occystrap 0.3.0__py3-none-any.whl → 0.4.1__py3-none-any.whl

occystrap/inputs/tarfile.py

@@ -0,0 +1,88 @@
+import io
+import json
+import logging
+import os
+import tarfile
+
+from occystrap import constants
+from occystrap.inputs.base import ImageInput
+
+
+LOG = logging.getLogger(__name__)
+LOG.setLevel(logging.INFO)
+
+
+def always_fetch(digest):
+    return True
+
+
+class Image(ImageInput):
+    def __init__(self, tarfile_path):
+        self.tarfile_path = tarfile_path
+        self._manifest = None
+        self._image = None
+        self._tag = None
+        self._load_manifest()
+
+    def _load_manifest(self):
+        with tarfile.open(self.tarfile_path, 'r') as tf:
+            manifest_member = tf.getmember('manifest.json')
+            manifest_file = tf.extractfile(manifest_member)
+            self._manifest = json.loads(manifest_file.read().decode('utf-8'))
+
+        # Parse image and tag from RepoTags
+        # Format is typically ["image:tag"] or ["registry/image:tag"]
+        repo_tags = self._manifest[0].get('RepoTags', [])
+        if repo_tags:
+            repo_tag = repo_tags[0]
+            if ':' in repo_tag:
+                self._image, self._tag = repo_tag.rsplit(':', 1)
+            else:
+                self._image = repo_tag
+                self._tag = 'latest'
+        else:
+            # Fallback if no RepoTags
+            self._image = 'unknown'
+            self._tag = 'unknown'
+
+    @property
+    def image(self):
+        return self._image
+
+    @property
+    def tag(self):
+        return self._tag
+
+    def fetch(self, fetch_callback=always_fetch):
+        LOG.info('Reading image from tarball %s' % self.tarfile_path)
+
+        with tarfile.open(self.tarfile_path, 'r') as tf:
+            # Yield config file
+            config_filename = self._manifest[0]['Config']
+            LOG.info('Reading config file %s' % config_filename)
+            config_member = tf.getmember(config_filename)
+            config_file = tf.extractfile(config_member)
+            config_data = config_file.read()
+            yield (constants.CONFIG_FILE, config_filename,
+                   io.BytesIO(config_data))
+
+            # Yield each layer
+            layers = self._manifest[0]['Layers']
+            LOG.info('There are %d image layers' % len(layers))
+
+            for layer_path in layers:
+                # Layer path is like "abc123/layer.tar"
+                layer_digest = os.path.dirname(layer_path)
+                if not fetch_callback(layer_digest):
+                    LOG.info('Fetch callback says skip layer %s' % layer_digest)
+                    yield (constants.IMAGE_LAYER, layer_digest, None)
+                    continue
+
+                LOG.info('Reading layer %s' % layer_path)
+                layer_member = tf.getmember(layer_path)
+                layer_file = tf.extractfile(layer_member)
+                layer_data = layer_file.read()
+                yield (constants.IMAGE_LAYER, layer_digest,
+                       io.BytesIO(layer_data))
+
+        LOG.info('Done')

occystrap/main.py

@@ -4,11 +4,16 @@ import os
 from shakenfist_utilities import logs
 import sys
 
-from occystrap import docker_registry
-from occystrap import output_directory
-from occystrap import output_mounts
-from occystrap import output_ocibundle
-from occystrap import output_tarfile
+from occystrap.inputs import docker as input_docker
+from occystrap.inputs import registry as input_registry
+from occystrap.inputs import tarfile as input_tarfile
+from occystrap.outputs import directory as output_directory
+from occystrap.outputs import mounts as output_mounts
+from occystrap.outputs import ocibundle as output_ocibundle
+from occystrap.outputs import tarfile as output_tarfile
+from occystrap.filters import SearchFilter, TimestampNormalizer
+from occystrap.pipeline import PipelineBuilder, PipelineError
+from occystrap import uri
 
