2018-02-14 05:20:16 +00:00
|
|
|
# this test creates a simple GNU image with docker tools and sees if it executes
|
|
|
|
|
2023-02-03 23:49:39 +00:00
|
|
|
import ./make-test-python.nix ({ pkgs, ... }:
|
|
|
|
let
|
|
|
|
# nixpkgs#214434: dockerTools.buildImage fails to unpack base images
|
|
|
|
# containing duplicate rootfs diffs when those duplicate tarballs
|
|
|
|
# appear under the manifest's 'Layers'. Docker can generate images
|
|
|
|
# like this even though dockerTools does not.
|
|
|
|
repeatedLayerTestImage =
|
|
|
|
let
|
|
|
|
# Rootfs diffs for layers 1 and 2 are identical (and empty)
|
|
|
|
layer1 = pkgs.dockerTools.buildImage { name = "empty"; };
|
|
|
|
layer2 = layer1.overrideAttrs (_: { fromImage = layer1; });
|
|
|
|
repeatedRootfsDiffs = pkgs.runCommandNoCC "image-with-links.tar" {
|
|
|
|
nativeBuildInputs = [pkgs.jq];
|
|
|
|
} ''
|
|
|
|
mkdir contents
|
|
|
|
tar -xf "${layer2}" -C contents
|
|
|
|
cd contents
|
|
|
|
first_rootfs=$(jq -r '.[0].Layers[0]' manifest.json)
|
|
|
|
second_rootfs=$(jq -r '.[0].Layers[1]' manifest.json)
|
|
|
|
target_rootfs=$(sha256sum "$first_rootfs" | cut -d' ' -f 1).tar
|
|
|
|
|
|
|
|
# Replace duplicated rootfs diffs with symlinks to one tarball
|
|
|
|
chmod -R ug+w .
|
|
|
|
mv "$first_rootfs" "$target_rootfs"
|
|
|
|
rm "$second_rootfs"
|
|
|
|
ln -s "../$target_rootfs" "$first_rootfs"
|
|
|
|
ln -s "../$target_rootfs" "$second_rootfs"
|
|
|
|
|
|
|
|
# Update manifest's layers to use the symlinks' target
|
|
|
|
cat manifest.json | \
|
|
|
|
jq ".[0].Layers[0] = \"$target_rootfs\"" |
|
|
|
|
jq ".[0].Layers[1] = \"$target_rootfs\"" > manifest.json.new
|
|
|
|
mv manifest.json.new manifest.json
|
|
|
|
|
|
|
|
tar --sort=name --hard-dereference -cf $out .
|
|
|
|
'';
|
|
|
|
in pkgs.dockerTools.buildImage {
|
|
|
|
fromImage = repeatedRootfsDiffs;
|
|
|
|
name = "repeated-layer-test";
|
|
|
|
copyToRoot = pkgs.bash;
|
|
|
|
# A runAsRoot script is required to force previous layers to be unpacked
|
2023-02-06 17:05:13 +00:00
|
|
|
runAsRoot = ''
|
|
|
|
echo 'runAsRoot has run.'
