From f1a65b66271da26d37c8dfa65391741cc6042be5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcus=20Sch=C3=A4fer?= <marcus.schaefer@gmail.com>
Date: Sat, 14 Mar 2026 11:18:41 +0100
Subject: [PATCH] Add support for oci format for disk images

The oci:... format is a special case that allows you to create an
OCI-compliant container from a specified reference container. The
created container image has the actual disk image added as a new layer.
The specification of the oci:image_format:container_transport format
contains two parts separated by a colon. The first part specifies
one of the above disk formats or just "raw" if the disk should be
stored as raw disk inside of the container. The second part specifies
one of the supported skopeo container transport formats, for
details see the skopeo man page. This format is particularly useful
for building an image which bundles the actual disk image and its
runtime requirements into one artifact.
---
 .../test-image-disk-formats/appliance.kiwi    |  76 +++++++++
 .../test-image-disk-formats/config.sh         |   7 +
 doc/source/image_description/elements.rst     |  31 +++-
 kiwi/defaults.py                              |  15 +-
 kiwi/schema/kiwi.rnc                          |  33 +++-
 kiwi/schema/kiwi.rng                          |  29 +++-
 kiwi/storage/subformat/__init__.py            |  10 ++
 kiwi/storage/subformat/oci.py                 | 153 ++++++++++++++++++
 test/unit/storage/subformat/init_test.py      |  16 ++
 test/unit/storage/subformat/oci_test.py       | 135 ++++++++++++++++
 10 files changed, 484 insertions(+), 21 deletions(-)
 create mode 100644 build-tests/x86/tumbleweed/test-image-disk-formats/appliance.kiwi
 create mode 100644 build-tests/x86/tumbleweed/test-image-disk-formats/config.sh
 create mode 100644 kiwi/storage/subformat/oci.py
 create mode 100644 test/unit/storage/subformat/oci_test.py

diff --git a/build-tests/x86/tumbleweed/test-image-disk-formats/appliance.kiwi b/build-tests/x86/tumbleweed/test-image-disk-formats/appliance.kiwi
new file mode 100644
index 00000000000..8bf4a05724f
--- /dev/null
+++ b/build-tests/x86/tumbleweed/test-image-disk-formats/appliance.kiwi
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<image schemaversion="7.5" name="kiwi-test-image-disk-formats" displayname="Disk Formats">
+    <description type="system">
+        <author>Marcus Schäfer</author>
+        <contact>marcus.schaefer@gmail.com</contact>
+        <specification>Build different disk formats</specification>
+    </description>
+    <preferences>
+        <version>1.42.1</version>
+        <packagemanager>zypper</packagemanager>
+        <locale>en_US</locale>
+        <keytable>us</keytable>
+        <timezone>Europe/Berlin</timezone>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <rpm-check-signatures>false</rpm-check-signatures>
+        <bootsplash-theme>breeze</bootsplash-theme>
+        <bootloader-theme>openSUSE</bootloader-theme>
+        <type image="oem" filesystem="ext3" kernelcmdline="console=ttyS0" firmware="uefi" eficsm="false" format="oci:raw:docker://alpine:latest">
+            <oemconfig>
+                <oem-resize>false</oem-resize>
+            </oemconfig>
+            <containerconfig name="alpine_baked_tw"/>
+            <machine memory="4096"/>
+            <bootloader name="grub2" console="serial" timeout="10"/>
+        </type>
+    </preferences>
+    <users>
+        <user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/root" name="root" groups="root"/>
+    </users>
+    <repository type="rpm-md">
+        <source path="obsrepositories:/"/>
+    </repository>
+    <packages type="image">
+        <package name="patterns-base-minimal_base"/>
+        <package name="bind-utils"/>
+        <package name="systemd"/>
+        <package name="plymouth-theme-breeze"/>
+        <package name="plymouth-plugin-script"/>
+        <package name="grub2-branding-openSUSE"/>
+        <package name="iputils"/>
+        <package name="vim"/>
+        <package name="grub2"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-i386-pc"/>
+        <package name="lvm2"/>
+        <package name="plymouth"/>
+        <package name="fontconfig"/>
+        <package name="fonts-config"/>
+        <package name="tar"/>
+        <package name="parted"/>
+        <package name="openssh"/>
+        <package name="iproute2"/>
+        <package name="less"/>
+        <package name="bash-completion"/>
+        <package name="dhcp-client"/>
+        <package name="which"/>
+        <package name="kernel-default"/>
