config: add support for org.opencontainers.image annotations

These annotations are specified as part of the official conversion process from an OCI image configuration to an OCI runtime configuration since v1.0.0-rc7 of the image-spec but they were never officially specified in the runtime-spec. The fact these are not allowed by the current runtime-spec causes some issues with inter-spec compatibility. In order for tools like umoci to be able to do this generation properly, we need to allow this namespace to be used. Ref: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/conversion.md Signed-off-by: Aleksa Sarai <[email protected]>
opencontainers · Apr 19, 2023 · 5dd51f0 · 5dd51f0
1 parent 5bc62f1
commit 5dd51f0
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/config.md b/config.md
@@ -648,7 +648,10 @@ If there are no annotations then this property MAY either be absent or an empty
 Keys MUST be strings.
 Keys MUST NOT be an empty string.
 Keys SHOULD be named using a reverse domain notation - e.g. `com.example.myKey`.
-Keys using the `org.opencontainers` namespace are reserved and MUST NOT be used by subsequent specifications.
+The following restrictions apply to keys using the `org.opencontainers` namespace:
+* All keys in the `org.opencontainers.image` namespace MUST be used as defined by the [OCI image specification runtime conversion specification][oci-image-conversion].
+* All keys in the `org.opencontainers.image` namespace SHOULD only be used when a OCI runtime configuration is being generated from an OCI image [in accordance with the OCI image specification][oci-image-conversion].
+* All other keys in the `org.opencontainers` namespace not specified in this list are reserved and MUST NOT be used by subsequent specifications.
 Runtimes MUST handle unknown annotation keys like any other [unknown property](#extensibility).
 
 Values MUST be strings.
@@ -1074,6 +1077,7 @@ Here is a full example `config.json` for reference.
 [ieee-1003.1-2008-xbd-c8.1]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_01
 [ieee-1003.1-2008-functions-exec]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
 [naming-a-volume]: https://aka.ms/nb3hqb
+[oci-image-conversion]: https://github.com/opencontainers/image-spec/blob/main/conversion.md
 
 [capabilities.7]: http://man7.org/linux/man-pages/man7/capabilities.7.html
 [mount.2]: http://man7.org/linux/man-pages/man2/mount.2.html