|
|
|
|
'';
|
2023-02-03 23:49:39 +00:00
|
|
|
};
|
|
|
|
in {
|
2018-02-14 05:20:16 +00:00
|
|
|
name = "docker-tools";
|
2021-01-10 19:08:30 +00:00
|
|
|
meta = with pkgs.lib.maintainers; {
|
2021-05-08 13:00:19 +00:00
|
|
|
maintainers = [ lnl7 roberth ];
|
2018-02-14 05:20:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
nodes = {
|
2020-02-13 11:38:26 +00:00
|
|
|
docker = { ... }: {
|
|
|
|
virtualisation = {
|
|
|
|
diskSize = 2048;
|
|
|
|
docker.enable = true;
|
2018-02-14 05:20:16 +00:00
|
|
|
};
|
2020-02-13 11:38:26 +00:00
|
|
|
};
|
2018-02-14 05:20:16 +00:00
|
|
|
};
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
testScript = with pkgs.dockerTools; ''
|
|
|
|
unix_time_second1 = "1970-01-01T00:00:01Z"
|
|
|
|
|
2021-01-15 13:53:43 +00:00
|
|
|
docker.wait_for_unit("sockets.target")
|
2020-02-13 11:38:26 +00:00
|
|
|
|
2021-05-25 13:04:45 +00:00
|
|
|
with subtest("includeStorePath"):
|
|
|
|
with subtest("assumption"):
|
|
|
|
docker.succeed("${examples.helloOnRoot} | docker load")
|
2021-06-04 12:48:00 +00:00
|
|
|
docker.succeed("docker run --rm hello | grep -i hello")
|
2021-05-25 13:04:45 +00:00
|
|
|
docker.succeed("docker image rm hello:latest")
|
|
|
|
with subtest("includeStorePath = false; breaks example"):
|
|
|
|
docker.succeed("${examples.helloOnRootNoStore} | docker load")
|
2021-06-04 12:48:00 +00:00
|
|
|
docker.fail("docker run --rm hello | grep -i hello")
|
2021-05-25 13:04:45 +00:00
|
|
|
docker.succeed("docker image rm hello:latest")
|
|
|
|
with subtest("includeStorePath = false; works with mounted store"):
|
|
|
|
docker.succeed("${examples.helloOnRootNoStore} | docker load")
|
2021-06-04 12:48:00 +00:00
|
|
|
docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
|
2021-05-25 13:04:45 +00:00
|
|
|
docker.succeed("docker image rm hello:latest")
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
with subtest("Ensure Docker images use a stable date by default"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.bash}'"
|
|
|
|
)
|
|
|
|
assert unix_time_second1 in docker.succeed(
|
|
|
|
"docker inspect ${examples.bash.imageName} "
|
|
|
|
+ "| ${pkgs.jq}/bin/jq -r .[].Created",
|
|
|
|
)
|
|
|
|
|
|
|
|
docker.succeed("docker run --rm ${examples.bash.imageName} bash --version")
|
2020-07-11 13:51:58 +00:00
|
|
|
# Check imageTag attribute matches image
|
|
|
|
docker.succeed("docker images --format '{{.Tag}}' | grep -F '${examples.bash.imageTag}'")
|
2020-02-13 11:38:26 +00:00
|
|
|
docker.succeed("docker rmi ${examples.bash.imageName}")
|
|
|
|
|
2020-07-11 13:51:58 +00:00
|
|
|
# The remaining combinations
|
|
|
|
with subtest("Ensure imageTag attribute matches image"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.bashNoTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTag.imageTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed("docker rmi ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag}")
|
|
|
|
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.bashNoTagLayered}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTagLayered.imageTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed("docker rmi ${examples.bashNoTagLayered.imageName}:${examples.bashNoTagLayered.imageTag}")
|
|
|
|
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.bashNoTagStreamLayered} | docker load"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTagStreamLayered.imageTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker rmi ${examples.bashNoTagStreamLayered.imageName}:${examples.bashNoTagStreamLayered.imageTag}"
|
|
|
|
)
|
|
|
|
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.nixLayered}'"
|
|
|
|
)
|
|
|
|
docker.succeed("docker images --format '{{.Tag}}' | grep -F '${examples.nixLayered.imageTag}'")
|
|
|
|
docker.succeed("docker rmi ${examples.nixLayered.imageName}")
|
|
|
|
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
with subtest(
|
|
|
|
"Check if the nix store is correctly initialized by listing "
