nixos/dockerTools: fixup proot/fakeroot code

Not sure how this ever worked but tar was trying to archive /proc and /sys, which failed to work.
Since this is never useful for containers to do, we exclude this now in the proot case.
Also fakeroot is not needed when proot is used as it provideds the same feature.
We now cleanly seperate those cases as both are kind of hacks and it's more likely
that the combination will just trigger new bugs.
This commit is contained in:
Jörg Thalheim 2023-11-19 08:30:20 +01:00
parent 0ace63bed8
commit 4911915512

View file

@ -914,17 +914,30 @@ rec {
(cd old_out; eval "$extraCommands" )
mkdir $out
${optionalString enableFakechroot ''proot -r $PWD/old_out ${bind-paths} --pwd=/ ''}fakeroot bash -c '
source $stdenv/setup
${optionalString (!enableFakechroot) ''cd old_out''}
eval "$fakeRootCommands"
tar \
--sort name \
--numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
--hard-dereference \
-cf $out/layer.tar .
'
${if enableFakechroot then ''
proot -r $PWD/old_out ${bind-paths} --pwd=/ --root-id bash -c '
source $stdenv/setup
eval "$fakeRootCommands"
tar \
--sort name \
--exclude=./proc \
--exclude=./sys \
--numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
--hard-dereference \
-cf $out/layer.tar .
'
'' else ''
fakeroot bash -c '
source $stdenv/setup
cd old_out
eval "$fakeRootCommands"
tar \
--sort name \
--numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
--hard-dereference \
-cf $out/layer.tar .
'
''}
sha256sum $out/layer.tar \
| cut -f 1 -d ' ' \
> $out/checksum