Project Machine is the home for our "OCI-native operating system". We started this work in 2017. As many people, including cyphar and Tycho have pointed out, the .tar.gz nature of OCI layer files has many problems. So starting early in 2019 Tycho started adding support to stacker for building OCI images with squash layers.
When we started - long before OCI artifacts support etc was discussed - there was some concern of whether squash based layers would have support issues. Docker registries would not store them, for instance. So Tycho coined 'atomfs' (*1) as the name for OCI images using squash layers. Point being - it's not a filesystem, just a way of making use of filesystems. We (wrote, and) used zot to store them, enabled stacker to build them, and used our internal OS build and management tool, atomix, to extract or mount them. But while stacker and zot are external tools, we didn't have an external tool to make mounting these images easy.
To rectify this, we present atomfs: a program which can be used to easily examine atomfs images, that is, OCI images with squashfs layers.
If you are root host, it will use the kernel to mount each squash layer, with fsverity if the image specifies verity root hashes. If you are root in a container, it will try to use squashfuse. If that is not available, then it will use unsquashfs to unpack the full filesystem. The layers are then combined using overlay into one mount. This is the step which requires root (*2), at least in your namespace, to accomplish. So if you are not root, you'll need to unshare a user namespace.
Here are two asciicinema sessions showing some usage.
Happy spelunking!
---
*1 - atomix is the name of the internal project which begat project-machine.
*2 - we could use fuse-overlay for this, but requiring a new namespace has a certain tidyness, so we are still considering.
S3hh's Blog 