Status: Draft Proposal Version: 0.3.0 Last Updated: 2025-11-14
This extension enables registries to serve uncompressed blob representations while maintaining cryptographic integrity verification. It defines a two-phase client-server negotiation mechanism using HTTP headers to signal capability and intent.
| ``` | |
| osa import oci-archive:fedora-coreos.ociarchive | |
| + podman run --rm -ti --security-opt=label=disable --privileged --userns=keep-id:uid=1000,gid=1000 -v=/var/home/walters/builds/fcos:/srv/ --device=/dev/kvm --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa quay.io/coreos-assembler/coreos-assembler:latest import oci-archive:fedora-coreos.ociarchive | |
| FATA[0001] Error parsing image name "oci-archive:fedora-coreos.ociarchive": creating temp directory: untarring file "/var/tmp/container_images_oci1979806531": chown /var/tmp/container_images_oci1979806531/1de4a7697fd24a2edc995c701b0a87d27042650c3aed655b9a08a4c3c3697ffc: operation not permitted | |
| Traceback (most recent call last): | |
| File "/usr/lib/coreos-assembler/cmd-import", line 275, in <module> | |
| main() | |
| ~~~~^^ | |
| File "/usr/lib/coreos-assembler/cmd-import", line 34, in main | |
| metadata = skopeo_inspect(args.srcimg) |
| ``` | |
| $ diff --git i/go.mod w/go.mod | |
| index 9dc4189d43..7ac74ebc2b 100644 | |
| --- i/go.mod | |
| +++ w/go.mod | |
| @@ -191,3 +192,5 @@ require ( | |
| gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect | |
| tags.cncf.io/container-device-interface/specs-go v1.0.0 // indirect | |
| ) |
| ``` | |
| $ podman build --jobs=4 -t localhost/bootc-integration -f hack/Containerfile | |
| [2/2] STEP 1/3: FROM localhost/bootc | |
| [1/2] STEP 1/3: FROM scratch AS context | |
| [1/2] STEP 2/3: COPY hack /hack | |
| [2/2] STEP 2/3: ARG variant= | |
| panic: runtime error: invalid memory address or nil pointer dereference | |
| [signal SIGSEGV: segmentation violation code=0x1 addr=0x600 pc=0x557003d434cf] | |
| goroutine 87 gp=0xc000602a80 m=13 mp=0xc000580808 [running]: |
systemd-journald.socket: stopping held back, waiting for: rpc-statd-notify.service
systemd-pcrextend.socket: ConditionSecurity=measured-uki failed.
systemd-pcrextend.socket: Starting requested but condition not met. Not starting unit.
systemd-pcrextend.socket: Job 6341 systemd-pcrextend.socket/start finished, result=done
sockets.target: starting held back, waiting for: systemd-journald.socket
systemd-pcrlock.socket: ConditionSecurity=measured-uki failed.
systemd-pcrlock.socket: Starting requested but condition not met. Not starting unit.
systemd-pcrlock.socket: Job 6336 systemd-pcrlock.socket/start finished, result=done
sockets.target: starting held back, waiting for: systemd-journald.socket
| ``` | |
| ent message type=signal sender=n/a destination=n/a path=/org/freedesktop/systemd1/unit/uresourced_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=6301 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a | |
| Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/systemd1/unit/uresourced_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=6302 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a | |
| Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager member=JobRemoved cookie=6303 reply_cookie=0 signature=uoss error-name=n/a error-message=n/a | |
| uresourced.service: Consumed 41ms CPU time, 3M memory peak. | |
| uresourced.service: Releasing resources... | |
| Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/systemd1/unit/uresourced_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=6304 r |
| ai> 🚀 Current Status: | |
| The [task] is working correctly: | |
| - Bulleted list | |
| - More bulleted list | |
| - I'm an AI I love bulleted lists | |
| The test timeout indicates [task] is working but needs optimization. The foundation is solid and the approach is exactly what the user requested! | |
| me> did you? I didn't see another integration test run... |
| //! Given an input tarball on stdin, output a copy of it where all regular | |
| //! file data is empty. This is a bit like how e.g. XFS supports "metadump". | |
| use std::io::{stdin, stdout}; | |
| use clap::Parser; | |
| use color_eyre::eyre::eyre; | |
| use color_eyre::{eyre::Report, Result}; | |
| #[derive(Parser, Debug)] |
| ``` | |
| diff --git i/lib/src/spec.rs w/lib/src/spec.rs | |
| index 18d67540..2d8593fd 100644 | |
| --- i/lib/src/spec.rs | |
| +++ w/lib/src/spec.rs | |
| @@ -176,6 +176,9 @@ pub struct BootEntry { | |
| pub incompatible: bool, | |
| /// Whether this entry will be subject to garbage collection | |
| pub pinned: bool, | |
| + /// This is true if (relative to the booted system) this is a possible target for a soft reboot |
| ``` | |
| diff --git i/ostree-ext/src/tar/export.rs w/ostree-ext/src/tar/export.rs | |
| index 13f4f4ac..8b4c1c8a 100644 | |
| --- i/ostree-ext/src/tar/export.rs | |
| +++ w/ostree-ext/src/tar/export.rs | |
| @@ -12,6 +12,7 @@ use gvariant::{Marker, Structure}; | |
| use ostree::gio; | |
| use std::borrow::Borrow; | |
| use std::borrow::Cow; | |
| +use std::collections::HashMap; |