 
 LOG = logs.setup_console(__name__)
@@ -19,8 +24,15 @@ LOG = logs.setup_console(__name__)
 @click.option('--os', default='linux')
 @click.option('--architecture', default='amd64')
 @click.option('--variant', default='')
+@click.option('--username', default=None, envvar='OCCYSTRAP_USERNAME',
+              help='Username for registry authentication')
+@click.option('--password', default=None, envvar='OCCYSTRAP_PASSWORD',
+              help='Password for registry authentication')
+@click.option('--insecure', is_flag=True, default=False,
+              help='Use HTTP instead of HTTPS for registry connections')
 @click.pass_context
-def cli(ctx, verbose=None, os=None, architecture=None, variant=None):
+def cli(ctx, verbose=None, os=None, architecture=None, variant=None,
+        username=None, password=None, insecure=None):
     if verbose:
         logging.basicConfig(level=logging.DEBUG)
         LOG.setLevel(logging.DEBUG)
@@ -30,31 +42,145 @@ def cli(ctx, verbose=None, os=None, architecture=None, variant=None):
     ctx.obj['OS'] = os
     ctx.obj['ARCHITECTURE'] = architecture
     ctx.obj['VARIANT'] = variant
+    ctx.obj['USERNAME'] = username
+    ctx.obj['PASSWORD'] = password
+    ctx.obj['INSECURE'] = insecure
 
 
-def _fetch(registry, image, tag, output, os, architecture, variant, secure=True):
-    img = docker_registry.Image(
-        registry, image, tag, os, architecture, variant, secure=secure)
+def _fetch(img, output):
     for image_element in img.fetch(fetch_callback=output.fetch_callback):
         output.process_image_element(*image_element)
     output.finalize()
 
 
-@click.command()
+# =============================================================================
+# New URI-style commands
+# =============================================================================
+
+@click.command('process')
+@click.argument('source')
+@click.argument('destination')
+@click.option('--filter', '-f', 'filters', multiple=True,
+              help='Apply filter (can be specified multiple times)')
+@click.pass_context
+def process_cmd(ctx, source, destination, filters):
+    """Process container images through a pipeline.
+
+    SOURCE and DESTINATION are URIs specifying where to read from
+    and write to.
+
+    \b
+    Input URI schemes:
+      registry://HOST/IMAGE:TAG    - Docker/OCI registry
+      docker://IMAGE:TAG           - Local Docker daemon
+      tar://PATH                   - Docker-save tarball
+
+    \b
+    Output URI schemes:
+      tar://PATH                   - Create tarball
+      dir://PATH                   - Extract to directory
+      oci://PATH                   - Create OCI bundle
+      mounts://PATH                - Create overlay mounts
+
+    \b
+    Filters (use -f, can chain multiple):
+      normalize-timestamps         - Normalize layer timestamps
+      normalize-timestamps:ts=N    - Use specific timestamp
+      search:pattern=GLOB          - Search for files
+      search:pattern=RE,regex=true - Search with regex
+      inspect:file=PATH            - Append layer metadata (JSONL)
+      exclude:pattern=GLOB         - Exclude files from layers
+
+    \b
+    Examples:
+      occystrap process registry://docker.io/library/busybox:latest tar://busybox.tar
+      occystrap process docker://myimage:v1 dir://./extracted -f normalize-timestamps
+      occystrap process tar://image.tar dir://out -f "search:pattern=*.conf"
+      occystrap process docker://img:v1 registry://host/img:v1 -f "inspect:file=layers.jsonl"
+    """
+    try:
+        builder = PipelineBuilder(ctx)
+        input_source, output = builder.build_pipeline(
+            source, destination, list(filters))
+        _fetch(input_source, output)
+
+        # Handle post-processing for certain outputs
+        if hasattr(output, 'write_bundle'):
+            # Check if this is an OCI or mounts output that needs write_bundle
+            dest_spec = uri.parse_uri(destination)
+            if dest_spec.scheme in ('oci', 'mounts'):
+                output.write_bundle()
+            elif dest_spec.scheme == 'dir' and dest_spec.options.get('expand'):
+                output.write_bundle()
+
+    except (PipelineError, uri.URIParseError) as e:
+        click.echo('Error: %s' % e, err=True)
+        sys.exit(1)
+
+
+cli.add_command(process_cmd)
+
+
+@click.command('search')
+@click.argument('source')
+@click.argument('pattern')
+@click.option('--regex', is_flag=True, default=False,
+              help='Use regex pattern instead of glob pattern')
+@click.option('--script-friendly', is_flag=True, default=False,
+              help='Output in script-friendly format: image:tag:layer:path')
+@click.pass_context
+def search_cmd(ctx, source, pattern, regex, script_friendly):
+    """Search for files in container image layers.
+
+    SOURCE is a URI specifying where to read the image from:
+      registry://HOST/IMAGE:TAG    - Docker/OCI registry
+      docker://IMAGE:TAG           - Local Docker daemon
+      tar://PATH                   - Docker-save tarball
+
+    PATTERN is a glob pattern (or regex with --regex).
+
+    \b
+    Examples:
+      occystrap search registry://docker.io/library/busybox:latest "bin/*sh"
+      occystrap search docker://myimage:v1 "*.conf"
+      occystrap search --regex tar://image.tar ".*\\.py$"
+    """
+    try:
+        builder = PipelineBuilder(ctx)
+        input_source, searcher = builder.build_search_pipeline(
+            source, pattern, use_regex=regex, script_friendly=script_friendly)
+        _fetch(input_source, searcher)
+
+    except (PipelineError, uri.URIParseError) as e:
+        click.echo('Error: %s' % e, err=True)
+        sys.exit(1)
+
+
+cli.add_command(search_cmd)
+
+
+# =============================================================================
+# Legacy commands (kept for backwards compatibility)
+# =============================================================================
+
+@click.command(deprecated=True)
 @click.argument('registry')
 @click.argument('image')
 @click.argument('tag')
 @click.argument('path')
 @click.option('--use-unique-names', is_flag=True)
 @click.option('--expand', is_flag=True)
-@click.option('--insecure', is_flag=True, default=False)
 @click.pass_context
 def fetch_to_extracted(ctx, registry, image, tag, path, use_unique_names,
-                       expand, insecure):
+                       expand):
+    """[DEPRECATED] Use: occystrap process registry://... dir://..."""
     d = output_directory.DirWriter(
         image, tag, path, unique_names=use_unique_names, expand=expand)
-    _fetch(registry, image, tag, d, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
-           ctx.obj['VARIANT'], secure=(not insecure))
+    img = input_registry.Image(
+        registry, image, tag, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
+        ctx.obj['VARIANT'], secure=(not ctx.obj['INSECURE']),
+        username=ctx.obj['USERNAME'], password=ctx.obj['PASSWORD'])
+    _fetch(img, d)
 
