Commit graph

247 commits

Author SHA1 Message Date
zowoq
e65aba25f8 dockerTools: misc fixes
- add nixosTests to `dockerTools.tests`
- don't use `pkgs` or `lib.singleton`
2022-04-05 17:04:59 +10:00
zowoq
76636e0099 dockerTools: pkgs.system -> pkgs.stdenv.hostPlatform.system
`pkgs.system` is an alias
2022-04-05 10:19:40 +10:00
Florian Klink
76d05dfa62 fakeNss: move to toplevel
Make this reachable from pkgs.fakeNss. This is useful outside docker
contexts, too.

https://github.com/NixOS/nixpkgs/pull/164943#discussion_r833220769
2022-03-24 18:47:30 +01:00
Vincent Ambo
af9f248926 streamLayeredImage: pass through passthru attributes
This is useful for a use-case we have with a Nix-based CI system that
specifies things like deploy steps as passthru attributes[0].

Previously the only way to do this would have been to concatenate
attributes onto the resulting derivation, but passing them in and
actually treating them as proper passthru attributes is cleaner.

[0]: https://cs.tvl.fyi/depot@f7d7da6aceb407b719cf4683a75878fd3aca319e/-/blob/nix/buildkite/default.nix?L222-226
2022-01-31 10:10:10 +03:00
Andrew Brooks
57718902e3 nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order 2021-12-17 19:26:53 -06:00
Andrew Brooks
69ffb0004a dockerTools.buildImage: unpack base image layers in correct order 2021-12-17 18:28:10 -06:00
Robert Hensing
ddda5f28e1 dockerTools: Keep fakechroot disabled by default
Avoid risk of breaking existing images by making it opt-in.
2021-12-04 13:49:10 +00:00
Robert Hensing
0e9bc9ffd1 dockerTools: Add fakechroot to fakeRootCommands 2021-12-04 13:49:10 +00:00
Robert Hensing
66c19d856b
Merge pull request #148341 from hercules-ci/add-dockerTools-customization-layer-dependencies
dockerTools: Add store dependencies of the customization layer
2021-12-03 00:20:44 +01:00
Robert Hensing
d0bcc212de nixosTests.docker-tools: Use unique binary in test case 2021-12-02 22:26:05 +00:00
Ryan Burns
f67d4dd9c1
Merge pull request #142616 from r-burns/toplevel-system
treewide: remove toplevel `system` attr
2021-10-27 10:03:24 -07:00
Robert Hensing
8ecfaf3543 dockerTools: Fix test 2021-10-25 12:25:01 +02:00
Ryan Burns
aed6bb336e build-support/docker: remove toplevel system attr 2021-10-22 14:04:05 -07:00
Robert Hensing
3b9d05e114 dockerTools: Fix and test #118722 path in contents 2021-10-18 12:41:51 +02:00
Robert Hensing
48cfdc8ca5 dockerTools: Add store dependencies of the customization layer 2021-10-06 22:45:04 +02:00
Robert Hensing
286c71a230
Merge pull request #139892 from hercules-ci/dockerTools-test-pullImage
dockerTools: test pullImage
2021-09-29 15:27:49 +02:00
Robert Hensing
16a4da9127 dockerTools: Test pullImage fetcher whenever its implementation changes 2021-09-29 14:41:08 +02:00
Robert Hensing
1a0edf135a dockerTools.exportImage: Make $out a tarball again 2021-09-29 09:34:45 +02:00
Robert Hensing
63bf4539b9 dockerTools.runWithOverlay: Avoid cluttering $out and copying 2021-09-29 09:34:06 +02:00
Justin Bedo
fa0cc611ff
dockerTools: fix export 2021-09-29 15:35:25 +10:00
Justin Bedo
0319228a45
docker-tools: add example for exportImage functionality and test 2021-09-29 15:35:21 +10:00
divanorama
b012fe5e7e
use --verbatim-files-from in dockerTools
https://www.gnu.org/software/tar/manual/html_node/files.html
files starting with - can be treated as command line options, which isn't desirable here
2021-09-10 19:12:32 +02:00
Florian Klink
14b61efa87 dockerTools.usrBinEnv: add
This provides a /usr/bin/env, for shell scripts using the
"/usr/bin/env executable" shebang.
2021-08-25 16:08:39 +02:00
Florian Klink
f8031c60b7
dockerTools.fakeNss: add /etc/nsswitch.conf (#134958)
Apparently, a non-existent nsswitch.conf causes a very misleading host
resolution, differing from the defaults people are used to.

According to
https://github.com/golang/go/issues/22846#issuecomment-346377144, glibc
says the default is "dns [!UNAVAIL=return] files".

This means, `/etc/hosts` isn't really honored, causing all sorts of
unexpected behaviour.

Let's prevent this, and first ask `/etc/hosts` before querying DNS, like
we do on NixOS too.
2021-08-20 19:44:17 +02:00
Robert Hensing
fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
Luke Granger-Brown
dbe9bf9848 dockerTools.pullImage: fix for skopeo 1.4.x
skopeo 1.4.x doesn't accept --src-tls-verify as a flag to the *program*,
only as a flag to copy; we must pass it after the "copy" verb, or it
will fail with:

> FATA[0000] unknown flag: --src-tls-verify
2021-08-14 21:21:26 +00:00
Sandro Jäckel
ceb417aaf1
docker: format 2021-08-10 10:32:46 +02:00
Robert Hensing
1c4b1018a3
Merge pull request #132626 from zowoq/tarsum
tarsum: init
2021-08-05 12:14:35 +02:00
zowoq
5dde5ea73e tarsum: init
- move from dockerTools.tarsum
- remove go from runtime closure
2021-08-05 08:54:41 +10:00
Robert Hensing
641bac80e5
dockerTools.buildImage: Allow build on darwin (#132640)
Indeed Docker can not run darwin exes, but darwin can build
Docker images, as some users already do with buildLayeredImage.
2021-08-04 06:06:06 -04:00
zowoq
05fe220746 dockerTools.tarsum: use current go 2021-07-08 16:31:33 +10:00
Luke Granger-Brown
48c23a086b dockerTools.pullImage: force disable skopeo's progress bar
skopeo will disable the progress bar if it detects that stdout isn't a
TTY - in order to make it think that stdout _isn't_ a TTY and therefore
avoid it printing a lot of "…" on separate lines, we pipe the output
through cat.

