Written by - 31/07/2025 - in Challenges - Download

🏆 Prizes

Here are the prizes for the top three participants:

1. first place: a very nice Keychron Q1 Max mechanical keyboard, UK-ISO layout and a good Keychron cable,
2. second place: a Raspberry starter kit with 16GB of RAM: enough to run all the containers you might like to use,
3. third place: a beautifull Rootme bag to carry your laptop.

📜 The ultimate test script

To be validated, your archive must be an image capable of generating another image, which in turn will generate another one, and so on!  You can see it as a self-replicating program or Quine, but in an OCI-flavored version!

#!/bin/bash
set -e

# Check args
if [ "$#" -ne 2 ]; then
    echo "Usage: $0 <nickname> <loop_count>"
    echo "Give the nickname matching your archive name, and the number of test iterations."
    exit 1
fi

# Check if nickname is not an empty string
if [ -z "$1" ]; then
    echo "Error: nickname arg must not be an empty string."
    exit 1
fi

# Check if loop_count is > 0
if [ "$2" -le 0 ]; then
    echo "Error: loop_count arg must be greater than 0."
    exit 1
fi

INPUT_ARCHIVE_NAME="ocinception_$1.tar"
IMAGE_NAME=ocinception_$1
FINAL_ARCHIVE_NAME="final_${INPUT_ARCHIVE_NAME}"
LOOP_COUNT=$2
MAX_RUN_TIME=8
PODMAN_RUN_OPTIONS=(--network=none --rm --rmi)

#### This command will be run before each test,
#### but it is commented to prevent you from accidentally resetting your entire Podman system
# podman system reset --force

# Load and tag initial podman image
podman load --quiet --input "$INPUT_ARCHIVE_NAME"
current_random_tag=$(head -c 32 /dev/urandom | sha256sum | awk '{print $1}')
podman tag "$IMAGE_NAME:latest" "$IMAGE_NAME:$current_random_tag"

# Podmanception loop
for ((i = 0; i < LOOP_COUNT; i++)); do
    previous_random_tag=$current_random_tag
    current_random_tag=$(head -c 32 /dev/urandom | sha256sum | awk '{print $1}')

    timeout "$MAX_RUN_TIME" podman run "${PODMAN_RUN_OPTIONS[@]}" "$IMAGE_NAME:$previous_random_tag" "$current_random_tag" > "$FINAL_ARCHIVE_NAME"
    podman load --quiet --input "$FINAL_ARCHIVE_NAME" | grep --color "$current_random_tag"
done
podman rmi "$IMAGE_NAME:$current_random_tag" > /dev/null

# Print your score
stat --printf="🦭 Well done little seal! Your score: %s 🦭\n" "$FINAL_ARCHIVE_NAME"

To submit a solution, send the archive to ​[email protected].

1. The challenge will be running during August, and the writup will be published in September.
2. Feel free to send your solutions as you progress; you can send as many as you want.
3. Once a solution is received and validated, the general ranking will be updated, but the scores will not be disclosed.
4. If you have any doubts about the validity of a solution or a question about the rules, don't hesitate to ask.

📋 Rules in detail

1. The winner will be the one with the smallest score calculated and displayed by this test script.
2. The test script is fixed; you should optimize your solution to achieve the best score!
3. The tests can be run with any loop_count value (> 0).
4. If a score varies between executions, an average score will be calculated.
5. The script will be executed on a Debian 12 VM without internet access.
6. On this VM, podman version 4.3.1 with an overlay storage driver is installed, along with all the compression tools you might need: tar, gzip, bzip2, etc.

🥷🏼 Bonus

Internally, we have already developed a highly optimized solution.

Will you be able to beat Synacktiv as well as the other participants?

To avoid giving you the result of this solution, which would be a good hint, here is the hash of a text file that reveals our score: c795ecf7692319832a62567ebdca26f4a7128197185bb019a1a139ad3b37ca58.
The file will be published in this challenge writeup.

Solutions will be accepted until August 31st at 11:59 PM, are you ready to dive into the darkest secrets of OCI archives?

Good luck to all participants!

The Synacktiv Team