     if expand:
         d.write_bundle()
@@ -63,47 +189,58 @@ def fetch_to_extracted(ctx, registry, image, tag, path, use_unique_names,
 cli.add_command(fetch_to_extracted)
 
 
-@click.command()
+@click.command(deprecated=True)
 @click.argument('registry')
 @click.argument('image')
 @click.argument('tag')
 @click.argument('path')
-@click.option('--insecure', is_flag=True, default=False)
 @click.pass_context
-def fetch_to_oci(ctx, registry, image, tag, path, insecure):
+def fetch_to_oci(ctx, registry, image, tag, path):
+    """[DEPRECATED] Use: occystrap process registry://... oci://..."""
     d = output_ocibundle.OCIBundleWriter(image, tag, path)
-    _fetch(registry, image, tag, d, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
-           ctx.obj['VARIANT'], secure=(not insecure))
+    img = input_registry.Image(
+        registry, image, tag, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
+        ctx.obj['VARIANT'], secure=(not ctx.obj['INSECURE']),
+        username=ctx.obj['USERNAME'], password=ctx.obj['PASSWORD'])
+    _fetch(img, d)
     d.write_bundle()
 
 
 cli.add_command(fetch_to_oci)
 
 
-@click.command()
+@click.command(deprecated=True)
 @click.argument('registry')
 @click.argument('image')
 @click.argument('tag')
 @click.argument('tarfile')
-@click.option('--insecure', is_flag=True, default=False)
+@click.option('--normalize-timestamps', is_flag=True, default=False)
+@click.option('--timestamp', default=0, type=int)
 @click.pass_context
-def fetch_to_tarfile(ctx, registry, image, tag, tarfile, insecure):
+def fetch_to_tarfile(ctx, registry, image, tag, tarfile,
+                     normalize_timestamps, timestamp):
+    """[DEPRECATED] Use: occystrap process registry://... tar://..."""
     tar = output_tarfile.TarWriter(image, tag, tarfile)
-    _fetch(registry, image, tag, tar, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
-           ctx.obj['VARIANT'], secure=(not insecure))
+    if normalize_timestamps:
+        tar = TimestampNormalizer(tar, timestamp=timestamp)
+    img = input_registry.Image(
+        registry, image, tag, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
+        ctx.obj['VARIANT'], secure=(not ctx.obj['INSECURE']),
+        username=ctx.obj['USERNAME'], password=ctx.obj['PASSWORD'])
+    _fetch(img, tar)
 
 
 cli.add_command(fetch_to_tarfile)
 
