Merge pull request #191988 from zombiezen/fix-docker-ca-certificates

dockerTools: add missing mkdir to caCertificates derivation
This commit is contained in:
Robert Hensing 2022-09-21 01:20:00 +01:00 committed by GitHub
commit 97f6e8b3e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 0 deletions

View file

@ -424,5 +424,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
docker.succeed("docker run --rm etc | grep localhost")
docker.succeed("docker image rm etc:latest")
with subtest("image-with-certs"):
docker.succeed("<${examples.image-with-certs} docker load")
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/ssl/certs/ca-bundle.crt")
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/ssl/certs/ca-certificates.crt")
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/pki/tls/certs/ca-bundle.crt")
docker.succeed("docker image rm image-with-certs:latest")
'';
})

View file

@ -794,6 +794,7 @@ rec {
# This provides the ca bundle in common locations
caCertificates = runCommand "ca-certificates" { } ''
mkdir -p $out/etc/ssl/certs $out/etc/pki/tls/certs
# Old NixOS compatibility.
ln -s ${cacert}/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs/ca-bundle.crt
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.

View file

@ -698,4 +698,21 @@ rec {
tag = "latest";
contents = [ pkgs.bashInteractive ./test-dummy ];
};
# ensure that caCertificates builds
image-with-certs = buildImage {
name = "image-with-certs";
tag = "latest";
copyToRoot = pkgs.buildEnv {
name = "image-with-certs-root";
paths = [
pkgs.coreutils
pkgs.dockerTools.caCertificates
];
};
config = {
};
};
}