1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-22 14:45:27 +00:00
Commit graph

307 commits

Author SHA1 Message Date
Robert Hensing c740c98fc1
Merge pull request #292760 from PigeonF/dockertools-build-layered-compressor
dockerTools: Fix changing compression method for `buildLayeredImage`
2024-04-08 09:24:18 +02:00
Ryan Lahfa a199cd1dbd
Merge pull request #297496 from abryko/docker-tag-discard-closure
dockerTools: discard closure reference in imageTag
2024-03-27 09:29:53 -07:00
Pol Dellaiera 6522a75f90
Merge pull request #298239 from cdepillabout/layered-img-passthru
dockerTools: add streamed image as passthru to buildLayeredImage
2024-03-23 22:13:18 +01:00
Dennis Gosnell 2e91dc65e4 dockerTools: add streamed image as passthru to buildLayeredImage
This is convenient for debugging the underlying streamed image used by
`dockerTools.buildLayeredImage`.

Here's an example of how you might use this:

```console
$ nix repl ./.
nix-repl> dockerTools.examples.nginx.passthru.stream
«derivation /nix/store/9zczmlp2kraszx4ssmh6fawnlnsa5a4n-stream-nginx-container.drv»
```
2024-03-23 10:33:22 +09:00
Xavier Maillard bc40f51d1a
dockerTools: discard closure reference in imageTag 2024-03-20 17:54:09 +01:00
Someone 63709965b7
Merge pull request #178717 from ShamrockLee/write-multiple-references
trivial-builders: replace writeReferencesToFile with writeClosure
2024-03-19 08:57:20 +00:00
stuebinm ff1a94e523 treewide: add meta.mainProgram to packages with a single binary
The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
2024-03-19 03:14:51 +01:00
Yueh-Shun Li 67ec1a7d7b dockerTools.buildImage: writeReferencesToFile -> writeClosure 2024-03-19 05:30:54 +08:00
Silvan Mosberger aabd5fbfcf
Merge pull request #292259 from dawidd6/docker-nix-ssl
dockerTools: set NIX_SSL_CERT_FILE in image
2024-03-12 02:01:08 +01:00
Jonas Fierlings f4871a62d2
dockerTools: Do not pass compressor to streamLayeredImage 2024-03-02 10:18:56 +01:00
Jonas Fierlings f73a079352
dockerTools: Test changing compression of buildLayeredImage 2024-03-02 10:18:53 +01:00
Pol Dellaiera 2bf7ff4806
Merge pull request #289840 from PigeonF/master
Make `dockerTools.buildImageWithNixDb` reproducible
2024-02-29 13:03:07 +01:00
Dawid Dziurla de8942e125
dockerTools: set NIX_SSL_CERT_FILE in image 2024-02-29 07:58:55 +01:00
WxNzEMof b2f19980db Remove the redundant comments from streamLayeredImage parameters
The proper place to describe them is the documentation, where they are
described thoroughly.
2024-02-26 19:29:04 +00:00
WxNzEMof 2697d34603 streamLayeredImage: Change mode of /nix, /nix/store to 755
The change is insignificant when the owner is root.  However, when it
is not root, this change is needed to allow using Nix (as an
unprivileged user) inside the container.
2024-02-26 18:10:51 +00:00
WxNzEMof 0ec13cdb90 streamLayeredImage: Allow customizing ownership
This opens the way towards building images where Nix can be used as an
unprivileged user (in single-user mode).
2024-02-26 18:10:51 +00:00
Robert Hensing d2dfcfcfad
Merge pull request #289584 from athre0z/docker-zstd
dockerTools: configurable compression schema
2024-02-19 18:06:54 +01:00
pigeon 2cea1dce6d
nixos/dockerTools: make buildImageWithNixDb reproducible
The loaded database contains timestamps of when the nix paths were
registered. Depending on the host store, these can differ between runs.
Resetting them to a well known values ensures that the produced image is
reproducible.
2024-02-18 21:16:35 +01:00
Joel Höner 4b603ad9cd dockerTools: configurable compression schema
This commit adds support for swapping out the compression algorithm
used in all major docker-tools commands that generate images. The
default algorithm remains unchanged (gzip).
2024-02-17 18:52:42 +01:00
Robert Hensing dcf985388c
Merge pull request #271976 from r-k-b/fix-dockerTools-includeStorePaths
nixos/dockerTools: fix includeStorePaths when enableFakechroot
2024-02-14 23:38:44 +01:00
DS 0445c39047 doc: update environment helpers in dockerTools docs, add fakeNss section
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-02-01 01:37:31 -08:00
Matthew Planchard d538fefb62
Use fakeroot for proot cmd in streamLayeredImage
Resolves #275705
2024-01-23 14:55:08 -05:00
Robert Hensing 1f9e86f314 nixosTests.docker-tools: Use both code paths in includeStorePath test 2024-01-17 13:50:01 +01:00
Robert K. Bell 8353fad13d
nixos/dockerTools: fix includeStorePaths when enableFakechroot
After #268458, when setting `enableFakechroot = true` and
`includeStorePaths = false`, some of the store paths were getting
included into the image anyway, thru `bind-paths`.
This resulted in unexpectedly large images.