|
|
|
|
"dependencies of the installed Nix binary"
|
|
|
|
):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.nix}'",
|
|
|
|
"docker run --rm ${examples.nix.imageName} nix-store -qR ${pkgs.nix}",
|
|
|
|
"docker rmi ${examples.nix.imageName}",
|
|
|
|
)
|
|
|
|
|
2020-07-30 15:18:41 +00:00
|
|
|
with subtest(
|
|
|
|
"Ensure (layered) nix store has correct permissions "
|
|
|
|
"and that the container starts when its process does not have uid 0"
|
|
|
|
):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.bashLayeredWithUser}'",
|
|
|
|
"docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'",
|
|
|
|
"docker rmi ${examples.bashLayeredWithUser.imageName}",
|
|
|
|
)
|
|
|
|
|
2020-06-18 15:29:21 +00:00
|
|
|
with subtest("The nix binary symlinks are intact"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.nix}'",
|
|
|
|
"docker run --rm ${examples.nix.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",
|
|
|
|
"docker rmi ${examples.nix.imageName}",
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("The nix binary symlinks are intact when the image is layered"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.nixLayered}'",
|
|
|
|
"docker run --rm ${examples.nixLayered.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",
|
|
|
|
"docker rmi ${examples.nixLayered.imageName}",
|
|
|
|
)
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
with subtest("The pullImage tool works"):
|
|
|
|
docker.succeed(
|
2021-09-29 12:37:31 +00:00
|
|
|
"docker load --input='${examples.testNixFromDockerHub}'",
|
2020-02-13 11:38:26 +00:00
|
|
|
"docker run --rm nix:2.2.1 nix-store --version",
|
|
|
|
"docker rmi nix:2.2.1",
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("runAsRoot and entry point work"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.nginx}'",
|
|
|
|
"docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}",
|
|
|
|
)
|
2020-09-16 17:00:25 +00:00
|
|
|
docker.wait_until_succeeds("curl -f http://localhost:8000/")
|
2020-02-13 11:38:26 +00:00
|
|
|
docker.succeed(
|
2020-12-02 07:03:38 +00:00
|
|
|
"docker rm --force nginx",
|
|
|
|
"docker rmi '${examples.nginx.imageName}'",
|
2020-02-13 11:38:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("A pulled image can be used as base image"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.onTopOfPulledImage}'",
|
|
|
|
"docker run --rm ontopofpulledimage hello",
|
|
|
|
"docker rmi ontopofpulledimage",
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("Regression test for issue #34779"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.runAsRootExtraCommands}'",
|
|
|
|
"docker run --rm runasrootextracommands cat extraCommands",
|
|
|
|
"docker run --rm runasrootextracommands cat runAsRoot",
|
|
|
|
"docker rmi '${examples.runAsRootExtraCommands.imageName}'",
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("Ensure Docker images can use an unstable date"):
|
|
|
|
docker.succeed(
|
2020-07-09 07:34:18 +00:00
|
|
|
"docker load --input='${examples.unstableDate}'"
|
2020-02-13 11:38:26 +00:00
|
|
|
)
|
|
|
|
assert unix_time_second1 not in docker.succeed(
|
|
|
|
"docker inspect ${examples.unstableDate.imageName} "
|
|
|
|
+ "| ${pkgs.jq}/bin/jq -r .[].Created"
|
|
|
|
)
|
|
|
|
|
2020-07-09 07:34:18 +00:00
|
|
|
with subtest("Ensure Layered Docker images can use an unstable date"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.unstableDateLayered}'"
|
|
|
|
)
|
|
|
|
assert unix_time_second1 not in docker.succeed(
|
|
|
|
"docker inspect ${examples.unstableDateLayered.imageName} "
|
|
|
|
+ "| ${pkgs.jq}/bin/jq -r .[].Created"
|
|
|
|
)
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
with subtest("Ensure Layered Docker images work"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.layered-image}'",
|
|
|
|
"docker run --rm ${examples.layered-image.imageName}",
|
|
|
|
"docker run --rm ${examples.layered-image.imageName} cat extraCommands",
|
|
|
|
)
|
|
|
|
|
