Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

image history concepts doc #55

Merged
merged 7 commits into from
Jan 13, 2025
Merged

image history concepts doc #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4a44dd6
image history concepts doc
amritakohli Dec 23, 2024
b165d61
opt out
amritakohli Dec 23, 2024
8cf7804
Merge branch 'main' into user/amritakohli/docsimagehistory
amritakohli Dec 27, 2024
536ee43
Merge branch 'main' into user/amritakohli/docsimagehistory
amritakohli Jan 6, 2025
96b7ec4
Merge branch 'main' into user/amritakohli/docsimagehistory
amritakohli Jan 13, 2025
10aa9f0
feedback
amritakohli Jan 13, 2025
425fe76
array
amritakohli Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/_data/navigation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@
link: "/azure-linux-image-tools/imagecustomizer/concepts/pxe"
- name: Verity
link: "/azure-linux-image-tools/imagecustomizer/concepts/verity"
- name: Image History
link: "/azure-linux-image-tools/imagecustomizer/concepts/imagehistory"
- name: How-To
subnav:
- name: Running in a container
Expand Down
2 changes: 2 additions & 0 deletions docs/imagecustomizer/api/configuration/os.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,8 @@ Options for configuring image history.

Set value to `none` to disable.

To learn more about image history, refer to the [Image History Concept](../../concepts/imagehistory.md) documentation.

```yaml
os:
imageHistory: none
Expand Down
136 changes: 136 additions & 0 deletions docs/imagecustomizer/concepts/imagehistory.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
# Image History
amritakohli marked this conversation as resolved.
Show resolved Hide resolved

The Image History feature records the customization history of images in a
structured JSON format. It enables users to:

- Trace the lineage of customized images.
- Verify input integrity using SHA256 hashes.
- Debug and identify issues in customization workflows.

Image history tracking can be disabled by explicitly configuring the option in
the [OS configuration settings](../api/configuration/os.md)
amritakohli marked this conversation as resolved.
Show resolved Hide resolved

## History Storage

- **Location:** `/usr/share/image-customizer/history.json`.
- **Format:** An array of JSON objects, each representing a customization step.
- **Order:** Each new history entry is appended to the end of the existing list
within the history file, preserving chronological sequence across image
customizations.

## Metadata Captured

Each entry in the history includes:

- **Timestamp:** Time of customization.
- **Tool Version:** Image customizer version used.
- **Image UUID:** Unique identifier for the image.
- **Configuration:** Captures the config used for customization (with certain
modifications).

## Config Modifications

The configuration undergoes specific modifications before being serialized into
JSON format:

**Hashing:**

- SHA256 hashes are generated for scripts, additional files, and the contents of
additional directories to ensure input integrity.
- If only content is provided for scripts or additional files (and no source
amritakohli marked this conversation as resolved.
Show resolved Hide resolved
path), no hash is calculated or added. When a source path is specified, a
SHA256 hash is computed and included as a field in the JSON configuration.
- For additional directories, a hashmap of each file to its SHA256 hash is added
as a field in the JSON configuration.

**Redaction:** Known sensitive information, such as SSH public keys, is replaced
with `[redacted]` to maintain security.

## JSON Schema

```json
{
amritakohli marked this conversation as resolved.
Show resolved Hide resolved
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ImageHistoryList",
"type": "array",
"items": {
"type": "object",
"properties": {
"timestamp": {
"type": "string",
"format": "date-time",
"description": "The timestamp for when the image was built."
},
"toolVersion": {
"type": "string",
"description": "The version of the tool used for the customization."
},
"imageUuid": {
"type": "string",
"description": "A unique identifier for the customized image."
},
"config": {
"type": "object",
"description": "Configuration data with added/redacted fields."
}
},
"required": ["timestamp", "toolVersion", "imageUuid", "config"]
}
}
```

## Example JSON Array

```json
[
{
"timestamp": "2024-12-09T17:20:54Z",
"toolVersion": "0.1.0",
"imageUuid": "4a0cb56c-efa8-6636-528f-033477a7bb27",
"config": {
"additionalFiles": [
{
"destination": "/a.txt",
"source": "files/a.txt",
"sha256hash": "06577bd4a35a3fb866f891567b5a9ff67223c2f4422fb7629836d0cadb603ed3"
}
],
"additionalDirs": [
{
"source": "dirs/a",
"destination": "/",
"sha256hashmap": {
"usr/local/bin/animals.sh": "13115588883d6f8960cf2e5f03ffcd73babcbb8da69789683715911487c8b1b6"
}
}
],
"users": [
{
"name": "test",
"sshPublicKeys": "[redacted]"
}
]
}
},
{
"timestamp": "2024-12-10T12:34:56Z",
"toolVersion": "0.2.0",
"imageUuid": "5b6c7d8e-9f10-1234-5678-abcdefabcdef",
"config": {
"additionalFiles": [
{
"destination": "/b.txt",
"source": "files/b.txt",
"sha256hash": "13579bd4a35a3fb866f891567b5a9ff67223c2f4422fb7629836d0cadb603ee4"
}
],
"users": [
{
"name": "admin",
"sshPublicKeys": "[redacted]"
}
]
}
}
]
```
Loading