diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2023-11-19 08:30:20 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2023-11-19 08:30:27 +0100 |
| commit | 49119155125e4ce346e2881eb5dd2f79515b8e18 (patch) | |
| tree | e5ebff4d7db7b54fa635b9e05ac062ed545cfce8 /pkgs/build-support/docker | |
| parent | 0ace63bed8f561e4cc5b1c8fa5fee6be61fbcf8b (diff) | |
nixos/dockerTools: fixup proot/fakeroot code
Not sure how this ever worked but tar was trying to archive /proc and /sys, which failed to work. Since this is never useful for containers to do, we exclude this now in the proot case. Also fakeroot is not needed when proot is used as it provideds the same feature. We now cleanly seperate those cases as both are kind of hacks and it's more likely that the combination will just trigger new bugs.
Diffstat (limited to 'pkgs/build-support/docker')
| -rw-r--r-- | pkgs/build-support/docker/default.nix | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 70fd3635b7454..7218d67062e78 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -914,17 +914,30 @@ rec { (cd old_out; eval "$extraCommands" ) mkdir $out - ${optionalString enableFakechroot ''proot -r $PWD/old_out ${bind-paths} --pwd=/ ''}fakeroot bash -c ' - source $stdenv/setup - ${optionalString (!enableFakechroot) ''cd old_out''} - eval "$fakeRootCommands" - tar \ - --sort name \ - --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ - --hard-dereference \ - -cf $out/layer.tar . - ' - + ${if enableFakechroot then '' + proot -r $PWD/old_out ${bind-paths} --pwd=/ --root-id bash -c ' + source $stdenv/setup + eval "$fakeRootCommands" + tar \ + --sort name \ + --exclude=./proc \ + --exclude=./sys \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' + '' else '' + fakeroot bash -c ' + source $stdenv/setup + cd old_out + eval "$fakeRootCommands" + tar \ + --sort name \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' + ''} sha256sum $out/layer.tar \ | cut -f 1 -d ' ' \ > $out/checksum |