+        <package name="shim"/>
+        <package name="timezone"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="gawk"/>
+        <package name="grep"/>
+        <package name="gzip"/>
+        <package name="udev"/>
+        <package name="xz"/>
+        <package name="shadow"/>
+        <package name="filesystem"/>
+        <package name="glibc-locale"/>
+        <package name="cracklib-dict-full"/>
+        <package name="ca-certificates"/>
+        <package name="ca-certificates-mozilla"/>
+        <package name="openSUSE-release"/>
+    </packages>
+</image>
diff --git a/build-tests/x86/tumbleweed/test-image-disk-formats/config.sh b/build-tests/x86/tumbleweed/test-image-disk-formats/config.sh
new file mode 100644
index 00000000000..61803a44fa9
--- /dev/null
+++ b/build-tests/x86/tumbleweed/test-image-disk-formats/config.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -ex
+
+#======================================
+# Activate services
+#--------------------------------------
+systemctl enable sshd
diff --git a/doc/source/image_description/elements.rst b/doc/source/image_description/elements.rst
index 06315f19c63..e863400ba4f 100644
--- a/doc/source/image_description/elements.rst
+++ b/doc/source/image_description/elements.rst
@@ -931,10 +931,33 @@ flags="overlay|dmsquash":
   system based on the capabilities of the upstream dracut
   module.
 
-format="gce|ova|qcow2|vagrant|vmdk|vdi|vhd|vhdx|vhd-fixed":
-  For disk image type oem, this specifies the format of
-  the virtual disk so that it can run on the desired target
-  virtualization platform.
+format="format_name":
+  For disk image type `oem`, this specifies the format of the virtual disk
+  so that it can run on the desired target virtualization platform. The
+  supported formats_name's are:
+
+   * `gce`: Google Compute Engine image format.
+   * `ova`: Open Virtualization Format Archive.
+   * `qcow2`: QEMU Copy-On-Write version 2.
+   * `vagrant`: Vagrant box format (tar.gz).
+   * `vmdk`: VMware Virtual Machine Disk.
+   * `vdi`: VirtualBox Disk Image.
+   * `vhd`: Microsoft Virtual Hard Disk.
+   * `vhdx`: Microsoft Virtual Hard Disk version 2.
+   * `vhd-fixed`: Microsoft Virtual Hard Disk with fixed size.
+   * `oci:image_format:container_transport`: OCI image archive.
+
+   The `oci:...` format is a special case that allows you to create an
+   OCI-compliant container from a specified reference container. The
+   created container image has the actual disk image added as a new layer.
+   The specification of the `oci:image_format:container_transport` format
+   contains two parts separated by a colon. The first part specifies
+   one of the above disk formats or just `raw` if the disk should be
+   stored as raw disk inside of the container. The second part specifies
+   one of the supported `skopeo` container transport formats, for
+   details see the `skopeo` man page. This format is particularly useful
+   for building an image which bundles the actual disk image and its
+   runtime requirements into one artifact.
 
 formatoptions="string":
   Specifies additional format options passed on to `qemu-img`.
diff --git a/kiwi/defaults.py b/kiwi/defaults.py
index 821304b2c78..d7c0b429125 100644
--- a/kiwi/defaults.py
+++ b/kiwi/defaults.py
@@ -1528,8 +1528,19 @@ def get_disk_format_types():
         :rtype: list
         """
         return [
-            'gce', 'qcow2', 'vmdk', 'ova', 'meta', 'vmx', 'vhd', 'vhdx',
-            'vhdfixed', 'vdi', 'vagrant.libvirt.box', 'vagrant.virtualbox.box'
+            'gce',
+            'qcow2',
+            'vmdk',
+            'ova',
+            'meta',
+            'vmx',
+            'vhd',
+            'vhdx',
+            'vhdfixed',
+            'vdi',
+            'vagrant.libvirt.box',
+            'vagrant.virtualbox.box',
+            'oci'
         ]
 
     @staticmethod
diff --git a/kiwi/schema/kiwi.rnc b/kiwi/schema/kiwi.rnc
index 6119779e57e..c51096e4088 100644
--- a/kiwi/schema/kiwi.rnc
+++ b/kiwi/schema/kiwi.rnc
@@ -43,6 +43,7 @@ grub_console_input = xsd:token {pattern = "(none|console|serial|at_keyboard|usb_
 fs_attributes = xsd:token {pattern = "(no-copy-on-write|synchronous-updates)(,(no-copy-on-write|synchronous-updates))*"}
 package-version-type =  xsd:token {pattern = "(0|[1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(\.(0|[1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){3}"}
 simple-uri-type = xsd:token {pattern = "(file:|https:|http:|ftp:).*"}
+oci_format_type = xsd:token {pattern = "oci:(gce:|ova:|qcow2:|vmdk:|vdi:|vhd:|vhdx:|vhd-fixed:|raw:).*"}
 
