"Fossies" - the Fresh Open Source Software Archive

Member "buildah-1.27.2/docs/containertools/README.md" (20 Sep 2022, 6192 Bytes) of package /linux/misc/buildah-1.27.2.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.

Container Tools Guide


The purpose of this guide is to list a number of related Open-source projects that are available on GitHub.com that operate on Open Container Initiative (OCI) images and containers. This guide will give a high level explanation of the related container tools and will explain a bit on how they interact amongst each other.

The tools are:


The Buildah project provides a command line tool that be used to create an OCI or traditional Docker image format image and to then build a working container from the image. The container can be mounted and modified and then an image can be saved based on the updated container.


CRI-O Website

The CRI-O project provides an integration path between OCI conformant runtimes and kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of CRI-O is tied to the scope of the CRI.

At a high level CRI-O supports multiple image formats including the existing Docker image format, multiple means to download images including trust & image verification, container image and lifecycle management, monitoring, logging and resource isolation as required by CRI.


Podman allows for full management of a container's lifecycle from creation through removal. It supports multiple image formats including both the Docker and OCI image formats. Support for pods is provided allowing pods to manage groups of containers together. Podman also supports trust and image verification when pulling images along with resource isolation of containers and pods.


Skopeo is a command line tool that performs a variety of operations on container images and image repositories. Skopeo can work on either OCI or Docker images. Skopeo can be used to copy images from and to various container storage mechanisms including container registries. Skopeo also allows you to inspect an image showing its layers without requiring that the image be pulled. Skopeo also allows you to delete an image from a repository. When required by the repository, Skopeo can pass appropriate certificates and credentials for authentication.

Buildah and Podman relationship

Buildah and Podman are two complementary Open-source projects that are available on most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects differentiate in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build images, allowing people to build containers without requiring a Dockerfile. The intent with Buildah is to allow other scripting languages to build container images, without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify OCI images, such as pulling and tagging. It also allows you to create, run, and maintain containers created from those images.

A major difference between Podman and Buildah is their concept of a container. Podman allows users to create "traditional containers" where the intent of these containers is to be long lived. While Buildah containers are really just created to allow content to be added back to the container image. An easy way to think of it is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality. Because of this you cannot see Podman containers from within Buildah or vice versa.

In short Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands.

Some of the commands between the projects overlap:

In short Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands.