Merge pull request #148341 from hercules-ci/add-dockerTools-customization-layer-dependencies
dockerTools: Add store dependencies of the customization layer
This commit is contained in:
commit
66c19d856b
3 changed files with 26 additions and 6 deletions
|
@ -276,15 +276,22 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
# Ensure the image has the correct number of layers
|
||||
assert len(set_of_layers("layered-bulk-layer")) == 4
|
||||
|
||||
with subtest("Ensure correct behavior when no store is needed"):
|
||||
with subtest("Ensure only minimal paths are added to the store"):
|
||||
# TODO: make an example that has no store paths, for example by making
|
||||
# busybox non-self-referential.
|
||||
|
||||
# This check tests that buildLayeredImage can build images that don't need a store.
|
||||
docker.succeed(
|
||||
"docker load --input='${pkgs.dockerTools.examples.no-store-paths}'"
|
||||
)
|
||||
|
||||
# This check may be loosened to allow an *empty* store rather than *no* store.
|
||||
docker.succeed("docker run --rm no-store-paths ls /")
|
||||
docker.fail("docker run --rm no-store-paths ls /nix/store")
|
||||
docker.succeed("docker run --rm no-store-paths ls / >/dev/console")
|
||||
|
||||
# If busybox isn't self-referential, we need this line
|
||||
# docker.fail("docker run --rm no-store-paths ls /nix/store >/dev/console")
|
||||
# However, it currently is self-referential, so we check that it is the
|
||||
# only store path.
|
||||
docker.succeed("diff <(docker run --rm no-store-paths ls /nix/store) <(basename ${pkgs.pkgsStatic.busybox}) >/dev/console")
|
||||
|
||||
with subtest("Ensure buildLayeredImage does not change store path contents."):
|
||||
docker.succeed(
|
||||
|
@ -379,6 +386,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
"docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'"
|
||||
)
|
||||
|
||||
with subtest("The image contains store paths referenced by the fakeRootCommands output"):
|
||||
docker.succeed(
|
||||
"docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} /hello/bin/layeredImageWithFakeRootCommands-hello"
|
||||
)
|
||||
|
||||
with subtest("exportImage produces a valid tarball"):
|
||||
docker.succeed(
|
||||
"tar -tf ${examples.exportBash} | grep '\./bin/bash' > /dev/null"
|
||||
|
|
|
@ -867,13 +867,13 @@ rec {
|
|||
};
|
||||
|
||||
closureRoots = lib.optionals includeStorePaths /* normally true */ (
|
||||
[ baseJson ] ++ contentsList
|
||||
[ baseJson customisationLayer ]
|
||||
);
|
||||
overallClosure = writeText "closure" (lib.concatStringsSep " " closureRoots);
|
||||
|
||||
# These derivations are only created as implementation details of docker-tools,
|
||||
# so they'll be excluded from the created images.
|
||||
unnecessaryDrvs = [ baseJson overallClosure ];
|
||||
unnecessaryDrvs = [ baseJson overallClosure customisationLayer ];
|
||||
|
||||
conf = runCommand "${baseName}-conf.json"
|
||||
{
|
||||
|
|
|
@ -350,6 +350,9 @@ rec {
|
|||
# This removes sharing of busybox and is not recommended. We do this
|
||||
# to make the example suitable as a test case with working binaries.
|
||||
cp -r ${pkgs.pkgsStatic.busybox}/* .
|
||||
|
||||
# This is a "build" dependency that will not appear in the image
|
||||
${pkgs.hello}/bin/hello
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -504,6 +507,11 @@ rec {
|
|||
fakeRootCommands = ''
|
||||
mkdir -p ./home/jane
|
||||
chown 1000 ./home/jane
|
||||
ln -s ${pkgs.hello.overrideAttrs (o: {
|
||||
# A unique `hello` to make sure that it isn't included via another mechanism by accident.
|
||||
configureFlags = o.configureFlags or "" + " --program-prefix=layeredImageWithFakeRootCommands-";
|
||||
doCheck = false;
|
||||
})} ./hello
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue