From 62e9e0f963afed39d02cba9d9d88dbb7f3bb47cf Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Mon, 6 May 2024 14:57:08 +0200 Subject: [PATCH] dockerTools: add includeNixDB to buildImage and document --- .../images/dockertools.section.md | 13 +++++++++ pkgs/build-support/docker/default.nix | 28 +++++++++---------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/doc/build-helpers/images/dockertools.section.md b/doc/build-helpers/images/dockertools.section.md index 001d5695290e..945bfdb27682 100644 --- a/doc/build-helpers/images/dockertools.section.md +++ b/doc/build-helpers/images/dockertools.section.md @@ -185,6 +185,19 @@ Similarly, if you encounter errors similar to `Error_Protocol ("certificate has _Default value:_ `"gz"`.\ _Possible values:_ `"none"`, `"gz"`, `"zstd"`. +`includeNixDB` (Boolean; _optional_) + +: Populate the nix database in the image with the dependencies of `copyToRoot`. + The main purpose is to be able to use nix commands in the container. + + :::{.caution} + Be careful since this doesn't work well in combination with `fromImage`. In particular, in a multi-layered image, only the Nix paths from the lower image will be in the database. + + This also neglects to register the store paths that are pulled into the image as a dependency of one of the other values, but aren't a dependency of `copyToRoot`. + ::: + + _Default value:_ `false`. + `contents` **DEPRECATED** : This attribute is deprecated, and users are encouraged to use `copyToRoot` instead. diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index de081d709f9f..d915778c0731 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -570,6 +570,8 @@ rec { created ? "1970-01-01T00:00:01Z" , # Compressor to use. One of: none, gz, zstd. compressor ? "gz" + # Populate the nix database in the image with the dependencies of `copyToRoot`. + , includeNixDB ? false , # Deprecated. contents ? null , @@ -607,20 +609,26 @@ rec { compress = compressorForImage compressor name; + # TODO: add the dependencies of the config json. + extraCommandsWithDB = + if includeNixDB then (mkDbExtraCommand rootContents) + extraCommands + else extraCommands; + layer = if runAsRoot == null then mkPureLayer { name = baseName; - inherit baseJson keepContentsDirlinks extraCommands uid gid; + inherit baseJson keepContentsDirlinks uid gid; + extraCommands = extraCommandsWithDB; copyToRoot = rootContents; } else mkRootLayer { name = baseName; inherit baseJson fromImage fromImageName fromImageTag - keepContentsDirlinks runAsRoot diskSize buildVMMemorySize - extraCommands; + keepContentsDirlinks runAsRoot diskSize buildVMMemorySize; + extraCommands = extraCommandsWithDB; copyToRoot = rootContents; }; result = runCommand "docker-image-${baseName}.tar${compress.ext}" @@ -879,18 +887,9 @@ rec { # the container. # Be careful since this doesn't work well with multilayer. # TODO: add the dependencies of the config json. - buildImageWithNixDb = args@{ copyToRoot ? contents, contents ? null, extraCommands ? "", ... }: ( - buildImage (args // { - extraCommands = (mkDbExtraCommand copyToRoot) + extraCommands; - }) - ); + buildImageWithNixDb = args: buildImage (args // { includeNixDB = true; }); - # TODO: add the dependencies of the config json. - buildLayeredImageWithNixDb = args@{ contents ? null, extraCommands ? "", ... }: ( - buildLayeredImage (args // { - extraCommands = (mkDbExtraCommand contents) + extraCommands; - }) - ); + buildLayeredImageWithNixDb = args: buildLayeredImage (args // { includeNixDB = true; }); # Arguments are documented in ../../../doc/build-helpers/images/dockertools.section.md streamLayeredImage = lib.makeOverridable ( @@ -911,7 +910,6 @@ rec { , fakeRootCommands ? "" , enableFakechroot ? false , includeStorePaths ? true - # Generate a Nix DB inside the image. The same caveats as `buildImageWithNixDb` apply. , includeNixDB ? false , passthru ? {} ,