier to change things. I don’t think we have a consistent answer to this trade-off, and the suggestion to avoid pulling in docker/reference
but to depend on docker/distribution
also shows that making a simple rule is difficult.
My personal preference would generally be towards using external dependencies and not duplicating the work, OTOH I haven’t been around docker/docker
long enough to know how painful it can be.
As a first impression, “docker/docker is a big git repo” seems a fairly weak reason to duplicate the docker/distribution
code; though it is unfortunate how the github.com/docker/docker/image/v1
reference in there pulls in much more than we really need.
@runcom , #32 was your PR originally. Any thoughts on that?
from image.
as you perfectly explained - even if docker is a big git repo, it is moving fast and we could lose bits (which could be bug fixes). So the rationale behind that PR was to avoid moving away from docker as it's not an issue to depend on them (unless of course you take into account the size of that repo)
from image.
Thanks @mtrmac and @runcom. Copying and pasting small chunks of code is usually better than a dependency, but I understand that in this case docker/docker/reference
provides us with canonicalization behaviour that we don't want to regress against.
On using docker/distribution
for the interaction with the registry, I am happy to know that you would consider a PR. The cost is certainly high and possibly higher than what we would be willing to pay for what we want to achieve currently. I will open a new issue soon to become more specific on that.
Thanks!
from image.
Related Issues (20)
- Docker client code can no longer talk to the latest verson of the docker daemon 25.0.0 HOT 5
- Allow empty OCI configs for artifacts HOT 9
- policy.json overwrite not honouring $XDG_CONFIG_HOME HOT 3
- Podman cannot pull image from local registry HOT 4
- copy.Options.EnsureCompressionVariantsExist doesn’t detect existing variants with zstd:chunked
- support multiple sigstore keys HOT 6
- How can I copy from a tar file stream HOT 7
- "slices" module only in go 1.21 HOT 1
- Cannot pull sigstore signed image with podman HOT 4
- Error inspecting local manifest-lists HOT 6
- platform.WantedPlatforms is noisy on macOS HOT 7
- Incorrect syntax highlighting in containers-transports.5
- Why do we get the whole image when inspect with docker daemon? HOT 2
- Support sigstore BYO PKI verification HOT 1
- Support more arbitrary credential helper executable names? HOT 4
- OCI image index loose the artifactType property on copy HOT 4
- zstd:chunked and layer encryption don’t make sense together HOT 3
- How to change the policy.json default path? HOT 1
- Mirrors are ignored when registry is blocked HOT 11
- Support Witnessing Sigstore Signing with a Timestamp Authority Server HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image.