Merge pull request #38837 from eonpatapon/fix-38835

dockerTools.buildImage: add /nix/store with correct permissions
This commit is contained in:
Daiderd Jordan 2018-04-16 20:00:11 +02:00 committed by GitHub
commit c4dea092a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -497,6 +497,16 @@ rec {
# Record the contents of the tarball with ls_tar.
ls_tar temp/layer.tar >> baseFiles
# Append nix/store directory to the layer so that when the layer is loaded in the
# image /nix/store has read permissions for non-root users.
# nix/store is added only if the layer has /nix/store paths in it.
if [ $(wc -l < $layerClosure) -gt 1 ] && [ $(grep -c -e "^/nix/store$" baseFiles) -eq 0 ]; then
mkdir -p nix/store
chmod -R 555 nix
echo "./nix" >> layerFiles
echo "./nix/store" >> layerFiles
fi
# Get the files in the new layer which were *not* present in
# the old layer, and record them as newFiles.
comm <(sort -n baseFiles|uniq) \