 #==========================================
 # start with image description
@@ -1986,7 +1987,7 @@ div {
         ## Specifies the format of the virtual disk.
         attribute format {
             "gce" | "ova" | "qcow2" | "vagrant" | "vmdk" |
-            "vdi" | "vhd" | "vhdx" | "vhd-fixed"
+            "vdi" | "vhd" | "vhdx" | "vhd-fixed" | oci_format_type
         }
         >> sch:pattern [ id = "format" is-a = "image_type"
             sch:param [ name = "attr" value = "format" ]
@@ -3090,14 +3091,30 @@ div {
             ]
         ]
     ]
+    sch:pattern [
+        abstract = "true"
+        id = "format_type"
+        sch:rule [
+            context = "containerconfig[@$attr]"
+            sch:assert [
+                test = "not(../@format) or starts-with(../@format, '$format')"
+                "containerconfig($attr) is only available for the following "~
+                "image @format values: $format"
+            ]
+        ]
+    ]
     k.containerconfig.name.attribute =
         ## Specifies a name for the container. This is usually the
         ## the repository name of the container as read if the container
         ## image is imported via the docker load command
         attribute name { text }
-        >> sch:pattern [ id = "name" is-a = "container_type"
+        >> sch:pattern [ id = "image_name" is-a = "container_type"
+            sch:param [ name = "attr" value = "name" ]
+            sch:param [ name = "types" value = "oem docker oci appx" ]
+        ]
+        >> sch:pattern [ id = "format_name" is-a = "format_type"
             sch:param [ name = "attr" value = "name" ]
-            sch:param [ name = "types" value = "docker oci appx" ]
+            sch:param [ name = "format" value = "oci" ]
         ]
     k.containerconfig.tag.attribute =
         ## Specifies a tag for the container. This is usually the
@@ -3106,7 +3123,7 @@ div {
         attribute tag { text }
         >> sch:pattern [ id = "tag" is-a = "container_type"
             sch:param [ name = "attr" value = "tag" ]
-            sch:param [ name = "types" value = "docker oci" ]
+            sch:param [ name = "types" value = "oem docker oci" ]
         ]
     k.containerconfig.additionalnames.attribute =
         ## Specifies additional names for the container using a comma
@@ -3117,28 +3134,28 @@ div {
         attribute additionalnames { text }
         >> sch:pattern [ id = "additionalnames" is-a = "container_type"
             sch:param [ name = "attr" value = "additionalnames" ]
-            sch:param [ name = "types" value = "docker oci" ]
+            sch:param [ name = "types" value = "oem docker oci" ]
         ]
     k.containerconfig.maintainer.attribute =
         ## Specifies a maintainer for the container.
         attribute maintainer { text }
         >> sch:pattern [ id = "maintainer" is-a = "container_type"
             sch:param [ name = "attr" value = "maintainer" ]
-            sch:param [ name = "types" value = "docker oci" ]
+            sch:param [ name = "types" value = "oem docker oci" ]
         ]
