diff options
author | Robert Hensing <roberth@users.noreply.github.com> | 2021-04-07 15:02:24 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-07 15:02:24 +0200 |
commit | 58b21dea7812f5334e3b3c37bfc003e057d5f215 (patch) | |
tree | 8c2d399006fadfc49e6262a347e6020ef3ad443f /pkgs/build-support/docker | |
parent | 3660d282acaf1e00aecdb38fa9a4d848f599b8ba (diff) | |
parent | 63e7c4186f43190ca4ee44aeec10f81343573861 (diff) |
Merge pull request #116749 from vroad/docker-layered-image-fakeroot
dockerTools.streamLayeredImage: add fakeRootCommands option
Diffstat (limited to 'pkgs/build-support/docker')
-rw-r--r-- | pkgs/build-support/docker/default.nix | 23 | ||||
-rw-r--r-- | pkgs/build-support/docker/examples.nix | 13 |
2 files changed, 29 insertions, 7 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index a73737cb12319..b03bfcca87f4f 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -7,6 +7,7 @@ coreutils, docker, e2fsprogs, + fakeroot, findutils, go, jq, @@ -740,6 +741,9 @@ rec { created ? "1970-01-01T00:00:01Z", # Optional bash script to run on the files prior to fixturizing the layer. extraCommands ? "", + # Optional bash script to run inside fakeroot environment. + # Could be used for changing ownership of files in customisation layer. + fakeRootCommands ? "", # We pick 100 to ensure there is plenty of room for extension. I # believe the actual maximum is 128. maxLayers ? 100 @@ -765,19 +769,24 @@ rec { customisationLayer = symlinkJoin { name = "${baseName}-customisation-layer"; paths = contentsList; - inherit extraCommands; + inherit extraCommands fakeRootCommands; + nativeBuildInputs = [ fakeroot ]; postBuild = '' mv $out old_out (cd old_out; eval "$extraCommands" ) mkdir $out - tar \ - --sort name \ - --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \ - --hard-dereference \ - -C old_out \ - -cf $out/layer.tar . + fakeroot bash -c ' + source $stdenv/setup + cd old_out + eval "$fakeRootCommands" + tar \ + --sort name \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' sha256sum $out/layer.tar \ | cut -f 1 -d ' ' \ diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 9c7d46812140b..f6b468942fe09 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -484,4 +484,17 @@ rec { tag = "latest"; config.Cmd = [ "${pkgs.hello}/bin/hello" ]; }; + + # layered image with files owned by a user other than root + layeredImageWithFakeRootCommands = pkgs.dockerTools.buildLayeredImage { + name = "layered-image-with-fake-root-commands"; + tag = "latest"; + contents = [ + pkgs.pkgsStatic.busybox + ]; + fakeRootCommands = '' + mkdir -p ./home/jane + chown 1000 ./home/jane + ''; + }; } |