podman -- how can I remove the top layer of a container image?

Question

I have an old image, may its name be B:latest. It has been built on top of another image, may its name be A:latest.

I have still the script that has been used for building. It is something like that:

conta=$(buildah from A:latest)
buildah run $conta ...
buildah copy $conta ...
...
buildah commit --rm $conta B:latest

A colleague has built the image years ago. I know, using always the tag latest was not a good choice, but this is another story.

My problem is now, I have to build a modified version of image B. I want to use a modified version of the old build script and build it on top of the old image A.

I have still a copy of image B. But the image A is no longer there. I can see only image B when I execute the command:

podman images --all

I can display the layers of the image by

podman image tree B:latest

So my hope was that I can add a new tag to the layer below the top layer and I could reuse this layer as a copy of image A, but it does not work. May the layer below the top layer have the id 11deadbeef00. I cannot see an image with this id with the command podman images --all, but it must still be contained somehow in image B. This was what I have tried:

podman image tag 11deadbeef00 newname

The error message was "Error: 11deadbeef00: image not known".

My question: Can I somehow access the layers below the top layer of a container image and make an image out of it that I can use independently?

Answer 1

With the caveat that this seems like a pretty clunky solution, you might be able to export the image to a directory:

podman image save B:latest |
  tar --one-top-level=imageB -xf-

Edit the image metadata to remove the top layer:

$ vim manifests.json
...
$ vim $(jq -r jq .[0].Config manifest.json)
...

And then load the modified image back into podman:

tar -C imageB -cf- . | podman image load

Answer 2

In this particular case (commit over a previous image), you can display the history and give a new tag to the old version:

$ podman image history test
ID            CREATED        CREATED BY                                     SIZE        COMMENT
1cf9ef46244e  7 minutes ago  /bin/sh                                        3.84 MB     FROM localhost/test:latest
12598d7c57b5  2 days ago     /bin/sh                                        51.2 MB     FROM localhost/test:latest
09f343ca7882  6 days ago     /bin/sh                                        13.9 MB     FROM localhost/test:latest
409ad3c8e0f8  6 days ago     /bin/sh                                        72.7 MB     FROM localhost/test:latest
a7cddf736673  6 weeks ago    /bin/sh                                        295 MB      FROM localhost/test:latest
<missing>     6 weeks ago    /bin/sh                                        99 MB       FROM localhost/test:latest
<missing>     6 weeks ago    /bin/sh                                        170 MB      FROM localhost/test:latest
$ podman image tag 12598d7c57b5 test:latest
$ podman image history test
ID            CREATED        CREATED BY                                     SIZE        COMMENT
12598d7c57b5  2 days ago     /bin/sh                                        51.2 MB     FROM localhost/test:latest
09f343ca7882  6 days ago     /bin/sh                                        13.9 MB     FROM localhost/test:latest
409ad3c8e0f8  6 days ago     /bin/sh                                        72.7 MB     FROM localhost/test:latest
...

If the image is a fresh build (podman build or commit from a different source that overwrote the image), podman image list will still list the image without tag so this is also recoverable, but that is a separate issue.

Hope this helps whoever comes next, it's slightly easier than editing the metadata :)