This changes the output from:

…
…
…
…
…
…

to the eminently more useful and less spammy:

Getting image source signatures
Copying blob sha256:[snip]
Copying blob sha256:[snip]
Copying blob sha256:[snip]
Copying config sha256:[snip]
Writing manifest to image destination
Storing signatures
2021-07-03 01:40:38 +00:00
Robert Hensing
76f53eef48
Merge pull request #125223 from hercules-ci/fix-dockerTools-example-fetch-sha
nixosTests.docker-tools: Fix nixFromDockerHub example sha
2021-06-10 10:10:18 +02:00
Robert Hensing
1834bc8711
Merge pull request #125216 from hercules-ci/follow-up-115491
dockerTools: Fix passthru image tag
2021-06-02 16:58:49 +02:00
Robert Hensing
d155b8c438 nixosTests.docker-tools: Fix nixFromDockerHub example sha
For https://github.com/NixOS/nixpkgs/pull/125211 I tried to test
the fetcher with

    nix-build -A dockerTools.examples.nixFromDockerHub --option substitute false

But it failed. I haven't figured out the cause, but the outputs
match, so it's probably the hashing method (flat/recursive) that
changed at some point. (The names did match.)
2021-06-01 15:13:03 +02:00
Robert Hensing
7f6a395070
Merge pull request #125211 from edwtjo/docker-fetch-wotls
build-support/docker: pass tlsVerify to support http registries
2021-06-01 15:07:48 +02:00
Robert Hensing
ff55c41fac dockerTools: Fix passthru image tag
It should match the actual image tag.
This fixes the problem introduced in 00996b5e03
https://github.com/NixOS/nixpkgs/pull/115491#pullrequestreview-672789901
2021-06-01 14:42:21 +02:00
Edward Tjörnhammar
ab4649e9d1
build-support/docker: pass tlsVerify to support http registries 2021-06-01 14:34:24 +02:00
Robert Hensing
5259d66b74 dockerTools: Allow omitting all store paths
Adds includeStorePaths, allowing the omission of the store paths.
You generally want to leave it on, but tooling may disable this
to insert the store paths more efficiently via other means, such
as bind mounting the host store.
2021-05-26 15:11:42 +02:00
Robert Hensing
69de7cc12a dockerTools: Format 2021-05-26 15:11:42 +02:00
Robert Hensing
578acc7a42
Merge pull request #118018 from considerate/master
dockerTools: Implement merging of image tarballs
2021-04-16 09:17:44 +02:00
Jörg Thalheim
65a40ca547
Merge pull request #102725 from thefloweringash/dockertools-proc
dockerTools: fix absent /proc during runAsRoot
2021-04-12 14:14:24 +01:00
Viktor Kronvall
5caed960d3 dockerTools: add merged example images 2021-04-08 00:22:59 +09:00
Viktor Kronvall
b2aa1f9d7a dockerTools: preserve order of images in manifest 2021-04-07 23:20:14 +09:00
Viktor Kronvall
dcc9aef015 dockerTools: take a list of images in mergeImages 2021-04-07 22:49:44 +09:00
Viktor Kronvall
ecc293ff7a dockerTools: Implement merging of image tarballs
The `docker load` command supports loading tarballs that contain
multiple docker images with their respective image names and tags. This
enables distributing these images as a single file which simplifies the
release of software when an application requires multiple services to
run.

However, pkgs.dockerTools only create tarballs with a single docker
image and there exists is no mechanism in nixpkgs to combine the created
tarballs. This commit implements merging of tarballs in a way that is
compatible with `docker load`.
2021-04-07 22:49:44 +09:00
Robert Hensing
58b21dea78
Merge pull request #116749 from vroad/docker-layered-image-fakeroot
dockerTools.streamLayeredImage: add fakeRootCommands option
2021-04-07 15:02:24 +02:00
vroad
63e7c4186f dockerTools.streamLayeredImage: Add test for fakeRootCommands 2021-04-07 18:11:02 +09:00
Louis Blin
b3f68289df dockerTools.streamLayeredImage: resolve duplicate env vars
For images running on Kubernetes, there is no guarantee on how duplicate
environment variables in the image config will be handled. This seems
to be different from Docker, where the last environment variable value
is consistently selected.

The current code for `streamLayeredImage` was exploiting that assumption
to easily propagate environment variables from the base image, leaving
duplicates unchecked. It should rather resolve these duplicates to
ensure consistent behavior on Docker and Kubernetes.
2021-03-25 23:29:54 +00:00
Louis Blin
aae8588182 dockerTools.buildLayeredImage: support fromImage
It is now possible to pass a `fromImage` to `buildLayeredImage` and
`streamLayeredImage`, similar to what `buildImage` currently supports.

This will prepend the layers of the given base image to the resulting
image, while ensuring that at most `maxLayers` are used. It will also
ensure that environment variables from the base image are propagated
to the final image.
2021-03-23 14:50:42 +00:00