Age | Commit message (Collapse) | Author | Files | Lines |
|
/etc/hosts is generally also provided by the container runtime.
|
|
(cherry picked from commit 9b2af8673be82d48ce76c8c152de85ad921d26ba)
|
|
|
|
|
|
- add nixosTests to `dockerTools.tests`
- don't use `pkgs` or `lib.singleton`
|
|
`pkgs.system` is an alias
|
|
Make this reachable from pkgs.fakeNss. This is useful outside docker
contexts, too.
https://github.com/NixOS/nixpkgs/pull/164943#discussion_r833220769
|
|
This is useful for a use-case we have with a Nix-based CI system that
specifies things like deploy steps as passthru attributes[0].
Previously the only way to do this would have been to concatenate
attributes onto the resulting derivation, but passing them in and
actually treating them as proper passthru attributes is cleaner.
[0]: https://cs.tvl.fyi/depot@f7d7da6aceb407b719cf4683a75878fd3aca319e/-/blob/nix/buildkite/default.nix?L222-226
|
|
|
|
|
|
Avoid risk of breaking existing images by making it opt-in.
|
|
|
|
hercules-ci/add-dockerTools-customization-layer-dependencies
dockerTools: Add store dependencies of the customization layer
|
|
|
|
treewide: remove toplevel `system` attr
|
|
|
|
|
|
|
|
|
|
dockerTools: test pullImage
|
|
|
|
|
|
|
|
|
|
|
|
https://www.gnu.org/software/tar/manual/html_node/files.html
files starting with - can be treated as command line options, which isn't desirable here
|
|
This provides a /usr/bin/env, for shell scripts using the
"/usr/bin/env executable" shebang.
|
|
Apparently, a non-existent nsswitch.conf causes a very misleading host
resolution, differing from the defaults people are used to.
According to
https://github.com/golang/go/issues/22846#issuecomment-346377144, glibc
says the default is "dns [!UNAVAIL=return] files".
This means, `/etc/hosts` isn't really honored, causing all sorts of
unexpected behaviour.
Let's prevent this, and first ask `/etc/hosts` before querying DNS, like
we do on NixOS too.
|
|
This has been synonymous for ~5y.
|
|
skopeo 1.4.x doesn't accept --src-tls-verify as a flag to the *program*,
only as a flag to copy; we must pass it after the "copy" verb, or it
will fail with:
> FATA[0000] unknown flag: --src-tls-verify
|
|
|
|
tarsum: init
|
|
- move from dockerTools.tarsum
- remove go from runtime closure
|
|
Indeed Docker can not run darwin exes, but darwin can build
Docker images, as some users already do with buildLayeredImage.
|
|
|
|
skopeo will disable the progress bar if it detects that stdout isn't a
TTY - in order to make it think that stdout _isn't_ a TTY and therefore
avoid it printing a lot of "…" on separate lines, we pipe the output
through cat.
This changes the output from:
…
…
…
…
…
…
to the eminently more useful and less spammy:
Getting image source signatures
Copying blob sha256:[snip]
Copying blob sha256:[snip]
Copying blob sha256:[snip]
Copying config sha256:[snip]
Writing manifest to image destination
Storing signatures
|
|
nixosTests.docker-tools: Fix nixFromDockerHub example sha
|
|
dockerTools: Fix passthru image tag
|
|
For https://github.com/NixOS/nixpkgs/pull/125211 I tried to test
the fetcher with
nix-build -A dockerTools.examples.nixFromDockerHub --option substitute false
But it failed. I haven't figured out the cause, but the outputs
match, so it's probably the hashing method (flat/recursive) that
changed at some point. (The names did match.)
|
|
build-support/docker: pass tlsVerify to support http registries
|
|
It should match the actual image tag.
This fixes the problem introduced in 00996b5e03f33bebafc2b17c41a175d3726a9bde
https://github.com/NixOS/nixpkgs/pull/115491#pullrequestreview-672789901
|
|
|
|
Adds includeStorePaths, allowing the omission of the store paths.
You generally want to leave it on, but tooling may disable this
to insert the store paths more efficiently via other means, such
as bind mounting the host store.
|
|
|
|
dockerTools: Implement merging of image tarballs
|
|
dockerTools: fix absent /proc during runAsRoot
|
|
|
|
|
|
|
|
The `docker load` command supports loading tarballs that contain
multiple docker images with their respective image names and tags. This
enables distributing these images as a single file which simplifies the
release of software when an application requires multiple services to
run.
However, pkgs.dockerTools only create tarballs with a single docker
image and there exists is no mechanism in nixpkgs to combine the created
tarballs. This commit implements merging of tarballs in a way that is
compatible with `docker load`.
|