2021-03-08 20:36:13 +00:00
|
|
|
with subtest("Ensure images built on top of layered Docker images work"):
|
2020-02-13 11:38:26 +00:00
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.layered-on-top}'",
|
|
|
|
"docker run --rm ${examples.layered-on-top.imageName}",
|
|
|
|
)
|
|
|
|
|
2021-03-08 20:36:13 +00:00
|
|
|
with subtest("Ensure layered images built on top of layered Docker images work"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.layered-on-top-layered}'",
|
|
|
|
"docker run --rm ${examples.layered-on-top-layered.imageName}",
|
|
|
|
)
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
|
|
|
|
def set_of_layers(image_name):
|
|
|
|
return set(
|
|
|
|
docker.succeed(
|
|
|
|
f"docker inspect {image_name} "
|
|
|
|
+ "| ${pkgs.jq}/bin/jq -r '.[] | .RootFS.Layers | .[]'"
|
|
|
|
).split()
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
with subtest("Ensure layers are shared between images"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.another-layered-image}'"
|
|
|
|
)
|
|
|
|
layers1 = set_of_layers("${examples.layered-image.imageName}")
|
|
|
|
layers2 = set_of_layers("${examples.another-layered-image.imageName}")
|
|
|
|
assert bool(layers1 & layers2)
|
|
|
|
|
|
|
|
with subtest("Ensure order of layers is correct"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.layersOrder}'"
|
|
|
|
)
|
|
|
|
|
|
|
|
for index in 1, 2, 3:
|
|
|
|
assert f"layer{index}" in docker.succeed(
|
|
|
|
f"docker run --rm ${examples.layersOrder.imageName} cat /tmp/layer{index}"
|
|
|
|
)
|
|
|
|
|
2021-12-18 01:26:53 +00:00
|
|
|
with subtest("Ensure layers unpacked in correct order before runAsRoot runs"):
|
|
|
|
assert "abc" in docker.succeed(
|
|
|
|
"docker load --input='${examples.layersUnpackOrder}'",
|
|
|
|
"docker run --rm ${examples.layersUnpackOrder.imageName} cat /layer-order"
|
|
|
|
)
|
|
|
|
|
2023-02-03 23:49:39 +00:00
|
|
|
with subtest("Ensure repeated base layers handled by buildImage"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${repeatedLayerTestImage}'",
|
|
|
|
"docker run --rm ${repeatedLayerTestImage.imageName} /bin/bash -c 'exit 0'"
|
|
|
|
)
|
|
|
|
|
2020-05-08 09:49:16 +00:00
|
|
|
with subtest("Ensure environment variables are correctly inherited"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.environmentVariables}'"
|
|
|
|
)
|
|
|
|
out = docker.succeed("docker run --rm ${examples.environmentVariables.imageName} env")
|
|
|
|
env = out.splitlines()
|
|
|
|
assert "FROM_PARENT=true" in env, "envvars from the parent should be preserved"
|
|
|
|
assert "FROM_CHILD=true" in env, "envvars from the child should be preserved"
|
|
|
|
assert "LAST_LAYER=child" in env, "envvars from the child should take priority"
|
|
|
|
|
2021-03-08 20:36:13 +00:00
|
|
|
with subtest("Ensure environment variables of layered images are correctly inherited"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.environmentVariablesLayered}'"
|
|
|
|
)
|
|
|
|
out = docker.succeed("docker run --rm ${examples.environmentVariablesLayered.imageName} env")
|
|
|
|
env = out.splitlines()
|
|
|
|
assert "FROM_PARENT=true" in env, "envvars from the parent should be preserved"
|
|
|
|
assert "FROM_CHILD=true" in env, "envvars from the child should be preserved"
|
|
|
|
assert "LAST_LAYER=child" in env, "envvars from the child should take priority"
|
|
|
|
|
2021-03-25 16:38:37 +00:00
|
|
|
with subtest(
|
|
|
|
"Ensure inherited environment variables of layered images are correctly resolved"
|
|
|
|
):
|
|
|
|
# Read environment variables as stored in image config
|
|
|
|
config = docker.succeed(
|
|
|
|
"tar -xOf ${examples.environmentVariablesLayered} manifest.json | ${pkgs.jq}/bin/jq -r .[].Config"
|
|
|
|
).strip()
|
|
|
|
out = docker.succeed(
|
|
|
|
f"tar -xOf ${examples.environmentVariablesLayered} {config} | ${pkgs.jq}/bin/jq -r '.config.Env | .[]'"
|
|
|
|
)
|
|
|
|
env = out.splitlines()
|
|
|
|
assert (
|
|
|
|
sum(entry.startswith("LAST_LAYER") for entry in env) == 1
|
|
|
|
), "envvars overridden by child should be unique"
|
|
|
|
|
2020-02-13 11:38:26 +00:00
|
|
|
with subtest("Ensure image with only 2 layers can be loaded"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.two-layered-image}'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest(
|
|
|
|
"Ensure the bulk layer doesn't miss store paths (regression test for #78744)"
|
|
|
|
):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${pkgs.dockerTools.examples.bulk-layer}'",
|
|
|
|
# Ensure the two output paths (ls and hello) are in the layer
|
|
|
|
"docker run bulk-layer ls /bin/hello",
|
|
|
|
)
|
2020-02-23 23:41:55 +00:00
|
|
|
|
2021-03-08 20:36:13 +00:00
|
|
|
with subtest(
|
|
|
|
"Ensure the bulk layer with a base image respects the number of maxLayers"
|
|
|
|
):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${pkgs.dockerTools.examples.layered-bulk-layer}'",
|
|
|
|
# Ensure the image runs correctly
|
|
|
|
"docker run layered-bulk-layer ls /bin/hello",
|
|
|
|
)
|
|
|
|
|
|
|
|
# Ensure the image has the correct number of layers
|
|
|
|
assert len(set_of_layers("layered-bulk-layer")) == 4
|
|
|
|
|
2021-10-01 11:47:01 +00:00
|
|
|
with subtest("Ensure only minimal paths are added to the store"):
|
|
|
|
# TODO: make an example that has no store paths, for example by making
|
|
|
|
# busybox non-self-referential.
|
|
|
|
|
2020-08-14 09:06:00 +00:00
|
|
|
# This check tests that buildLayeredImage can build images that don't need a store.
|
2020-02-23 23:41:55 +00:00
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${pkgs.dockerTools.examples.no-store-paths}'"
|
|
|
|
)
|
|
|
|
|
2021-10-01 11:47:01 +00:00
|
|
|
docker.succeed("docker run --rm no-store-paths ls / >/dev/console")
|
|
|
|
|
|
|
|
# If busybox isn't self-referential, we need this line
|
|
|
|
# docker.fail("docker run --rm no-store-paths ls /nix/store >/dev/console")
|
|
|
|
# However, it currently is self-referential, so we check that it is the
|
|
|
|
# only store path.
|
|
|
|
docker.succeed("diff <(docker run --rm no-store-paths ls /nix/store) <(basename ${pkgs.pkgsStatic.busybox}) >/dev/console")
|
2020-07-04 10:00:57 +00:00
|
|
|
|
2020-07-06 04:59:58 +00:00
|
|
|
with subtest("Ensure buildLayeredImage does not change store path contents."):
|
2020-07-04 10:00:57 +00:00
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${pkgs.dockerTools.examples.filesInStore}'",
|
2020-07-06 04:59:58 +00:00
|
|
|
"docker run --rm file-in-store nix-store --verify --check-contents",
|
|
|
|
"docker run --rm file-in-store |& grep 'some data'",
|
2020-07-04 10:00:57 +00:00
|
|
|
)
|
2020-11-19 17:12:36 +00:00
|
|
|
|
|
|
|
with subtest("Ensure cross compiled image can be loaded and has correct arch."):
|
|
|
|
docker.succeed(
|
2020-11-20 10:57:56 +00:00
|
|
|
"docker load --input='${pkgs.dockerTools.examples.cross}'",
|
2020-11-19 17:12:36 +00:00
|
|
|
)
|
|
|
|
assert (
|
|
|
|
docker.succeed(
|
2020-11-20 10:57:56 +00:00
|
|
|
"docker inspect ${pkgs.dockerTools.examples.cross.imageName} "
|
2020-11-19 17:12:36 +00:00
|
|
|
+ "| ${pkgs.jq}/bin/jq -r .[].Architecture"
|
|
|
|
).strip()
|
2022-04-05 00:18:44 +00:00
|
|
|
== "${if pkgs.stdenv.hostPlatform.system == "aarch64-linux" then "amd64" else "arm64"}"
|
2020-11-19 17:12:36 +00:00
|
|
|
)
|
2021-01-04 20:33:32 +00:00
|
|
|
|
|
|
|
with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.layeredStoreSymlink}'",
|
|
|
|
"docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'",
|
|
|
|
"docker rmi ${examples.layeredStoreSymlink.imageName}",
|
|
|
|
)
|
2021-03-09 18:32:54 +00:00
|
|
|
|
|
|
|
with subtest("buildImage supports registry/ prefix in image name"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.prefixedImage}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Repository}}' | grep -F '${examples.prefixedImage.imageName}'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildLayeredImage supports registry/ prefix in image name"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.prefixedLayeredImage}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Repository}}' | grep -F '${examples.prefixedLayeredImage.imageName}'"
