nixos/dockerTools: fix includeStorePaths when enableFakechroot

After #268458, when setting `enableFakechroot = true` and `includeStorePaths = false`, some of the store paths were getting included into the image anyway, thru `bind-paths`. This resulted in unexpectedly large images. Now, the images will not contain any store paths under those circumstances.
author: Robert K. Bell <robert.k.bell@gmail.com> 2023-12-04 14:39:18 +1100
committer: Robert K. Bell <robert.k.bell@gmail.com> 2023-12-07 18:06:01 +1100
commit: 8353fad13da8983b95c47426a355e044099cee91 (patch)
tree: 109bcf0e911672158eb68fc6f1bb637e8e0ec816 /pkgs/build-support/docker
parent: 0eb6d4fb0c31f274d7d3803ec512dda8eb6cb437 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 7218d67062e78..8cdfd7cddb281 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -922,6 +922,7 @@ rec {
                   --sort name \
                   --exclude=./proc \
                   --exclude=./sys \
+                  --exclude=.${builtins.storeDir} \
                   --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
                   --hard-dereference \
                   -cf $out/layer.tar .
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 5784e650dc2e4..109bea54ec0c9 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -637,6 +637,7 @@ rec {
     ];
     config.Cmd = [ "hello" ];
     includeStorePaths = false;
+    enableFakechroot = true;
   };
 
   etc =
author	Robert K. Bell <robert.k.bell@gmail.com>	2023-12-04 14:39:18 +1100
committer	Robert K. Bell <robert.k.bell@gmail.com>	2023-12-07 18:06:01 +1100
commit	8353fad13da8983b95c47426a355e044099cee91 (patch)
tree	109bcf0e911672158eb68fc6f1bb637e8e0ec816 /pkgs/build-support/docker
parent	0eb6d4fb0c31f274d7d3803ec512dda8eb6cb437 (diff)