Merge pull request #271976 from r-k-b/fix-dockerTools-includeStorePaths
nixos/dockerTools: fix includeStorePaths when enableFakechroot
This commit is contained in:
commit
dcf985388c
3 changed files with 30 additions and 0 deletions
|
@ -71,14 +71,29 @@ in {
|
||||||
docker.succeed("${examples.helloOnRoot} | docker load")
|
docker.succeed("${examples.helloOnRoot} | docker load")
|
||||||
docker.succeed("docker run --rm hello | grep -i hello")
|
docker.succeed("docker run --rm hello | grep -i hello")
|
||||||
docker.succeed("docker image rm hello:latest")
|
docker.succeed("docker image rm hello:latest")
|
||||||
|
|
||||||
with subtest("includeStorePath = false; breaks example"):
|
with subtest("includeStorePath = false; breaks example"):
|
||||||
docker.succeed("${examples.helloOnRootNoStore} | docker load")
|
docker.succeed("${examples.helloOnRootNoStore} | docker load")
|
||||||
docker.fail("docker run --rm hello | grep -i hello")
|
docker.fail("docker run --rm hello | grep -i hello")
|
||||||
docker.succeed("docker image rm hello:latest")
|
docker.succeed("docker image rm hello:latest")
|
||||||
|
with subtest("includeStorePath = false; breaks example (fakechroot)"):
|
||||||
|
docker.succeed("${examples.helloOnRootNoStoreFakechroot} | docker load")
|
||||||
|
docker.fail("docker run --rm hello | grep -i hello")
|
||||||
|
docker.succeed("docker image rm hello:latest")
|
||||||
|
|
||||||
|
with subtest("Ensure ZERO paths are added to the store"):
|
||||||
|
docker.fail("${examples.helloOnRootNoStore} | ${pkgs.crane}/bin/crane export - - | tar t | grep 'nix/store/'")
|
||||||
|
with subtest("Ensure ZERO paths are added to the store (fakechroot)"):
|
||||||
|
docker.fail("${examples.helloOnRootNoStoreFakechroot} | ${pkgs.crane}/bin/crane export - - | tar t | grep 'nix/store/'")
|
||||||
|
|
||||||
with subtest("includeStorePath = false; works with mounted store"):
|
with subtest("includeStorePath = false; works with mounted store"):
|
||||||
docker.succeed("${examples.helloOnRootNoStore} | docker load")
|
docker.succeed("${examples.helloOnRootNoStore} | docker load")
|
||||||
docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
|
docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
|
||||||
docker.succeed("docker image rm hello:latest")
|
docker.succeed("docker image rm hello:latest")
|
||||||
|
with subtest("includeStorePath = false; works with mounted store (fakechroot)"):
|
||||||
|
docker.succeed("${examples.helloOnRootNoStoreFakechroot} | docker load")
|
||||||
|
docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
|
||||||
|
docker.succeed("docker image rm hello:latest")
|
||||||
|
|
||||||
with subtest("Ensure Docker images use a stable date by default"):
|
with subtest("Ensure Docker images use a stable date by default"):
|
||||||
docker.succeed(
|
docker.succeed(
|
||||||
|
|
|
@ -923,6 +923,7 @@ rec {
|
||||||
--sort name \
|
--sort name \
|
||||||
--exclude=./proc \
|
--exclude=./proc \
|
||||||
--exclude=./sys \
|
--exclude=./sys \
|
||||||
|
--exclude=.${builtins.storeDir} \
|
||||||
--numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
|
--numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
|
||||||
--hard-dereference \
|
--hard-dereference \
|
||||||
-cf $out/layer.tar .
|
-cf $out/layer.tar .
|
||||||
|
|
|
@ -639,6 +639,20 @@ rec {
|
||||||
includeStorePaths = false;
|
includeStorePaths = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
helloOnRootNoStoreFakechroot = pkgs.dockerTools.streamLayeredImage {
|
||||||
|
name = "hello";
|
||||||
|
tag = "latest";
|
||||||
|
contents = [
|
||||||
|
(pkgs.buildEnv {
|
||||||
|
name = "hello-root";
|
||||||
|
paths = [ pkgs.hello ];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
config.Cmd = [ "hello" ];
|
||||||
|
includeStorePaths = false;
|
||||||
|
enableFakechroot = true;
|
||||||
|
};
|
||||||
|
|
||||||
etc =
|
etc =
|
||||||
let
|
let
|
||||||
inherit (pkgs) lib;
|
inherit (pkgs) lib;
|
||||||
|
|
Loading…
Reference in a new issue