|
|
|
|
)
|
2021-04-07 09:11:02 +00:00
|
|
|
|
|
|
|
with subtest("buildLayeredImage supports running chown with fakeRootCommands"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.layeredImageWithFakeRootCommands}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
2022-07-28 14:56:07 +00:00
|
|
|
"docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/alice | grep -E ^1000$'"
|
2021-04-07 09:11:02 +00:00
|
|
|
)
|
2021-03-30 09:53:29 +00:00
|
|
|
|
|
|
|
with subtest("Ensure docker load on merged images loads all of the constituent images"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.mergedBashAndRedis}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.bash.imageName}-${examples.bash.imageTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.redis.imageName}-${examples.redis.imageTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed("docker run --rm ${examples.bash.imageName} bash --version")
|
|
|
|
docker.succeed("docker run --rm ${examples.redis.imageName} redis-cli --version")
|
|
|
|
docker.succeed("docker rmi ${examples.bash.imageName}")
|
|
|
|
docker.succeed("docker rmi ${examples.redis.imageName}")
|
|
|
|
|
|
|
|
with subtest(
|
|
|
|
"Ensure docker load on merged images loads all of the constituent images (missing tags)"
|
|
|
|
):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.mergedBashNoTagAndRedis}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.bashNoTag.imageName}-${examples.bashNoTag.imageTag}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.redis.imageName}-${examples.redis.imageTag}'"
|
|
|
|
)
|
|
|
|
# we need to explicitly specify the generated tag here
|
|
|
|
docker.succeed(
|
|
|
|
"docker run --rm ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag} bash --version"
|
|
|
|
)
|
|
|
|
docker.succeed("docker run --rm ${examples.redis.imageName} redis-cli --version")
|
|
|
|
docker.succeed("docker rmi ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag}")
|
|
|
|
docker.succeed("docker rmi ${examples.redis.imageName}")
|
2021-04-07 14:05:36 +00:00
|
|
|
|
|
|
|
with subtest("mergeImages preserves owners of the original images"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.mergedBashFakeRoot}'"
|
|
|
|
)
|
|
|
|
docker.succeed(
|
2022-07-28 14:56:07 +00:00
|
|
|
"docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/alice | grep -E ^1000$'"
|
2021-04-07 14:05:36 +00:00
|
|
|
)
|
2021-05-08 11:49:39 +00:00
|
|
|
|
2021-10-01 11:47:01 +00:00
|
|
|
with subtest("The image contains store paths referenced by the fakeRootCommands output"):
|
|
|
|
docker.succeed(
|
2021-12-02 22:26:05 +00:00
|
|
|
"docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} /hello/bin/layeredImageWithFakeRootCommands-hello"
|
2021-10-01 11:47:01 +00:00
|
|
|
)
|
|
|
|
|
2021-05-08 11:49:39 +00:00
|
|
|
with subtest("exportImage produces a valid tarball"):
|
|
|
|
docker.succeed(
|
2021-09-29 11:40:31 +00:00
|
|
|
"tar -tf ${examples.exportBash} | grep '\./bin/bash' > /dev/null"
|
2021-05-08 11:49:39 +00:00
|
|
|
)
|
2021-10-18 10:39:51 +00:00
|
|
|
|
2021-10-01 13:53:30 +00:00
|
|
|
with subtest("layered image fakeRootCommands with fakechroot works"):
|
|
|
|
docker.succeed("${examples.imageViaFakeChroot} | docker load")
|
|
|
|
docker.succeed("docker run --rm image-via-fake-chroot | grep -i hello")
|
|
|
|
docker.succeed("docker image rm image-via-fake-chroot:latest")
|
|
|
|
|
2021-10-18 10:39:51 +00:00
|
|
|
with subtest("Ensure bare paths in contents are loaded correctly"):
|
|
|
|
docker.succeed(
|
|
|
|
"docker load --input='${examples.build-image-with-path}'",
|
|
|
|
"docker run --rm build-image-with-path bash -c '[[ -e /hello.txt ]]'",
|
|
|
|
"docker rmi build-image-with-path",
|
|
|
|
)
