From a1cf24939404560acaac6555ae55942ae4163b9f Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Mon, 7 Nov 2022 19:37:34 +0100 Subject: [PATCH] dockerTools.buildNixShellImage: Chown nix directories To the user running the docker image. If a Nix binary is available in the resulting derivation, this then behaves like a single-user Nix installation, except that already-written /nix/store paths can't be changed. Most notably it makes Nix work not have to rely on a chroot store in the image --- pkgs/build-support/docker/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 9e35ffc1bced..1a28cf8970c3 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -1178,9 +1178,12 @@ rec { ]; fakeRootCommands = '' - # Allows any user to create new directories in the Nix store (for the build result) - mkdir -p .${storeDir} - chmod a+w+t .${storeDir} + # Effectively a single-user installation of Nix, giving the user full + # control over the Nix store. Needed for building the derivation this + # shell is for, but also in case one wants to use Nix inside the + # image + mkdir -p ./nix/{store,var/nix} ./etc/nix + chown -R ${toString uid}:${toString gid} ./nix ./etc/nix # Gives the user control over the build directory mkdir -p .${sandboxBuildDir}