     k.containerconfig.user.attribute =
         ## Specifies a user for the container.
         attribute user { text }
         >> sch:pattern [ id = "user" is-a = "container_type"
             sch:param [ name = "attr" value = "user" ]
-            sch:param [ name = "types" value = "docker oci" ]
+            sch:param [ name = "types" value = "oem docker oci" ]
         ]
     k.containerconfig.workingdir.attribute =
         ## Specifies the default working directory of the container
         attribute workingdir { text }
         >> sch:pattern [ id = "workingdir" is-a = "container_type"
             sch:param [ name = "attr" value = "workingdir" ]
-            sch:param [ name = "types" value = "docker oci" ]
+            sch:param [ name = "types" value = "oem docker oci" ]
         ]
     k.containerconfig.attlist =
         k.containerconfig.name.attribute &
diff --git a/kiwi/schema/kiwi.rng b/kiwi/schema/kiwi.rng
index ebbf86544e3..d53b37e9fd4 100644
--- a/kiwi/schema/kiwi.rng
+++ b/kiwi/schema/kiwi.rng
@@ -116,6 +116,11 @@
       <param name="pattern">(file:|https:|http:|ftp:).*</param>
     </data>
   </define>
+  <define name="oci_format_type">
+    <data type="token">
+      <param name="pattern">oci:(gce:|ova:|qcow2:|vmdk:|vdi:|vhd:|vhdx:|vhd-fixed:|raw:).*</param>
+    </data>
+  </define>
   <!--
     ==========================================
     start with image description
@@ -2914,6 +2919,7 @@ a different set of live features.</a:documentation>
           <value>vhd</value>
           <value>vhdx</value>
           <value>vhd-fixed</value>
+          <ref name="oci_format_type"/>
         </choice>
       </attribute>
       <sch:pattern id="format" is-a="image_type">
@@ -4700,15 +4706,24 @@ and to provide configuration parameters for it</a:documentation>
         <sch:assert test="contains('$types', ../@image)">containerconfig($attr) is only available for the following image types: $types</sch:assert>
       </sch:rule>
     </sch:pattern>
+    <sch:pattern abstract="true" id="format_type">
+      <sch:rule context="containerconfig[@$attr]">
+        <sch:assert test="not(../@format) or starts-with(../@format, '$format')">containerconfig($attr) is only available for the following image @format values: $format</sch:assert>
+      </sch:rule>
+    </sch:pattern>
     <define name="k.containerconfig.name.attribute">
       <attribute name="name">
         <a:documentation>Specifies a name for the container. This is usually the
 the repository name of the container as read if the container
 image is imported via the docker load command</a:documentation>
       </attribute>
-      <sch:pattern id="name" is-a="container_type">
+      <sch:pattern id="image_name" is-a="container_type">
         <sch:param name="attr" value="name"/>
-        <sch:param name="types" value="docker oci appx"/>
+        <sch:param name="types" value="oem docker oci appx"/>
+      </sch:pattern>
+      <sch:pattern id="format_name" is-a="format_type">
+        <sch:param name="attr" value="name"/>
+        <sch:param name="format" value="oci"/>
       </sch:pattern>
     </define>
     <define name="k.containerconfig.tag.attribute">
@@ -4719,7 +4734,7 @@ image is imported via the docker load command</a:documentation>
       </attribute>
       <sch:pattern id="tag" is-a="container_type">
         <sch:param name="attr" value="tag"/>
-        <sch:param name="types" value="docker oci"/>
+        <sch:param name="types" value="oem docker oci"/>
       </sch:pattern>
     </define>
     <define name="k.containerconfig.additionalnames.attribute">
@@ -4732,7 +4747,7 @@ will be used to build a complete image referrence.</a:documentation>
       </attribute>
       <sch:pattern id="additionalnames" is-a="container_type">
         <sch:param name="attr" value="additionalnames"/>
-        <sch:param name="types" value="docker oci"/>
+        <sch:param name="types" value="oem docker oci"/>
       </sch:pattern>
     </define>
     <define name="k.containerconfig.maintainer.attribute">
@@ -4741,7 +4756,7 @@ will be used to build a complete image referrence.</a:documentation>
       </attribute>
       <sch:pattern id="maintainer" is-a="container_type">
         <sch:param name="attr" value="maintainer"/>
-        <sch:param name="types" value="docker oci"/>
+        <sch:param name="types" value="oem docker oci"/>
       </sch:pattern>
     </define>
     <define name="k.containerconfig.user.attribute">
@@ -4750,7 +4765,7 @@ will be used to build a complete image referrence.</a:documentation>
       </attribute>
       <sch:pattern id="user" is-a="container_type">
         <sch:param name="attr" value="user"/>
-        <sch:param name="types" value="docker oci"/>
+        <sch:param name="types" value="oem docker oci"/>
       </sch:pattern>
     </define>
     <define name="k.containerconfig.workingdir.attribute">
