Merge pull request #116749 from vroad/docker-layered-image-fakeroot

dockerTools.streamLayeredImage: add fakeRootCommands option
author: Robert Hensing <roberth@users.noreply.github.com> 2021-04-07 15:02:24 +0200
committer: GitHub <noreply@github.com> 2021-04-07 15:02:24 +0200
commit: 58b21dea7812f5334e3b3c37bfc003e057d5f215 (patch)
tree: 8c2d399006fadfc49e6262a347e6020ef3ad443f /pkgs/build-support/docker
parent: 3660d282acaf1e00aecdb38fa9a4d848f599b8ba (diff)
parent: 63e7c4186f43190ca4ee44aeec10f81343573861 (diff)
2 files changed, 29 insertions, 7 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index a73737cb12319..b03bfcca87f4f 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -7,6 +7,7 @@
   coreutils,
   docker,
   e2fsprogs,
+  fakeroot,
   findutils,
   go,
   jq,
@@ -740,6 +741,9 @@ rec {
     created ? "1970-01-01T00:00:01Z",
     # Optional bash script to run on the files prior to fixturizing the layer.
     extraCommands ? "",
+    # Optional bash script to run inside fakeroot environment.
+    # Could be used for changing ownership of files in customisation layer.
+    fakeRootCommands ? "",
     # We pick 100 to ensure there is plenty of room for extension. I
     # believe the actual maximum is 128.
     maxLayers ? 100
@@ -765,19 +769,24 @@ rec {
       customisationLayer = symlinkJoin {
         name = "${baseName}-customisation-layer";
         paths = contentsList;
-        inherit extraCommands;
+        inherit extraCommands fakeRootCommands;
+        nativeBuildInputs = [ fakeroot ];
         postBuild = ''
           mv $out old_out
           (cd old_out; eval "$extraCommands" )
 
           mkdir $out
 
-          tar \
-            --sort name \
-            --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \
-            --hard-dereference \
-            -C old_out \
-            -cf $out/layer.tar .
+          fakeroot bash -c '
+            source $stdenv/setup
+            cd old_out
+            eval "$fakeRootCommands"
+            tar \
+              --sort name \
+              --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
+              --hard-dereference \
+              -cf $out/layer.tar .
+          '
 
           sha256sum $out/layer.tar \
             | cut -f 1 -d ' ' \
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 9c7d46812140b..f6b468942fe09 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -484,4 +484,17 @@ rec {
     tag = "latest";
     config.Cmd = [ "${pkgs.hello}/bin/hello" ];
   };
+
+  # layered image with files owned by a user other than root
+  layeredImageWithFakeRootCommands = pkgs.dockerTools.buildLayeredImage {
+    name = "layered-image-with-fake-root-commands";
+    tag = "latest";
+    contents = [
+      pkgs.pkgsStatic.busybox
+    ];
+    fakeRootCommands = ''
+      mkdir -p ./home/jane
+      chown 1000 ./home/jane
+    '';
+  };
 }
author	Robert Hensing <roberth@users.noreply.github.com>	2021-04-07 15:02:24 +0200
committer	GitHub <noreply@github.com>	2021-04-07 15:02:24 +0200
commit	58b21dea7812f5334e3b3c37bfc003e057d5f215 (patch)
tree	8c2d399006fadfc49e6262a347e6020ef3ad443f /pkgs/build-support/docker
parent	3660d282acaf1e00aecdb38fa9a4d848f599b8ba (diff)
parent	63e7c4186f43190ca4ee44aeec10f81343573861 (diff)