Updated
over 1 year
ago.
3 hacker ♥️.
3 followers.
Project Description
This is a continuation of last year project: trying to move more components from MicroOS Desktop from the hostOS to container.
Goal for this Hackweek
- investigate issues in gdm container ( https://github.com/fcrozat/gdm-container ) when installed on bare system
- test flatpak builds on OBS
- test flatpak shipped as OCI container
- continue my quest to move more "desktop like" workload into containers, such as rclone / restic ( https://github.com/fcrozat/rclone-container )
Looking for hackers with the skills:
This project is part of:
Hack Week 21
Activity
Comments
-
over 1 year ago by fcrozat | Reply
State of the Art regarding Flatpak and OCI containers:
- Flatpak can be distributed two ways:
- as ostree directly
- as ostree but bundled into OCI containers
- For building flatpak as OCI:
- you need a local build stored as ostree (usually done using flatpak build)
- local ostree is bundled as OCI tarball using "flatpak build-bundle --oci" (option --runtime to create runtime flatpak)
- Fedora has created some tooling around this https://pagure.io/flatpak-module-tools but they are relying on Fedora Modularity
- additional Fedora documentation: https://docs.fedoraproject.org/en-US/flatpak/tutorial/
- caveat of using OCI for flatpak:
- download size when upgrading: https://groups.google.com/a/opencontainers.org/g/dev/c/daBUKI3KkRk/m/Gb2tFXMGAQAJ
- GPG signature not implemented for containers: https://github.com/flatpak/flatpak/blob/4247e61fbe8ffc9f6b095240159f53f73568378c/app/flatpak-builtins-remote-add.c#L348-L351
- cosign not implemented
- currently, distributing flatpak using OCI registry requiring additional http(s) server to provide index of all flatpak available on the repository:
- this is why the uri used for those is oci+http or oci+https
- this customization doesn't make easy to publish flatpak on any random OCI registry
- this customization is badly documented (or at least, difficult to find online):
- some discussions were done at opencontainer level : https://groups.google.com/a/opencontainers.org/g/dev/c/ehjHDL4uPJE?pli=1
- there is a blog post at https://opencontainers.org/posts/blog/2018-11-07-bringing-oci-images-to-the-desktop-with-flatpak/
- the protocol is https://github.com/owtaylor/flagstate/blob/master/docs/protocol.md
- initial implementation at https://github.com/owtaylor/flagstate/
- production implementation for the indexer is https://github.com/owtaylor/flatpak-indexer but is RH infrastructure specific
- End results is visible at https://registry.fedoraproject.org/static/ (corresponding to oci+https://registry.fedoraproject.org/ )
- some people were able to "duplicate" this using github workflow : https://github.com/TheEvilSkeleton/flatpak-remote
- the static page part is at https://github.com/TheEvilSkeleton/flatpak-remote/blob/main/.github/workflows/flatpak.yml#L148=
- As this requires custom development to get this working with our infrastructure, it makes no sense to invest supporting oci+https
- upstream has a issue opened to switch to "pure" OCI registry:
- https://github.com/flatpak/flatpak/issues/4744
- this is a new feature request upstream and it still at discussion phase. We should participate actively (contribute ideas or even code) if we want to switch to Flatpak over OCI
- On OCI front, there is not support for a search api (see https://github.com/distribution/distribution/issues/206 and https://github.com/opencontainers/distribution-spec/issues/71 ) but I might have missed some upstream discussions. We should ask our OCI specialists at SUSE. There was a proposal for a _catalog api but it was dropped https://github.com/opencontainers/distribution-spec/issues/22
- Flatpak can be distributed two ways:
-
Similar Projects
Package MONAI Machine Learning Models for Medical Applications by jordimassaguerpla
Project Description
MONAI Deploy aims to ...
Building a container bootloader by flonnegren
[comment]: # (Please use the project descriptio...
Forklift - Text based GUI utility for dealing with containers by andreabenini
[comment]: # (Please use the project descriptio...
Predefined app security policy template for NeuVector by feih
Project Description
Idea is to predefin...
Exploring DPDK within containers by paolodepa
Project Description
Containerization is h...
Rebasing of the current MicroOS installation by epaolantonio
[comment]: # (Please use the project descriptio...