3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/build-support
aszlig 42a0b11450
dockerTools.pullImage: Fix build with sandboxing
Regression introduced in 736848723e.

This commit most certainly hasn't been tested with sandboxing enabled
and breaks not only pullImage but also the docker-tools NixOS VM test
because it doesn't find it's certificate path and also relies on
/var/tmp being there.

Fixing the certificate path is the easiest one because it can be done
via environment variable.

I've used overrideAttrs for changing the hardcoded path to /tmp (which
is available in sandboxed builds and even hardcoded in Nix), so that
whenever someone uses Skopeo from all-packages.nix the path is still
/var/tmp.

The reason why this is hardcoded to /var/tmp can be seen in a comment in
vendor/github.com/containers/image/storage/storage_image.go:

  Do not use the system default of os.TempDir(), usually /tmp, because
  with systemd it could be a tmpfs.

With sandboxed builds this isn't the case, however for using Nix without
NixOS this could turn into a problem if this indeed is the case.

So in the long term this needs to have a proper solution.

In addition to that, I cleaned up the expression a bit.

Tested by building dockerTools.examples.nixFromDockerHub and the
docker-tools NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @nlewo, @Mic92, @Profpatsch, @globin, @LnL7
2018-05-06 04:57:24 +02:00
..
agda
bintools-wrapper treewide: isArm -> isAarch32 2018-04-25 15:28:55 -04:00
build-bazel-package
build-dotnet-package
build-fhs-userenv buildFHSUserEnv: change to root directory after chroot 2018-04-28 14:51:07 +01:00
build-setupcfg Revert "buildSetupcfg: Include unzip for zip sources." 2018-04-14 20:12:22 -04:00
buildenv
cc-wrapper Revert "Merge pull request #28029 from cstrahan/hardening-fix" 2018-04-10 19:07:27 -05:00
docker dockerTools.pullImage: Fix build with sandboxing 2018-05-06 04:57:24 +02:00
dotnetbuildhelpers
dotnetenv
emacs
expand-response-params
fetchbower
fetchbzr
fetchcvs bsd: init netbsd & openbsd userland 2018-04-24 14:16:35 -05:00
fetchdarcs
fetchdocker
fetchegg
fetchfossil
fetchgit nix-prefetch-git: fix handling of submodules with spaces 2018-05-04 23:16:51 +08:00
fetchgitlocal
fetchgx
fetchhg
fetchipfs
fetchmavenartifact
fetchmtn
fetchnuget
fetchpatch
fetchrepoproject
fetchs3 fetchs3: allow to name the derivation output (#39823) 2018-05-03 11:08:25 +01:00
fetchsvn
fetchsvnrevision
fetchsvnssh
fetchurl
fetchzip
icon-conv-tools
kernel kernel: Fix running kernels *with* modules 2018-04-12 15:43:53 +02:00
libredirect
make-desktopitem
make-startupitem
make-symlinks
mkshell
mono-dll-fixer
nuke-references
ocaml
release
remove-references-to
rust disable parallel rustc (-C codegen-units=1) 2018-04-16 16:16:28 +02:00
setup-hooks
singularity-tools
src-only
substitute
substitute-files
templaterpm
upstream-updater
vm runInLinuxVM: fix ext4 and crc32c-intel interactions 2018-05-03 20:08:48 -03:00
vsenv
build-maven.nix
build-pecl.nix
closure-info.nix
dhall-to-nix.nix
plugins.nix
replace-dependency.nix
setup-systemd-units.nix
source-from-head-fun.nix
trivial-builders.nix requireFile: exit with non-zero error message 2018-04-15 13:58:05 +01:00