@@ -4759,7 +4774,7 @@ will be used to build a complete image referrence.</a:documentation>
       </attribute>
       <sch:pattern id="workingdir" is-a="container_type">
         <sch:param name="attr" value="workingdir"/>
-        <sch:param name="types" value="docker oci"/>
+        <sch:param name="types" value="oem docker oci"/>
       </sch:pattern>
     </define>
     <define name="k.containerconfig.attlist">
diff --git a/kiwi/storage/subformat/__init__.py b/kiwi/storage/subformat/__init__.py
index 75ca857c17b..6a942a30191 100644
--- a/kiwi/storage/subformat/__init__.py
+++ b/kiwi/storage/subformat/__init__.py
@@ -39,6 +39,7 @@ def new(
         name: str, xml_state: XMLState, root_dir: str, target_dir: str
     ) -> DiskFormatBase:
         name_map = {
+            'oci': 'Oci',
             'qcow2': 'Qcow2',
             'vdi': 'Vdi',
             'vhd': 'Vhd',
@@ -108,4 +109,13 @@ def _custom_args_for_format(name: str, xml_state: XMLState) -> Tuple[Dict, str]:
                 )
         elif name == 'raw':
             module_namespace = 'base'
+        elif name.startswith('oci:'):
+            module_namespace, base_format, base_container_uri = \
+                name.split(':', 2)
+            custom_args.update(
+                {
+                    'base_container_uri': base_container_uri,
+                    'base_format': base_format
+                }
+            )
         return custom_args, module_namespace
diff --git a/kiwi/storage/subformat/oci.py b/kiwi/storage/subformat/oci.py
new file mode 100644
index 00000000000..4c864841b25
--- /dev/null
+++ b/kiwi/storage/subformat/oci.py
@@ -0,0 +1,153 @@
+# Copyright (c) 2026 Marcus Schäfer.  All rights reserved.
+#
+# This file is part of kiwi.
+#
+# kiwi is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# kiwi is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with kiwi.  If not, see <http://www.gnu.org/licenses/>
+
+# project
+from kiwi.storage.subformat.base import DiskFormatBase
+from kiwi.utils.temporary import Temporary
+from kiwi.system.root_init import RootInit
+from kiwi.system.root_import import RootImport
+from kiwi.system.result import Result
+from kiwi.system.uri import Uri
+from kiwi.command import Command
+from kiwi.storage.subformat import DiskFormat
+from kiwi.defaults import Defaults
+from kiwi.runtime_config import RuntimeConfig
+from kiwi.exceptions import KiwiContainerBuilderError
+from kiwi.utils.checksum import Checksum
+from kiwi.container import ContainerImage
+
+
+class DiskFormatOci(DiskFormatBase):
+    """
+    **Create OCI container which includes the disk image**
+    """
+    def post_init(self, custom_args: dict) -> None:
+        """
+        oci disk format post initialization method
+
+        :param dict custom_args: unused
+        """
+        self.runtime_config = RuntimeConfig()
+        self.ensure_empty_tmpdirs = True
+        self.image_format: str = 'oci'
+        self.requested_container_type = 'docker'
+        self.container_config = self.xml_state.get_container_config()
+        self.base_container_uri = Uri(
+            custom_args.get(
+                'base_container_uri', 'no_base_container_uri_provided'
+            ),
+            repo_type='container'
+        )
+        self.base_format = custom_args.get(
+            'base_format', 'raw'
+        )
+        self.special_needs = ['appx', 'wsl']
+        self.filename = ''.join(
+            [
+                self.target_dir, '/',
+                self.xml_state.xml_data.get_name(),
+                '.' + Defaults.get_platform_name(),
+                '-' + self.xml_state.get_image_version(),
+                '.', self.requested_container_type,
+                '.tar' if self.requested_container_type not in
+                self.special_needs else ''
+            ]
+        )
+
+    def create_image_format(self) -> None:
+        """
+        Create oci container and store disk to it
+        """
+        # Import referenced base container
+        container_rootdir = Temporary(
+            prefix='kiwi_container_root.'
+        ).new_dir()
+        root = RootInit(
+            container_rootdir.name, allow_existing=True
+        )
+        root.create()
+        root_import = RootImport.new(
+            container_rootdir.name, [self.base_container_uri], self.image_format
+        )
+        root_import.sync_data()
+        # The base image(all derived imports) is expected to be unpacked
+        # by the kiwi prepare step and stored inside of the root_dir/image
+        # directory. In addition a sha256 file of the image is expected too
+        base_image = Defaults.get_imported_root_image(
+            container_rootdir.name
+        )
+        base_image_sha256 = ''.join([base_image, '.sha256'])
+
+        # Create disk format and copy this format or the raw
+        # disk to the imported container root dir.
