dockerTools: Test buildLayeredImage with symlinks

This exercises layer creation in face of store path symlinks, ensuring they are not dereferenced, which can lead to broken layer tarballs
2024-11-22 06:53:01 +00:00 · 2021-01-04 21:33:32 +01:00 · 2021-01-04 21:33:32 +01:00 · ffe5ff6009
commit ffe5ff6009
parent 08b0d02944
2 changed files with 18 additions and 0 deletions
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -247,5 +247,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
            ).strip()
            == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}"
        )
+
+    with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"):
+        docker.succeed(
+            "docker load --input='${examples.layeredStoreSymlink}'",
+            "docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'",
+            "docker rmi ${examples.layeredStoreSymlink.imageName}",
+        )
  '';
 })
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -416,4 +416,15 @@ rec {
    contents = crossPkgs.hello;
  };

+  # layered image where a store path is itself a symlink
+  layeredStoreSymlink =
+  let
+    target = pkgs.writeTextDir "dir/target" "Content doesn't matter.";
+    symlink = pkgs.runCommandNoCC "symlink" {} "ln -s ${target} $out";
+  in
+    pkgs.dockerTools.buildLayeredImage {
+      name = "layeredstoresymlink";
+      tag = "latest";
+      contents = [ pkgs.bash symlink ];
+    } // { passthru = { inherit symlink; }; };
 }