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.layered-image-with-path} | docker load",
|
|
|
|
"docker run --rm layered-image-with-path bash -c '[[ -e /hello.txt ]]'",
|
|
|
|
"docker rmi layered-image-with-path",
|
|
|
|
)
|
|
|
|
|
2022-11-21 12:10:07 +00:00
|
|
|
with subtest("Ensure correct architecture is present in manifests."):
|
2022-12-08 21:29:19 +00:00
|
|
|
docker.succeed("""
|
|
|
|
docker load --input='${examples.build-image-with-architecture}'
|
|
|
|
docker inspect build-image-with-architecture \
|
|
|
|
| ${pkgs.jq}/bin/jq -er '.[] | select(.Architecture=="arm64").Architecture'
|
|
|
|
docker rmi build-image-with-architecture
|
|
|
|
""")
|
|
|
|
docker.succeed("""
|
|
|
|
${examples.layered-image-with-architecture} | docker load
|
|
|
|
docker inspect layered-image-with-architecture \
|
|
|
|
| ${pkgs.jq}/bin/jq -er '.[] | select(.Architecture=="arm64").Architecture'
|
|
|
|
docker rmi layered-image-with-architecture
|
|
|
|
""")
|
2022-11-21 12:10:07 +00:00
|
|
|
|
2021-12-03 12:23:23 +00:00
|
|
|
with subtest("etc"):
|
|
|
|
docker.succeed("${examples.etc} | docker load")
|
|
|
|
docker.succeed("docker run --rm etc | grep localhost")
|
|
|
|
docker.succeed("docker image rm etc:latest")
|
|
|
|
|
2022-09-21 00:00:04 +00:00
|
|
|
with subtest("image-with-certs"):
|
|
|
|
docker.succeed("<${examples.image-with-certs} docker load")
|
|
|
|
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/ssl/certs/ca-bundle.crt")
|
|
|
|
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/ssl/certs/ca-certificates.crt")
|
|
|
|
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/pki/tls/certs/ca-bundle.crt")
|
|
|
|
docker.succeed("docker image rm image-with-certs:latest")
|
|
|
|
|
2022-05-16 15:00:54 +00:00
|
|
|
with subtest("buildNixShellImage: Can build a basic derivation"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-basic} | docker load",
|
|
|
|
"docker run --rm nix-shell-basic bash -c 'buildDerivation && $out/bin/hello' | grep '^Hello, world!$'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: Runs the shell hook"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-hook} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-hook | grep 'This is the shell hook!'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: Sources stdenv, making build inputs available"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-inputs} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-inputs | grep 'Hello, world!'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: passAsFile works"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-pass-as-file} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-pass-as-file | grep 'this is a string'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: run argument works"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-run} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-run | grep 'This shell is not interactive'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: command argument works"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-command} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-command | grep 'This shell is interactive'"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: home directory is writable by default"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-writable-home} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-writable-home"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: home directory can be made non-existent"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-nonexistent-home} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-nonexistent-home"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("buildNixShellImage: can build derivations"):
|
|
|
|
docker.succeed(
|
|
|
|
"${examples.nix-shell-build-derivation} | docker load",
|
|
|
|
"docker run --rm -it nix-shell-build-derivation"
|
|
|
|
)
|
2020-02-13 11:38:26 +00:00
|
|
|
'';
|
2018-02-14 05:20:16 +00:00
|
|
|
})
|