 
-@click.command()
+@click.command(deprecated=True)
 @click.argument('registry')
 @click.argument('image')
 @click.argument('tag')
 @click.argument('path')
-@click.option('--insecure', is_flag=True, default=False)
 @click.pass_context
-def fetch_to_mounts(ctx, registry, image, tag, path, insecure):
+def fetch_to_mounts(ctx, registry, image, tag, path):
+    """[DEPRECATED] Use: occystrap process registry://... mounts://..."""
     if not hasattr(os, 'setxattr'):
         print('Sorry, your OS module implementation lacks setxattr')
         sys.exit(1)
@@ -112,26 +249,188 @@ def fetch_to_mounts(ctx, registry, image, tag, path, insecure):
         sys.exit(1)
 
     d = output_mounts.MountWriter(image, tag, path)
-    _fetch(registry, image, tag, d, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
-           ctx.obj['VARIANT'], secure=(not insecure))
+    img = input_registry.Image(
+        registry, image, tag, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
+        ctx.obj['VARIANT'], secure=(not ctx.obj['INSECURE']),
+        username=ctx.obj['USERNAME'], password=ctx.obj['PASSWORD'])
+    _fetch(img, d)
     d.write_bundle()
 
 
 cli.add_command(fetch_to_mounts)
 
 
-@click.command()
+@click.command(deprecated=True)
 @click.argument('path')
 @click.argument('image')
 @click.argument('tag')
 @click.argument('tarfile')
+@click.option('--normalize-timestamps', is_flag=True, default=False)
+@click.option('--timestamp', default=0, type=int)
 @click.pass_context
-def recreate_image(ctx, path, image, tag, tarfile):
+def recreate_image(ctx, path, image, tag, tarfile, normalize_timestamps,
+                   timestamp):
+    """[DEPRECATED] Recreate image from shared directory."""
     d = output_directory.DirReader(path, image, tag)
     tar = output_tarfile.TarWriter(image, tag, tarfile)
+    if normalize_timestamps:
+        tar = TimestampNormalizer(tar, timestamp=timestamp)
     for image_element in d.fetch():
         tar.process_image_element(*image_element)
     tar.finalize()
 
