dockerTools: Verify nix-store contents on buildLayeredImage test

2020-07-06 16:59:58 +12:00 · 2020-07-06 16:59:58 +12:00 · 06db331922
parent 2ae2186dfd
commit 06db331922
2 changed files with 16 additions and 6 deletions
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -179,10 +179,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
        docker.succeed("docker run --rm no-store-paths ls /")
        docker.fail("docker run --rm no-store-paths ls /nix/store")

-    with subtest("Ensure buildLayeredImage supports files directly under /nix/store"):
+    with subtest("Ensure buildLayeredImage does not change store path contents."):
        docker.succeed(
            "docker load --input='${pkgs.dockerTools.examples.filesInStore}'",
-            "docker run file-in-store |& grep 'some data'",
+            "docker run --rm file-in-store nix-store --verify --check-contents",
+            "docker run --rm file-in-store |& grep 'some data'",
        )
  '';
 })
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -337,12 +337,21 @@ rec {

  # 19. Support files in the store on buildLayeredImage
  # See: https://github.com/NixOS/nixpkgs/pull/91084#issuecomment-653496223
-  filesInStore = pkgs.dockerTools.buildLayeredImage {
+  filesInStore = pkgs.dockerTools.buildLayeredImageWithNixDb {
    name = "file-in-store";
    tag = "latest";
-    config.Cmd = [
-      "${pkgs.coreutils}/bin/cat"
-      (pkgs.writeText "somefile" "some data")
+    contents = [
+      pkgs.coreutils
+      pkgs.nix
+      (pkgs.writeScriptBin "myscript" ''
+        #!${pkgs.runtimeShell}
+        cat ${pkgs.writeText "somefile" "some data"}
+      '')
    ];
+    config = {
+      Cmd = [ "myscript" ];
+      # For some reason 'nix-store --verify' requires this environment variable
+      Env = [ "USER=root" ];
+    };
  };
 }