mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 23:43:30 +00:00
Merge pull request #105685 from flokli/dockertools-fakenss
dockerTools.fakeNss: init
This commit is contained in:
commit
7a34bcc2a3
@ -1,4 +1,5 @@
|
||||
{
|
||||
bashInteractive,
|
||||
buildPackages,
|
||||
cacert,
|
||||
callPackage,
|
||||
@ -29,6 +30,7 @@
|
||||
writeReferencesToFile,
|
||||
writeScript,
|
||||
writeText,
|
||||
writeTextDir,
|
||||
writePython3,
|
||||
system, # Note: This is the cross system we're compiling for
|
||||
}:
|
||||
@ -70,7 +72,7 @@ in
|
||||
rec {
|
||||
|
||||
examples = callPackage ./examples.nix {
|
||||
inherit buildImage pullImage shadowSetup buildImageWithNixDb;
|
||||
inherit buildImage buildLayeredImage fakeNss pullImage shadowSetup buildImageWithNixDb;
|
||||
};
|
||||
|
||||
pullImage = let
|
||||
@ -684,6 +686,33 @@ rec {
|
||||
in
|
||||
result;
|
||||
|
||||
# Provide a /etc/passwd and /etc/group that contain root and nobody.
|
||||
# Useful when packaging binaries that insist on using nss to look up
|
||||
# username/groups (like nginx).
|
||||
# /bin/sh is fine to not exist, and provided by another shim.
|
||||
fakeNss = symlinkJoin {
|
||||
name = "fake-nss";
|
||||
paths = [
|
||||
(writeTextDir "etc/passwd" ''
|
||||
root:x:0:0:root user:/var/empty:/bin/sh
|
||||
nobody:x:65534:65534:nobody:/var/empty:/bin/sh
|
||||
'')
|
||||
(writeTextDir "etc/group" ''
|
||||
root:x:0:
|
||||
nobody:x:65534:
|
||||
'')
|
||||
(runCommand "var-empty" {} ''
|
||||
mkdir -p $out/var/empty
|
||||
'')
|
||||
];
|
||||
};
|
||||
|
||||
# This provides /bin/sh, pointing to bashInteractive.
|
||||
binSh = runCommand "bin-sh" {} ''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${bashInteractive}/bin/bash $out/bin/sh
|
||||
'';
|
||||
|
||||
# Build an image and populate its nix database with the provided
|
||||
# contents. The main purpose is to be able to use nix commands in
|
||||
# the container.
|
||||
|
@ -7,7 +7,7 @@
|
||||
# $ nix-build '<nixpkgs>' -A dockerTools.examples.redis
|
||||
# $ docker load < result
|
||||
|
||||
{ pkgs, buildImage, pullImage, shadowSetup, buildImageWithNixDb, pkgsCross }:
|
||||
{ pkgs, buildImage, buildLayeredImage, fakeNss, pullImage, shadowSetup, buildImageWithNixDb, pkgsCross }:
|
||||
|
||||
rec {
|
||||
# 1. basic example
|
||||
@ -44,7 +44,7 @@ rec {
|
||||
nginx = let
|
||||
nginxPort = "80";
|
||||
nginxConf = pkgs.writeText "nginx.conf" ''
|
||||
user nginx nginx;
|
||||
user nobody nobody;
|
||||
daemon off;
|
||||
error_log /dev/stdout info;
|
||||
pid /dev/null;
|
||||
@ -64,10 +64,13 @@ rec {
|
||||
<html><body><h1>Hello from NGINX</h1></body></html>
|
||||
'';
|
||||
in
|
||||
buildImage {
|
||||
buildLayeredImage {
|
||||
name = "nginx-container";
|
||||
tag = "latest";
|
||||
contents = pkgs.nginx;
|
||||
contents = [
|
||||
fakeNss
|
||||
pkgs.nginx
|
||||
];
|
||||
|
||||
extraCommands = ''
|
||||
# nginx still tries to read this directory even if error_log
|
||||
@ -75,12 +78,6 @@ rec {
|
||||
mkdir -p var/log/nginx
|
||||
mkdir -p var/cache/nginx
|
||||
'';
|
||||
runAsRoot = ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
${shadowSetup}
|
||||
groupadd --system nginx
|
||||
useradd --system --gid nginx nginx
|
||||
'';
|
||||
|
||||
config = {
|
||||
Cmd = [ "nginx" "-c" nginxConf ];
|
||||
|
Loading…
Reference in New Issue
Block a user