From 49119155125e4ce346e2881eb5dd2f79515b8e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 19 Nov 2023 08:30:20 +0100 Subject: [PATCH] nixos/dockerTools: fixup proot/fakeroot code Not sure how this ever worked but tar was trying to archive /proc and /sys, which failed to work. Since this is never useful for containers to do, we exclude this now in the proot case. Also fakeroot is not needed when proot is used as it provideds the same feature. We now cleanly seperate those cases as both are kind of hacks and it's more likely that the combination will just trigger new bugs. --- pkgs/build-support/docker/default.nix | 35 ++++++++++++++++++--------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 70fd3635b745..7218d67062e7 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -914,17 +914,30 @@ rec { (cd old_out; eval "$extraCommands" ) mkdir $out - ${optionalString enableFakechroot ''proot -r $PWD/old_out ${bind-paths} --pwd=/ ''}fakeroot bash -c ' - source $stdenv/setup - ${optionalString (!enableFakechroot) ''cd old_out''} - eval "$fakeRootCommands" - tar \ - --sort name \ - --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ - --hard-dereference \ - -cf $out/layer.tar . - ' - + ${if enableFakechroot then '' + proot -r $PWD/old_out ${bind-paths} --pwd=/ --root-id bash -c ' + source $stdenv/setup + eval "$fakeRootCommands" + tar \ + --sort name \ + --exclude=./proc \ + --exclude=./sys \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' + '' else '' + fakeroot bash -c ' + source $stdenv/setup + cd old_out + eval "$fakeRootCommands" + tar \ + --sort name \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' + ''} sha256sum $out/layer.tar \ | cut -f 1 -d ' ' \ > $out/checksum