Create an OCI image from a snap

Continuing from this post.

What if we wanted to make a snap an OCI container image and use it that way? As we previously looked at in the simplest case a snap can be combined with its base snap and then we can use chroot and use the binaries in the root filesystem that way.

So let’s take that root filesystem we created previously and make an image out of it. For this we’re going to use buildah. So install it if you don’t already have it avaiable.

After that the first thing we want to do is get in a user namespace with modified ID mappings using the buildah unshare command. Then we’ll create an image from scratch and set a variable to that image’s name.

scratchcontainer=$(buildah from scratch)

Next we’ll mount that container and set a variable to the mounted location.

scratchmnt=$(buildah mount $scratchcontainer)

If you echo scratcmnt it should give you something like /home//.local/share/containers/storage/overlay/bdee3de153638c77da5bb0c096913ac0750400de7ec58a6c698f4d1a6ecec272/merged where <user> is your username.

Once we’ve done that we want to copy the contents of our combined snap directory from before to the mounted container location.

sudo cp -R $CHROOT_TEMP_DIR/* $scratchmnt

Let’s test curl now from the container.

buildah run $scratchcontainer /bin/curl

If we were successful you should see something like this:

curl: try 'curl --help' or 'curl --manual' for more information
error while running runtime: exit status 2

Let’s get the name of the contanier we are working on before we leave the usernamespace.

echo $scratchcontainer

We’ll use working-container as this name but use whatever was echoed above.

Now let’s exit the user namespace and run the command and get an actual file. We’ll get a temporary directory to mount inside the container to save the file into.

exit
$TEMPDIR=(mktemp -d)
buildah run -v $TEMPDIR:/content working-container /bin/curl https://home.futuretim.io/images/avatar2.jpg --output /content/avatar2.jpg

If that’s successful we should see the file in the temporary directory.

ls $TEMPDIR

Let’s commit our container to an image.

buildah commit working-container curl-snap

Now we should be able to see that image in our list.

buildah images ls

We should see that in our list.

REPOSITORY             TAG      IMAGE ID       CREATED          SIZE
localhost/curl-snap    latest   71864fadd82d   22 minutes ago   234 MB

Let’s test one more time and run it from the image.

CONTAINER=$(buildah from localhost/curl-snap)
buildah run -v $TEMPDIR:/content $CONTAINER /bin/curl https://home.futuretim.io/images/avatar2.jpg --output /content/avatar2-1.jpg

Check for the file.

ls $TEMPDIR

If we see avatar2-1.jpg it worked and we now have a working image. We can now push this image to a registry or use it locally with podman.

References Link to heading

Build a Container with Buildah Use Buildah to Build OCI Container Images