3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/build-support
aszlig 42a0b11450
dockerTools.pullImage: Fix build with sandboxing
Regression introduced in 736848723e.

This commit most certainly hasn't been tested with sandboxing enabled
and breaks not only pullImage but also the docker-tools NixOS VM test
because it doesn't find it's certificate path and also relies on
/var/tmp being there.

Fixing the certificate path is the easiest one because it can be done
via environment variable.

I've used overrideAttrs for changing the hardcoded path to /tmp (which
is available in sandboxed builds and even hardcoded in Nix), so that
whenever someone uses Skopeo from all-packages.nix the path is still
/var/tmp.

The reason why this is hardcoded to /var/tmp can be seen in a comment in
vendor/github.com/containers/image/storage/storage_image.go:

  Do not use the system default of os.TempDir(), usually /tmp, because
  with systemd it could be a tmpfs.

With sandboxed builds this isn't the case, however for using Nix without
NixOS this could turn into a problem if this indeed is the case.

So in the long term this needs to have a proper solution.

In addition to that, I cleaned up the expression a bit.

Tested by building dockerTools.examples.nixFromDockerHub and the
docker-tools NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @nlewo, @Mic92, @Profpatsch, @globin, @LnL7
2018-05-06 04:57:24 +02:00
..
agda
bintools-wrapper treewide: isArm -> isAarch32 2018-04-25 15:28:55 -04:00
build-bazel-package buildBazelPackage: init 2018-02-20 20:39:49 +03:00
build-dotnet-package treewide: Manual fix more pkg-config build-inputs 2017-09-21 15:49:54 -04:00
build-fhs-userenv buildFHSUserEnv: change to root directory after chroot 2018-04-28 14:51:07 +01:00
build-setupcfg Revert "buildSetupcfg: Include unzip for zip sources." 2018-04-14 20:12:22 -04:00
buildenv Merge pull request #27780 from tilpner/overridable-buildenv 2017-09-14 17:26:33 +02:00
cc-wrapper Revert "Merge pull request #28029 from cstrahan/hardening-fix" 2018-04-10 19:07:27 -05:00
docker dockerTools.pullImage: Fix build with sandboxing 2018-05-06 04:57:24 +02:00
dotnetbuildhelpers
dotnetenv
emacs nix-buffer: make eshell-path-env be inherited 2018-02-15 17:30:59 -06:00
expand-response-params expand-response-params: Build more normally 2017-08-25 15:10:02 -04:00
fetchbower Merge remote-tracking branch 'upstream/master' into staging 2018-01-14 21:18:27 +02:00
fetchbzr treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchcvs bsd: init netbsd & openbsd userland 2018-04-24 14:16:35 -05:00
fetchdarcs Merge remote-tracking branch 'upstream/master' into staging 2018-01-14 21:18:27 +02:00
fetchdocker docker: init fetchdocker nix code for docker2nix 2017-12-01 21:00:52 -06:00
fetchegg treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchfossil treewide: Fixed output fetch* derivations should use nativeBuildInputs 2018-01-09 20:14:46 -05:00
fetchgit nix-prefetch-git: fix handling of submodules with spaces 2018-05-04 23:16:51 +08:00
fetchgitlocal
fetchgx Merge remote-tracking branch 'upstream/master' into staging 2018-01-14 21:18:27 +02:00
fetchhg treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchipfs treewide: Fixed output fetch* derivations should use nativeBuildInputs 2018-01-09 20:14:46 -05:00
fetchmavenartifact
fetchmtn treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchnuget treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchpatch fetchpatch: Add support for an arbitrary extra prefix 2018-01-18 12:19:49 -05:00
fetchrepoproject treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchs3 fetchs3: allow to name the derivation output (#39823) 2018-05-03 11:08:25 +01:00
fetchsvn treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchsvnrevision
fetchsvnssh treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
fetchurl fetchurl: remove broken samba mirror 2018-03-13 17:15:33 +01:00
fetchzip fetchzip and friends: Set "name" to "source" by default 2017-10-30 17:17:07 +01:00
icon-conv-tools
kernel kernel: Fix running kernels *with* modules 2018-04-12 15:43:53 +02:00
libredirect libredirect: add description 2017-12-14 19:03:35 +00:00
make-desktopitem
make-startupitem make-autostartitem: Use the right path for storing the desktop files 2017-07-06 00:44:41 +02:00
make-symlinks
mkshell mkShell: add builder (#30975) 2017-12-20 23:42:07 +00:00
mono-dll-fixer
nuke-references
ocaml
release debBuild: install all packages at once to avoid dependency management 2018-02-19 16:07:40 +03:00
remove-references-to Add removeReferencesTo for removing specific refs 2017-03-09 12:01:55 +00:00
rust disable parallel rustc (-C codegen-units=1) 2018-04-16 16:16:28 +02:00
setup-hooks Merge pull request #34611 from peterhoeg/p/descent 2018-02-12 22:31:41 +08:00
singularity-tools singularity: 2.4 -> 2.4.2 2018-03-12 15:13:31 +11:00
src-only
substitute
substitute-files
templaterpm
upstream-updater
vm runInLinuxVM: fix ext4 and crc32c-intel interactions 2018-05-03 20:08:48 -03:00
vsenv
build-maven.nix
build-pecl.nix Revert "fix phpPackages memcache,memcached,xdebug" 2017-12-10 12:12:43 +01:00
closure-info.nix Cleanup 2018-02-27 19:59:26 +01:00
dhall-to-nix.nix Add a pkgs.dhallToNix utility 2017-01-26 20:11:49 -08:00
plugins.nix Ultrastar (#26524) 2017-06-14 11:29:31 +02:00
replace-dependency.nix
setup-systemd-units.nix Add setupSystemdUnits function. 2017-03-24 15:47:51 -04:00
source-from-head-fun.nix
trivial-builders.nix requireFile: exit with non-zero error message 2018-04-15 13:58:05 +01:00