+        if self.base_format != 'raw':
+            with DiskFormat.new(
+                self.base_format, self.xml_state,
+                self.root_dir, self.target_dir
+            ) as disk_format:
+                disk_format.create_image_format()
+                Command.run(
+                    [
+                        'cp',
+                        disk_format.get_target_file_path_for_format(
+                            self.base_format
+                        ),
+                        container_rootdir.name
+                    ]
+                )
+        else:
+            Command.run(
+                ['cp', self.diskname, container_rootdir.name]
+            )
+
+        # Rebuild the container with changed content
+        checksum = Checksum(base_image)
+        if not checksum.matches(checksum.sha256(), base_image_sha256):
+            raise KiwiContainerBuilderError(
+                f'base image file {base_image} checksum validation failed'
+            )
+        container_image = ContainerImage.new(
+            self.requested_container_type,
+            container_rootdir.name,
+            self.container_config
+        )
+        self.filename = container_image.create(
+            self.filename, base_image or '', self.ensure_empty_tmpdirs,
+            self.runtime_config.get_container_compression()
+            # appx containers already contains a compressed root
+            # wsl containers recommends gzip and we default to it
+            if self.requested_container_type not in
+            self.special_needs else False
+        )
+
+    def store_to_result(self, result: Result) -> None:
+        """
+        Store result file of the format conversion into the
+        provided result instance.
+
+        In case of a oci format we store the result uncompressed
+        Since the created container is already compressed
+
+        :param object result: Instance of Result
+        """
+        result.add(
+            key='disk_format_image',
+            filename=self.filename,
+            use_for_bundle=True,
+            compress=False,
+            shasum=True
+        )
diff --git a/test/unit/storage/subformat/init_test.py b/test/unit/storage/subformat/init_test.py
index 385652c76a7..b0768a5bea6 100644
--- a/test/unit/storage/subformat/init_test.py
+++ b/test/unit/storage/subformat/init_test.py
@@ -114,6 +114,22 @@ def test_disk_format_ova(self, mock_ova):
             {'adapter_type=controller': None, 'subformat=disk-mode': None}
         )
 
+    @patch('kiwi.storage.subformat.oci.DiskFormatOci')
+    def test_disk_format_oci(self, mock_oci):
+        DiskFormat.new(
+            'oci:raw:docker-archive:/home/ms/alpine.tar',
+            self.xml_state,
+            'root_dir',
+            'target_dir'
+        )
+        mock_oci.assert_called_once_with(
+            self.xml_state, 'root_dir', 'target_dir',
+            {
+                'base_container_uri': 'docker-archive:/home/ms/alpine.tar',
+                'base_format': 'raw'
+            }
+        )
+
     @patch('kiwi.storage.subformat.vagrant_virtualbox.DiskFormatVagrantVirtualBox')
     @patch('kiwi.storage.subformat.vagrant_libvirt.DiskFormatVagrantLibVirt')
     def test_disk_format_vagrant_libvirt(
diff --git a/test/unit/storage/subformat/oci_test.py b/test/unit/storage/subformat/oci_test.py
new file mode 100644
index 00000000000..2efeeac84ec
--- /dev/null
+++ b/test/unit/storage/subformat/oci_test.py
@@ -0,0 +1,135 @@
+from pytest import raises
+from unittest.mock import (
+    patch, Mock
+)
+
+import kiwi
+
+from kiwi.defaults import Defaults
+from kiwi.storage.subformat.oci import DiskFormatOci
+from kiwi.exceptions import KiwiContainerBuilderError
+from kiwi.system.uri import Uri
+
+
+class TestDiskFormatOci:
+    def setup(self):
+        Defaults.set_platform_name('x86_64')
+        xml_data = Mock()
+        xml_data.get_name = Mock(
+            return_value='some-disk-image'
+        )
+        self.xml_state = Mock()
+        self.xml_state.xml_data = xml_data
+        self.xml_state.get_image_version = Mock(
+            return_value='1.2.3'
+        )
+        self.runtime_config = Mock()
