diff options
| author | Robert Hensing | 2023-03-08 18:55:20 +0100 |
|---|---|---|
| committer | GitHub | 2023-03-08 18:55:20 +0100 |
| commit | 1e383aada51b416c6c27d4884d2e258df201bc11 (patch) | |
| tree | bc6eabee4e09233262f4b4a948914a598140cf09 /nixos/tests | |
| parent | 2bac76e41395757569afc5b2664250ccf0efe911 (diff) | |
| parent | 84e04ccf8570e9f8072486f7d750d326225c7117 (diff) | |
Merge pull request #214438 from agbrooks/master
dockerTools.buildImage: Handle base images w/ duplicate rootfs diffs
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/docker-tools.nix | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 98704ecb2fb6..44b583ebcea5 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -1,6 +1,52 @@ # this test creates a simple GNU image with docker tools and sees if it executes -import ./make-test-python.nix ({ pkgs, ... }: { +import ./make-test-python.nix ({ pkgs, ... }: +let + # nixpkgs#214434: dockerTools.buildImage fails to unpack base images + # containing duplicate layers when those duplicate tarballs + # appear under the manifest's 'Layers'. Docker can generate images + # like this even though dockerTools does not. + repeatedLayerTestImage = + let + # Rootfs diffs for layers 1 and 2 are identical (and empty) + layer1 = pkgs.dockerTools.buildImage { name = "empty"; }; + layer2 = layer1.overrideAttrs (_: { fromImage = layer1; }); + repeatedRootfsDiffs = pkgs.runCommandNoCC "image-with-links.tar" { + nativeBuildInputs = [pkgs.jq]; + } '' + mkdir contents + tar -xf "${layer2}" -C contents + cd contents + first_rootfs=$(jq -r '.[0].Layers[0]' manifest.json) + second_rootfs=$(jq -r '.[0].Layers[1]' manifest.json) + target_rootfs=$(sha256sum "$first_rootfs" | cut -d' ' -f 1).tar + + # Replace duplicated rootfs diffs with symlinks to one tarball + chmod -R ug+w . + mv "$first_rootfs" "$target_rootfs" + rm "$second_rootfs" + ln -s "../$target_rootfs" "$first_rootfs" + ln -s "../$target_rootfs" "$second_rootfs" + + # Update manifest's layers to use the symlinks' target + cat manifest.json | \ + jq ".[0].Layers[0] = \"$target_rootfs\"" | + jq ".[0].Layers[1] = \"$target_rootfs\"" > manifest.json.new + mv manifest.json.new manifest.json + + tar --sort=name --hard-dereference -cf $out . + ''; + in pkgs.dockerTools.buildImage { + fromImage = repeatedRootfsDiffs; + name = "repeated-layer-test"; + tag = "latest"; + copyToRoot = pkgs.bash; + # A runAsRoot script is required to force previous layers to be unpacked + runAsRoot = '' + echo 'runAsRoot has run.' + ''; + }; +in { name = "docker-tools"; meta = with pkgs.lib.maintainers; { maintainers = [ lnl7 roberth ]; @@ -221,6 +267,12 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker run --rm ${examples.layersUnpackOrder.imageName} cat /layer-order" ) + with subtest("Ensure repeated base layers handled by buildImage"): + docker.succeed( + "docker load --input='${repeatedLayerTestImage}'", + "docker run --rm ${repeatedLayerTestImage.imageName} /bin/bash -c 'exit 0'" + ) + with subtest("Ensure environment variables are correctly inherited"): docker.succeed( "docker load --input='${examples.environmentVariables}'" |