orca-build
allows you to build OCI images from a Dockerfile
or Orcafile
. It
doesn't require a daemon or root privileges to operate. It is a fairly small
Python wrapper around the following projects (which are obviously requirements
to use orca-build
):
This was a SUSE Hackweek project and is mainly intended to be a simple tool for users that might want to create images as a rootless user, or to play around with a simple PoC of how various OCI technologies can interact with each other.
The usage is kinda like docker build
. You provide it a build context that
contains a Dockerfile
and orca-build
does the rest. I plan to add support for
some more of the docker build
flags in the near future, but at the moment it
works pretty well.
usage: orca-build [-h] [--clean] [--gc] [--output OUTPUT] [--verbose]
[--rootless] [--build-arg NAME=value] [-t TAGS]
ctx
Build an OCI image from a Dockerfile context. Rootless containers are also
supported out-of-the-box.
positional arguments:
ctx Build context which is used when referencing host
files. Files outside the build context cannot be
accessed by the build script.
optional arguments:
-h, --help show this help message and exit
--clean Remove all intermediate image tags after successful
build.
--gc Run a final garbage collection on output image.
--output OUTPUT Path of OCI image to output to (if unspecified, a new
image is created in /tmp).
--verbose Output debugging information.
--rootless Enable rootless containers mode.
--build-arg NAME=value
Build-time arguments used in conjunction with ARG.
-t TAGS, --tag TAGS Tag(s) of the output image (by default, randomly
generated).
Here's an example session of building a standard Dockerfile
:
% orca-build -t some-tag .
orca-build[INFO] BUILD[1 of 2]: from ['opensuse/amd64:42.2'] [json=False]
orca-build[INFO] Created new image for build: /tmp/orca-build.r2xp0v8h
---> [skopeo]
Getting image source signatures
Copying blob sha256:ed6542b73fb1330e3eee8294a805b9a231e30b3efa71390f938ce89f210db860
47.09 MB / 47.09 MB [=========================================================]
Copying config sha256:56fae18e2688b7d7caf2dd39960f0e6fda4383c174926e2ee47128f29de066cf
0 B / 805 B [-----------------------------------------------------------------]
Writing manifest to image destination
Storing signatures
<--- [skopeo]
orca-build[INFO] BUILD[2 of 2]: run ['echo', 'Hello orca-build!', '&&', 'cat', '/etc/os-release'] [json=False]
---> [umoci]
<--- [umoci]
---> [runc]
Hello orca-build!
NAME="openSUSE Leap"
VERSION="42.2"
ID=opensuse
ID_LIKE="suse"
VERSION_ID="42.2"
PRETTY_NAME="openSUSE Leap 42.2"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:42.2"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
<--- [runc]
---> [umoci]
<--- [umoci]
orca-build[INFO] BUILD: finished
---> [umoci]
<--- [umoci]
orca-build[INFO] BUILD: created tags ['some-tag']
I don't know how to do the whole "installation" thing with Python, so here's
how you install orca-build
. It only depends on the standard library (and
having the above tools in your $PATH
).
% sudo make install
If you want to make sure that umoci
, skopeo
and runc
will play nicely
together, you can use make check
. It will attempt to run through a trivial
usage of rootless containers with the tools above. If this fails, update your
installation accordingly. This tweaking should not be necessary in future
versions.
% make check
I've only tested it with Python 3.6, but it should work with most modern Python 3 versions.
orca-build
is licensed under the terms of the GPLv3 (or later).
orca-build: container image builder
Copyright (C) 2017 SUSE LLC
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.