The goal is to outline a set of guidelines to improve the console output of the ORAS CLI. This uses the copy command cp as an example to call out issues. Refer CLI Output Proposal for COPY with referrers Framework : Default OutputUseful Concise Human readable

Problem The industry does not have a standard mechanism to patch an image. Tags are commonly used to help identify if an image is patchable or not. The issue is that this is left to the user to interpret that a tag has been updated or that there is a new version of a given image. For workflow and consuming this refer - Container Patching Workflow for Azure.docx Goal The goal is to propose a manifest to define if an image has a patch that can be applied and how runtimes and builders of the image may consume these patches. The following IANA type should be registered to indicate the details of a patch document and clients may acquire the details of the patch using this mediaType that would be the value in the “artifactType” field in the OCI Artifact Manifest. ArtifactType "applciation/vnd.oci.image.patch.v1+json"

Follow guidance from CLI Output Proposal for ORAS CLI THe above document calls out the general problems with copy. Below I try to outline the possible set of improvements. This is non trivial to implement and requires terminal manipulation to obtain things like progress which oras already supports. The command below shows how a set of artifacts can be copied. We should consider if ~ oras copy -r $IMAGE registry.twnt.co/copy-testimage:latest Starting copy... Copying [registry] ghcr.io/toddysm/cssc-pipeline/copy-testimage:latest => [registry] registry.twnt.co/copy-testimage:latest

The content is fully offline before the signature can be produced. The signature may be done using notation plugins or other configuration as need for local keys or using a remote signing service. Here we use an example dockerfile below to build an offline archive that can be signed before pushing to the registry. FROM alpine:latest RUN apk update && \ apk add --update curl && \ rm -rf /var/cache/apk/*