dockerTools.pullImage: use skopeo to pull the image

Before this patch, a VM was used to spawn docker that pulled the VM. Now, the tool Skopeo does this job well so we can simplify our dockerTools since we doesn't need Docker anymore:) This also fixe the regression described in https://github.com/NixOS/nixpkgs/issues/29271 : cntlm proxy doesn't work in 17.09 while it worked in 17.03. Note Skopeo doesn't produce the same output than docker pull so, we have to update sha.
2024-11-22 13:41:26 +00:00 · 2017-09-13 09:44:07 +02:00 · 2017-09-13 09:44:07 +02:00 · 01174c5f4d
parent 43b6116d7f
commit 01174c5f4d
3 changed files with 15 additions and 34 deletions
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@ -30,7 +30,20 @@ rec {
    inherit pkgs buildImage pullImage shadowSetup;
  };

-  pullImage = callPackage ./pull.nix {};
+  pullImage =
+    let
+      nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;
+    in
+      # For simplicity we only support sha256.
+      { imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"
+      , sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:
+      runCommand name {
+        impureEnvVars=pkgs.stdenv.lib.fetchers.proxyImpureEnvVars;
+        outputHashMode="flat";
+        outputHashAlgo="sha256";
+        outputHash=sha256;
+      }
+      "${pkgs.skopeo}/bin/skopeo copy docker://${imageId} docker-archive://$out:${imageId}";

  # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash.
  # And we cannot untar it, because then we cannot preserve permissions ecc.
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -87,7 +87,7 @@ rec {
    imageName = "nixos/nix";
    imageTag = "1.11";
    # this hash will need change if the tag is updated at docker hub
-    sha256 = "1gk4bq05vl3rj3mh4mlbl4iicgndmimlv8jvkhdk4hrv0r44bwr3";
+    sha256 = "18xvcnl0yvj9kfi5bkimrhhjaa8xhm3jhshh2xd7c0sbfrmfqzvi";
  };

  # 5. example of multiple contents, emacs and vi happily coexisting
--- a/pkgs/build-support/docker/pull.nix
+++ b/pkgs/build-support/docker/pull.nix
@ -1,32 +0,0 @@
-{ stdenv, lib, docker, vmTools, utillinux, curl, kmod, dhcp, cacert, e2fsprogs }:
-let
-  nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;
-in
-# For simplicity we only support sha256.
-{ imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"
-, sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:
-let
-  pullImage = vmTools.runInLinuxVM (
-    stdenv.mkDerivation {
-      inherit name imageId;
-
-      certs = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
-      builder = ./pull.sh;
-
-      buildInputs = [ curl utillinux docker kmod dhcp cacert e2fsprogs ];
-
-      outputHashAlgo = "sha256";
-      outputHash = sha256;
-
-      impureEnvVars = lib.fetchers.proxyImpureEnvVars;
-
-      preVM = vmTools.createEmptyImage {
-        size = 2048;
-        fullName = "${name}-disk";
-      };
-
-      QEMU_OPTS = "-netdev user,id=net0 -device virtio-net-pci,netdev=net0";
-    });
-in
-  pullImage