compose: Add support for specifying image config

This adds generic support for specifying image configuration. Closes: coreos#4701
cgwalters · Nov 28, 2023 · a60e07f · a60e07f
1 parent dc4e866
commit a60e07f
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/rust/src/compose.rs b/rust/src/compose.rs
@@ -114,6 +114,11 @@ struct Opt {
     #[clap(name = "label", long, short)]
     labels: Vec<String>,
 
+    /// Path to container image configuration in JSON format.  This is the `config`
+    /// field of https://github.com/opencontainers/image-spec/blob/main/config.md
+    #[clap(long)]
+    image_config: Option<Utf8PathBuf>,
+
     #[clap(long, value_parser)]
     /// Update the timestamp or create this file on changes
     touch_if_changed: Option<Utf8PathBuf>,
@@ -322,6 +327,7 @@ pub(crate) fn compose_image(args: Vec<String>) -> CxxResult<()> {
         .args(&["compose", "container-encapsulate"])
         .args(label_args)
         .args(previous_arg)
+        .args(opt.image_config.map(|v| format!("--image-config={v}")))
         .args(&[
             "--repo",
             repo.as_str(),

diff --git a/rust/src/container.rs b/rust/src/container.rs
@@ -3,6 +3,8 @@
 // SPDX-License-Identifier: Apache-2.0 OR MIT
 
 use std::collections::{BTreeMap, HashMap, HashSet};
+use std::fs::File;
+use std::io::BufReader;
 use std::num::NonZeroU32;
 use std::process::Command;
 use std::rc::Rc;
@@ -45,6 +47,11 @@ struct ContainerEncapsulateOpts {
     #[clap(name = "label", long, short)]
     labels: Vec<String>,
 
+    /// Path to container image configuration in JSON format.  This is the `config`
+    /// field of https://github.com/opencontainers/image-spec/blob/main/config.md
+    #[clap(long)]
+    image_config: Option<Utf8PathBuf>,
+
     /// Propagate an OSTree commit metadata key to container label
     #[clap(name = "copymeta", long)]
     copy_meta_keys: Vec<String>,
@@ -449,6 +456,11 @@ pub fn container_encapsulate(args: Vec<String>) -> CxxResult<()> {
     opts.max_layers = opt.max_layers;
     opts.prior_build = package_structure.as_ref();
     opts.contentmeta = Some(&meta);
+    if let Some(config_path) = opt.image_config.as_deref() {
+        let config = serde_json::from_reader(File::open(config_path).map(BufReader::new)?)
+            .map_err(anyhow::Error::msg)?;
+        opts.container_config = Some(config);
+    }
     let handle = tokio::runtime::Handle::current();
     let digest = progress_task("Generating container image", || {
         handle.block_on(async {

diff --git a/tests/encapsulate.sh b/tests/encapsulate.sh
@@ -16,11 +16,24 @@ cat /etc/ostree/remotes.d/fedora.conf >> repo/config
 ostree container unencapsulate --write-ref=testref --repo=repo ostree-remote-registry:fedora:$container
 # Re-pack it as a (chunked) container
 
+cat > config.json << 'EOF'
+{
+    "Env": [
+      "container=oci"
+    ],
+    "Labels": {
+      "usage": "Do not use directly. Use as a base image for daemons. Install chosen packages and 'systemctl enable' them."
+    },
+    "StopSignal": "SIGRTMIN+3"
+}
+EOF
+
 rpm-ostree compose container-encapsulate --repo=repo \
+    --image-config=config.json \
     --label=foo=bar --label baz=blah --copymeta-opt fedora-coreos.stream --copymeta-opt nonexistent.key \
     testref oci:test.oci
 skopeo inspect oci:test.oci | jq -r .Labels > labels.json
-for label in foo baz 'fedora-coreos.stream'; do 
+for label in foo baz 'fedora-coreos.stream' usage; do 
     jq -re ".\"${label}\"" < labels.json
 done
 echo ok