Merge pull request #271976 from r-k-b/fix-dockerTools-includeStorePaths

nixos/dockerTools: fix includeStorePaths when enableFakechroot
This commit is contained in:
Robert Hensing 2024-02-14 23:38:44 +01:00 committed by GitHub
commit dcf985388c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 30 additions and 0 deletions

View file

@ -71,14 +71,29 @@ in {
docker.succeed("${examples.helloOnRoot} | docker load") docker.succeed("${examples.helloOnRoot} | docker load")
docker.succeed("docker run --rm hello | grep -i hello") docker.succeed("docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest") docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; breaks example"): with subtest("includeStorePath = false; breaks example"):
docker.succeed("${examples.helloOnRootNoStore} | docker load") docker.succeed("${examples.helloOnRootNoStore} | docker load")
docker.fail("docker run --rm hello | grep -i hello") docker.fail("docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest") docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; breaks example (fakechroot)"):
docker.succeed("${examples.helloOnRootNoStoreFakechroot} | docker load")
docker.fail("docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("Ensure ZERO paths are added to the store"):
docker.fail("${examples.helloOnRootNoStore} | ${pkgs.crane}/bin/crane export - - | tar t | grep 'nix/store/'")
with subtest("Ensure ZERO paths are added to the store (fakechroot)"):
docker.fail("${examples.helloOnRootNoStoreFakechroot} | ${pkgs.crane}/bin/crane export - - | tar t | grep 'nix/store/'")
with subtest("includeStorePath = false; works with mounted store"): with subtest("includeStorePath = false; works with mounted store"):
docker.succeed("${examples.helloOnRootNoStore} | docker load") docker.succeed("${examples.helloOnRootNoStore} | docker load")
docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello") docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
docker.succeed("docker image rm hello:latest") docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; works with mounted store (fakechroot)"):
docker.succeed("${examples.helloOnRootNoStoreFakechroot} | docker load")
docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("Ensure Docker images use a stable date by default"): with subtest("Ensure Docker images use a stable date by default"):
docker.succeed( docker.succeed(

View file

@ -923,6 +923,7 @@ rec {
--sort name \ --sort name \
--exclude=./proc \ --exclude=./proc \
--exclude=./sys \ --exclude=./sys \
--exclude=.${builtins.storeDir} \
--numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
--hard-dereference \ --hard-dereference \
-cf $out/layer.tar . -cf $out/layer.tar .

View file

@ -639,6 +639,20 @@ rec {
includeStorePaths = false; includeStorePaths = false;
}; };
helloOnRootNoStoreFakechroot = pkgs.dockerTools.streamLayeredImage {
name = "hello";
tag = "latest";
contents = [
(pkgs.buildEnv {
name = "hello-root";
paths = [ pkgs.hello ];
})
];
config.Cmd = [ "hello" ];
includeStorePaths = false;
enableFakechroot = true;
};
etc = etc =
let let
inherit (pkgs) lib; inherit (pkgs) lib;