The windows layer blobs have a different layout than the ones used in linux. For example, linux blobs directly contain the rootfs for the container while windows blobs have a structure like Files/*, Hives/*, UtilityVM with the Files directory containing the actual rootfs. Additionally, the records in the windows layer tarball need to contain specific PAX headers that are required for the files to be accessible from the container.
The current differ ignores that and hopes that it is compatible with the blob.
It would be good to detect the type of the layer on pull from the specified platform/image config and track it for the differ. Then the applier/differ could know what types of layers it is working on.
There is a basic implementation of this in moby/buildkit#510 but it requires wrapping of tar streams and duplicating some containerd code. It would be better if containerd could do it directly. Handling of the windows security descriptors could be made better as well by keeping these values in xattrs in linux. In buildkit this enables cross-platform builds from linux to windows.
@dmcgowan
The windows layer blobs have a different layout than the ones used in linux. For example, linux blobs directly contain the rootfs for the container while windows blobs have a structure like
Files/*,Hives/*,UtilityVMwith theFilesdirectory containing the actual rootfs. Additionally, the records in the windows layer tarball need to contain specific PAX headers that are required for the files to be accessible from the container.The current differ ignores that and hopes that it is compatible with the blob.
It would be good to detect the type of the layer on pull from the specified platform/image config and track it for the differ. Then the applier/differ could know what types of layers it is working on.
There is a basic implementation of this in moby/buildkit#510 but it requires wrapping of tar streams and duplicating some containerd code. It would be better if containerd could do it directly. Handling of the windows security descriptors could be made better as well by keeping these values in xattrs in linux. In buildkit this enables cross-platform builds from linux to windows.
@dmcgowan