Now, the images will not contain any store paths under those
circumstances.
2023-12-07 18:06:01 +11:00
Jörg Thalheim 4911915512 nixos/dockerTools: fixup proot/fakeroot code
Not sure how this ever worked but tar was trying to archive /proc and /sys, which failed to work.
Since this is never useful for containers to do, we exclude this now in the proot case.
Also fakeroot is not needed when proot is used as it provideds the same feature.
We now cleanly seperate those cases as both are kind of hacks and it's more likely
that the combination will just trigger new bugs.
2023-11-19 08:30:27 +01:00
Tim Windelschmidt 19c5b4307d dockerTools: create /tmp in rootLayer 2023-10-09 22:15:41 +02:00
Robert Scott 38c1400f67 dockerTools: use makeOverridable for buildImage family of functions
this allows nix users to modify existing images without having
to rely on container image inheritance mechanisms via fromImage
2023-09-11 21:10:37 +01:00
Viktor Kronvall ca072c08a2 dockerTools: replace fakechroot with proot
The command `fakechroot` errored with buffer overflows. The `proot`
command doesn't seem to suffer from the same problem. The tar command
creating the layer errors with "permission denied" on a bunch of paths
in /proc but the layer seems to get built anyway.
2023-08-19 23:34:21 +09:00
Viktor Kronvall b35440bfcf dockerTools: replace --no-clobber with --update=none
Since coreutils v9.2 the `--no-clobber` flag results in a non-zero exit
code when the destination files exist. Using `--update=none` will now
reproduce the old behavior of `--no-clobber`.

However, the `--update=none` flag was introduced in coreutils v9.3 and
thus `mergeImages` will fail if you have an older version than v9.3 in
stdenv after applying this commit.

[coreutils v9.3 changelog](f386722dc0/NEWS (L48))
2023-08-17 01:37:07 +09:00
Felix Buehler f3719756b5 treewide: use optionalString instead of 'then ""' 2023-06-24 20:19:19 +02:00
Robin Bate Boerop 824c9ac5c9 nix-prefetch-docker: handle overrides correctly
Without this change, the `--os` and `--arch` switches are disregarded
for operations involving `skopeo inspect` invocations. This means that,
for example, one cannot fetch Linux images while on macOS.
2023-04-03 21:12:13 +03:00
Martin Weinelt 4472cf44eb
treewide: Make yescrypt the default algorithm for pam_unix.so
This ensures `passwd` will default to yescrypt for newly generated
passwords.
2023-03-13 07:54:27 +01:00
Andrew Brooks 84e04ccf85 dockerTools: Preprocess layers list before unpack to handle repeated layers 2023-02-06 12:19:29 -06:00
Andrew Brooks f4e4cac0c8 dockerTools: Correctly unpack duplicate rootfs diffs
This PR addresses issue #214434 by preventing
dockerTools.buildImage from deleting rootfs diffs until after
they've been unpacked.
2023-02-03 17:50:36 -06:00
Walter Franzini d2b0f9a9f6 dockerTools: make gzipped docker images faster to update by rsync
This passes --rsyncable / -R to pigz for input-determined block
locations, to improve rsync-ability.
2022-12-23 13:22:16 +01:00
figsoda ec8cb34358 treewide: fix typos 2022-12-17 19:39:44 -05:00
Robert Hensing 454d2307ae nixosTests.docker-tools: Fix nginx test 2022-12-08 22:29:10 +01:00
Robert Hensing 3e28f972fc dockerTools: refactor, rename internal variable
> has to fit its domain, which is the OCI spec, which uses
> `architecture`. The `defaultArch` and `GOARCH` names are irrelevant.
2022-12-08 20:29:10 +01:00
Christian Kemper f6ae4479ea dockerTools: allowing architecture to be specified
... for buildImage, buildLayeredImage and streamLayeredImage,
adding docs and tests.
2022-12-08 20:29:09 +01:00
Izorkin fc7eef65a2 dockerTools: fix nginx test 2022-11-30 15:23:43 +10:00
Vladimír Čunát 94d6c732d1
dockerTools: fixup evaluation without allowed aliases
This is a regression from PR #172736
2022-11-27 10:37:55 +01:00
Silvan Mosberger a566d0842e
Merge pull request #172736 from infinisil/docker-nix-shell 2022-11-26 20:21:59 +01:00
mupdt bb5827a692 dockerTools: prefer local builds 2022-11-18 09:31:53 -05:00
Silvan Mosberger a1cf249394 dockerTools.buildNixShellImage: Chown nix directories
To the user running the docker image. If a Nix binary is available in
the resulting derivation, this then behaves like a single-user Nix
installation, except that already-written /nix/store paths can't be
changed. Most notably it makes Nix work not have to rely on a chroot
store in the image
2022-11-07 19:38:09 +01:00
Robert Hensing 8fca2fd4bf
Merge pull request #141050 from koenw/dockertools_too_many_arguments
build-support: Fix error when building images with many layers
2022-10-13 21:45:10 +01:00
Koen Wilde 2f5fcda329 build-support: Fix error when building images with many layers
When building a docker image using `dockertools.buildLayeredImage`, the
resulting image layers are passed to `jq` through the command line. When
building an image with too many layers this would exceed the maximum
command line argument length.

Hence, we store the list of layers in the Nix store and pass them to
`jq` as a file argument using `--slurpfile`.

Fixes #140908.
2022-10-13 16:27:13 +02:00
Silvan Mosberger c36f929dee nixos/tests: Add tests for dockerTools.buildNixShellImage 2022-10-07 22:04:24 +02:00
Silvan Mosberger 8ec0837a72 Introduce dockerTools.buildNixShellImage 2022-10-07 22:04:22 +02:00
Robert Hensing cbb1f39264 nixosTests.docker-tools: Add image-with-certs 2022-09-21 01:00:04 +01:00
Ross Light f140b54916 dockerTools: add missing mkdir to caCertificates derivation 2022-09-20 08:07:23 -07:00