dockerTools.buildNixShellImage: Chown nix directories

To the user running the docker image. If a Nix binary is available in
the resulting derivation, this then behaves like a single-user Nix
installation, except that already-written /nix/store paths can't be
changed. Most notably it makes Nix work not have to rely on a chroot
store in the image
This commit is contained in:
Silvan Mosberger 2022-11-07 19:37:34 +01:00
parent c36f929dee
commit a1cf249394

View file

@ -1178,9 +1178,12 @@ rec {
];
fakeRootCommands = ''
# Allows any user to create new directories in the Nix store (for the build result)
mkdir -p .${storeDir}
chmod a+w+t .${storeDir}
# Effectively a single-user installation of Nix, giving the user full
# control over the Nix store. Needed for building the derivation this
# shell is for, but also in case one wants to use Nix inside the
# image
mkdir -p ./nix/{store,var/nix} ./etc/nix
chown -R ${toString uid}:${toString gid} ./nix ./etc/nix
# Gives the user control over the build directory
mkdir -p .${sandboxBuildDir}