 
 cli.add_command(recreate_image)
+
+
+@click.command(deprecated=True)
+@click.argument('tarfile')
+@click.argument('path')
+@click.option('--use-unique-names', is_flag=True)
+@click.option('--expand', is_flag=True)
+@click.pass_context
+def tarfile_to_extracted(ctx, tarfile, path, use_unique_names, expand):
+    """[DEPRECATED] Use: occystrap process tar://... dir://..."""
+    img = input_tarfile.Image(tarfile)
+    d = output_directory.DirWriter(
+        img.image, img.tag, path, unique_names=use_unique_names, expand=expand)
+    _fetch(img, d)
+
+    if expand:
+        d.write_bundle()
+
+
+cli.add_command(tarfile_to_extracted)
+
+
+@click.command(deprecated=True)
+@click.argument('image')
+@click.argument('tag')
+@click.argument('tarfile')
+@click.option('--socket', default='/var/run/docker.sock',
+              help='Path to Docker socket')
+@click.option('--normalize-timestamps', is_flag=True, default=False)
+@click.option('--timestamp', default=0, type=int)
+@click.pass_context
+def docker_to_tarfile(ctx, image, tag, tarfile, socket, normalize_timestamps,
+                      timestamp):
+    """[DEPRECATED] Use: occystrap process docker://... tar://..."""
+    tar = output_tarfile.TarWriter(image, tag, tarfile)
+    if normalize_timestamps:
+        tar = TimestampNormalizer(tar, timestamp=timestamp)
+    img = input_docker.Image(image, tag, socket_path=socket)
+    _fetch(img, tar)
+
+
+cli.add_command(docker_to_tarfile)
+
+
+@click.command(deprecated=True)
+@click.argument('image')
+@click.argument('tag')
+@click.argument('path')
+@click.option('--socket', default='/var/run/docker.sock',
+              help='Path to Docker socket')
+@click.option('--use-unique-names', is_flag=True)
+@click.option('--expand', is_flag=True)
+@click.pass_context
+def docker_to_extracted(ctx, image, tag, path, socket, use_unique_names,
+                        expand):
+    """[DEPRECATED] Use: occystrap process docker://... dir://..."""
+    d = output_directory.DirWriter(
+        image, tag, path, unique_names=use_unique_names, expand=expand)
+    img = input_docker.Image(image, tag, socket_path=socket)
+    _fetch(img, d)
+
+    if expand:
+        d.write_bundle()
+
+
+cli.add_command(docker_to_extracted)
+
+
+@click.command(deprecated=True)
+@click.argument('image')
+@click.argument('tag')
+@click.argument('path')
+@click.option('--socket', default='/var/run/docker.sock',
+              help='Path to Docker socket')
+@click.pass_context
+def docker_to_oci(ctx, image, tag, path, socket):
+    """[DEPRECATED] Use: occystrap process docker://... oci://..."""
+    d = output_ocibundle.OCIBundleWriter(image, tag, path)
+    img = input_docker.Image(image, tag, socket_path=socket)
+    _fetch(img, d)
+    d.write_bundle()
+
+
+cli.add_command(docker_to_oci)
+
+
+@click.command(deprecated=True)
+@click.argument('image')
+@click.argument('tag')
+@click.argument('pattern')
+@click.option('--socket', default='/var/run/docker.sock',
+              help='Path to Docker socket')
+@click.option('--regex', is_flag=True, default=False,
+              help='Use regex pattern instead of glob pattern')
+@click.option('--script-friendly', is_flag=True, default=False,
+              help='Output in script-friendly format: image:tag:layer:path')
+@click.pass_context
+def search_layers_docker(ctx, image, tag, pattern, socket, regex,
+                         script_friendly):
+    """[DEPRECATED] Use: occystrap search docker://IMAGE:TAG PATTERN"""
+    searcher = SearchFilter(
+        None, pattern, use_regex=regex, image=image, tag=tag,
+        script_friendly=script_friendly)
+    img = input_docker.Image(image, tag, socket_path=socket)
+    _fetch(img, searcher)
+
+
+cli.add_command(search_layers_docker)
+
+
+@click.command(deprecated=True)
+@click.argument('registry')
+@click.argument('image')
+@click.argument('tag')
+@click.argument('pattern')
+@click.option('--regex', is_flag=True, default=False,
+              help='Use regex pattern instead of glob pattern')
+@click.option('--script-friendly', is_flag=True, default=False,
+              help='Output in script-friendly format: image:tag:layer:path')
+@click.pass_context
+def search_layers(ctx, registry, image, tag, pattern, regex, script_friendly):
+    """[DEPRECATED] Use: occystrap search registry://HOST/IMAGE:TAG PATTERN"""
+    searcher = SearchFilter(
+        None, pattern, use_regex=regex, image=image, tag=tag,
+        script_friendly=script_friendly)
+    img = input_registry.Image(
+        registry, image, tag, ctx.obj['OS'], ctx.obj['ARCHITECTURE'],
+        ctx.obj['VARIANT'], secure=(not ctx.obj['INSECURE']),
+        username=ctx.obj['USERNAME'], password=ctx.obj['PASSWORD'])
+    _fetch(img, searcher)
+
+
+cli.add_command(search_layers)
+
+
+@click.command(deprecated=True)
+@click.argument('tarfile')
+@click.argument('pattern')
+@click.option('--regex', is_flag=True, default=False,
+              help='Use regex pattern instead of glob pattern')
+@click.option('--script-friendly', is_flag=True, default=False,
+              help='Output in script-friendly format: image:tag:layer:path')
+@click.pass_context
+def search_layers_tarfile(ctx, tarfile, pattern, regex, script_friendly):
+    """[DEPRECATED] Use: occystrap search tar://PATH PATTERN"""
+    img = input_tarfile.Image(tarfile)
+    searcher = SearchFilter(
+        None, pattern, use_regex=regex, image=img.image, tag=img.tag,
+        script_friendly=script_friendly)
+    _fetch(img, searcher)
+
+
+cli.add_command(search_layers_tarfile)