+        kiwi.storage.subformat.base.RuntimeConfig = Mock(
+            return_value=self.runtime_config
+        )
+        self.disk_format = DiskFormatOci(
+            self.xml_state, 'root_dir', 'target_dir'
+        )
+        self.uri = Uri(
+            'docker-archive:/home/ms/alpine.tar', repo_type='container'
+        )
+        self.disk_format.base_container_uri = self.uri
+        self.disk_format.base_format = 'raw'
+
+    def setup_method(self, cls):
+        self.setup()
+
+    @patch('kiwi.storage.subformat.oci.Uri')
+    def test_post_init(self, mock_Uri):
+        self.disk_format.post_init(
+            {
+                'base_container_uri': 'some',
+                'base_format': 'raw'
+            }
+        )
+        assert self.disk_format.base_container_uri == mock_Uri.return_value
+        assert self.disk_format.base_format == 'raw'
+
+    @patch('kiwi.storage.subformat.oci.Command.run')
+    @patch('kiwi.storage.subformat.oci.Temporary.new_dir')
+    @patch('kiwi.storage.subformat.oci.RootImport')
+    @patch('kiwi.storage.subformat.oci.Defaults')
+    @patch('kiwi.storage.subformat.oci.Checksum')
+    @patch('kiwi.storage.subformat.oci.ContainerImage')
+    @patch('kiwi.storage.subformat.oci.RootInit')
+    @patch('kiwi.storage.subformat.oci.DiskFormat')
+    def test_create_image_format(
+        self,
+        mock_DiskFormat,
+        mock_RootInit,
+        mock_ContainerImage,
+        mock_Checksum,
+        mock_Defaults,
+        mock_RootImport,
+        mock_Temporary_new_dir,
+        mock_Command_run
+    ):
+        mock_Defaults.get_imported_root_image.return_value \
+            = 'some-base'
+        tmpdir = Mock()
+        tmpdir.name = 'tmpdir'
+        mock_Temporary_new_dir.return_value = tmpdir
+
+        # test raw format
+        self.disk_format.create_image_format()
+
+        mock_RootInit.assert_called_once_with(
+            'tmpdir', allow_existing=True
+        )
+        mock_RootInit.return_value.create.assert_called_once_with()
+        mock_RootImport.new.assert_called_once_with(
+            'tmpdir', [self.uri], 'oci'
+        )
+        mock_RootImport.new.return_value.sync_data.assert_called_once_with()
+        mock_Command_run.assert_called_once_with(
+            ['cp', 'target_dir/some-disk-image.x86_64-1.2.3.raw', 'tmpdir']
+        )
+        mock_Checksum.return_value.matches.assert_called_once_with(
+            mock_Checksum.return_value.sha256.return_value, 'some-base.sha256'
+        )
+        mock_ContainerImage.new.assert_called_once_with(
+            'docker', 'tmpdir', self.xml_state.get_container_config.return_value
+        )
+        mock_ContainerImage.new.return_value.create.assert_called_once_with(
+            'target_dir/some-disk-image.x86_64-1.2.3.docker.tar',
+            'some-base', True, True
+        )
+
+        # test qcow2 format
+        mock_Command_run.reset_mock()
+        self.disk_format.base_format = 'qcow2'
+        self.disk_format.create_image_format()
+        mock_DiskFormat.new.assert_called_once_with(
+            'qcow2', self.xml_state, 'root_dir', 'target_dir'
+        )
+        disk_format = mock_DiskFormat.new.return_value.__enter__.return_value
+        disk_format.create_image_format.assert_called_once_with()
+        mock_Command_run.assert_called_once_with(
+            [
+                'cp',
+                disk_format.get_target_file_path_for_format.return_value,
+                'tmpdir'
+            ]
+        )
+
+        # test checksum failed for base container
+        mock_Checksum.return_value.matches.reset_mock()
+        mock_Checksum.return_value.matches.return_value = False
+        with raises(KiwiContainerBuilderError):
+            self.disk_format.create_image_format()
+
+    def test_store_to_result(self):
+        result = Mock()
+        self.disk_format.store_to_result(result)
+        result.add.assert_called_once_with(
+            compress=False,
+            filename='target_dir/some-disk-image.x86_64-1.2.3.docker.tar',
+            key='disk_format_image',
+            shasum=True,
+            use_for_bundle=True
+        )