occystrap/outputs/__init__.py

@@ -0,0 +1 @@
+# Output writers for container images

occystrap/outputs/base.py

@@ -0,0 +1,46 @@
+from abc import ABC, abstractmethod
+
+
+class ImageOutput(ABC):
+    """Abstract base class for image output writers.
+
+    Output writers receive image elements (config files and layers) from input
+    sources and write them to various destinations (tarballs, directories,
+    OCI bundles, etc.).
+    """
+
+    @abstractmethod
+    def fetch_callback(self, digest):
+        """Determine whether a layer should be fetched.
+
+        This is called by input sources before fetching each layer, allowing
+        output writers to skip layers that already exist in the destination.
+
+        Args:
+            digest: The layer digest/identifier.
+
+        Returns:
+            True if the layer should be fetched, False to skip.
+        """
+        pass
+
+    @abstractmethod
+    def process_image_element(self, element_type, name, data):
+        """Process a single image element (config or layer).
+
+        Args:
+            element_type: constants.CONFIG_FILE or constants.IMAGE_LAYER
+            name: The element identifier (config filename or layer digest)
+            data: A file-like object containing the element data,
+                or None if the layer was skipped by fetch_callback
+        """
+        pass
+
+    @abstractmethod
+    def finalize(self):
+        """Complete the output operation.
+
+        This is called after all image elements have been processed. Use this
+        to write manifests, close files, or perform any final cleanup.
+        """
+        pass

occystrap/{output_directory.py → outputs/directory.py}

@@ -4,6 +4,7 @@ import os
 import tarfile
 
 from occystrap import constants
+from occystrap.outputs.base import ImageOutput
 
 
 LOG = logging.getLogger(__name__)
@@ -94,7 +95,7 @@ TARFILE_TYPE_MAP = {
 }
 
 
-class DirWriter(object):
+class DirWriter(ImageOutput):
     def __init__(self, image, tag, image_path, unique_names=False, expand=False):
         self.image = image
         self.tag = tag
@@ -110,9 +111,7 @@ class DirWriter(object):
             self.tar_manifest[0]['ImageName'] = self.image
 
         self.bundle = {}
-
-        if not os.path.exists(self.image_path):
-            os.makedirs(self.image_path)
+        os.makedirs(self.image_path, exist_ok=True)
 
     def _manifest_filename(self):
         if not self.unique_names:
@@ -136,15 +135,18 @@ class DirWriter(object):
 
     def process_image_element(self, element_type, name, data):
         if element_type == constants.CONFIG_FILE:
-            with open(os.path.join(self.image_path, name), 'wb') as f:
+            config_file = os.path.join(self.image_path, name)
+            config_dir = os.path.dirname(config_file)
+            os.makedirs(config_dir, exist_ok=True)
+
+            with open(config_file, 'wb') as f:
                 d = json.loads(data.read())
                 f.write(json.dumps(d, indent=4, sort_keys=True).encode('ascii'))
             self.tar_manifest[0]['Config'] = name
 
         elif element_type == constants.IMAGE_LAYER:
             layer_dir = os.path.join(self.image_path, name)
-            if not os.path.exists(layer_dir):
-                os.makedirs(layer_dir)
+            os.makedirs(layer_dir, exist_ok=True)
 
             layer_file = os.path.join(name, 'layer.tar')
             self.tar_manifest[0]['Layers'].append(layer_file)
@@ -276,8 +278,7 @@ class DirWriter(object):
     def write_bundle(self):
         manifest_filename = self._manifest_filename()
         manifest_path = os.path.join(self.image_path, manifest_filename)
-        if not os.path.exists(manifest_path):
-            os.makedirs(manifest_path)
+        os.makedirs(manifest_path, exist_ok=True)
         LOG.info('Writing image bundle to %s' % manifest_path)
         self._extract_rootfs(manifest_path)