Commit Graph

259 Commits

Author SHA1 Message Date
Robert Hensing
cbb1f39264 nixosTests.docker-tools: Add image-with-certs 2022-09-21 01:00:04 +01:00
Ross Light
f140b54916 dockerTools: add missing mkdir to caCertificates derivation 2022-09-20 08:07:23 -07:00
Robert Hensing
62b25a28fe
Merge pull request #170906 from Sohalt/dockerTools.ca-certificates.crt
dockerTools ca-certificates.crt helper
2022-08-31 14:08:02 +02:00
Alex James
c9af898255
dockerTools.buildImage: make VM memSize configurable
Fixes #186752. This adds buildVMMemorySize (defaults to 512 MiB) to
buildImage, which is passed to vm.runInLinuxVM. This is needed for
larger base images, which may otherwise cause container build failures
due to OOM in the VM.
2022-08-16 21:47:29 -05:00
olaf
5a6853b3bf use consistently user alice for examples 2022-08-05 13:13:24 +02:00
zowoq
0c98db7b91 dockerTools: use list of strings for configureFlags 2022-07-15 10:23:07 +10:00
Robert Hensing
e007eb480c dockerTools.buildImage: Add copyToRoot to replace contents, explain usage 2022-07-06 07:30:24 +02:00
Robert Hensing
44522c1d59 dockerTools.examples.etc: Make it a reliable test
/etc/hosts is generally also provided by the container runtime.
2022-05-30 14:32:14 +02:00
Robert Hensing
116832edbf dockerTools: Add example of using NixOS' etc
(cherry picked from commit 9b2af8673b)
2022-05-30 14:26:52 +02:00
Robert Hensing
c071530ca5 testers.invalidateFetcherByDrvHash: Move from top-level 2022-05-05 12:08:50 +02:00
sohalt
f238aa9833 dockerTools: add caCertificates helper
Various tools (e.g. wget) expect the ca bundle to be available at
/etc/ssl/certs/ca-certificates.crt
2022-05-03 11:57:25 +02:00
Ben Siraphob
259fa13d53 treewide: remove nativeBuildInputs that are in stdenv 2022-04-16 21:46:46 +03:00
zowoq
e65aba25f8 dockerTools: misc fixes
- add nixosTests to `dockerTools.tests`
- don't use `pkgs` or `lib.singleton`
2022-04-05 17:04:59 +10:00
zowoq
76636e0099 dockerTools: pkgs.system -> pkgs.stdenv.hostPlatform.system
`pkgs.system` is an alias
2022-04-05 10:19:40 +10:00
Florian Klink
76d05dfa62 fakeNss: move to toplevel
Make this reachable from pkgs.fakeNss. This is useful outside docker
contexts, too.

https://github.com/NixOS/nixpkgs/pull/164943#discussion_r833220769
2022-03-24 18:47:30 +01:00
Vincent Ambo
af9f248926 streamLayeredImage: pass through passthru attributes
This is useful for a use-case we have with a Nix-based CI system that
specifies things like deploy steps as passthru attributes[0].

Previously the only way to do this would have been to concatenate
attributes onto the resulting derivation, but passing them in and
actually treating them as proper passthru attributes is cleaner.

[0]: https://cs.tvl.fyi/depot@f7d7da6aceb407b719cf4683a75878fd3aca319e/-/blob/nix/buildkite/default.nix?L222-226
2022-01-31 10:10:10 +03:00
Andrew Brooks
57718902e3 nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order 2021-12-17 19:26:53 -06:00
Andrew Brooks
69ffb0004a dockerTools.buildImage: unpack base image layers in correct order 2021-12-17 18:28:10 -06:00
Robert Hensing
ddda5f28e1 dockerTools: Keep fakechroot disabled by default
Avoid risk of breaking existing images by making it opt-in.
2021-12-04 13:49:10 +00:00
Robert Hensing
0e9bc9ffd1 dockerTools: Add fakechroot to fakeRootCommands 2021-12-04 13:49:10 +00:00
Robert Hensing
66c19d856b
Merge pull request #148341 from hercules-ci/add-dockerTools-customization-layer-dependencies
dockerTools: Add store dependencies of the customization layer
2021-12-03 00:20:44 +01:00
Robert Hensing
d0bcc212de nixosTests.docker-tools: Use unique binary in test case 2021-12-02 22:26:05 +00:00
Ryan Burns
f67d4dd9c1
Merge pull request #142616 from r-burns/toplevel-system
treewide: remove toplevel `system` attr
2021-10-27 10:03:24 -07:00
Robert Hensing
8ecfaf3543 dockerTools: Fix test 2021-10-25 12:25:01 +02:00
Ryan Burns
aed6bb336e build-support/docker: remove toplevel system attr 2021-10-22 14:04:05 -07:00
Robert Hensing
3b9d05e114 dockerTools: Fix and test #118722 path in contents 2021-10-18 12:41:51 +02:00
Robert Hensing
48cfdc8ca5 dockerTools: Add store dependencies of the customization layer 2021-10-06 22:45:04 +02:00
Robert Hensing
286c71a230
Merge pull request #139892 from hercules-ci/dockerTools-test-pullImage
dockerTools: test pullImage
2021-09-29 15:27:49 +02:00
Robert Hensing
16a4da9127 dockerTools: Test pullImage fetcher whenever its implementation changes 2021-09-29 14:41:08 +02:00
Robert Hensing
1a0edf135a dockerTools.exportImage: Make $out a tarball again 2021-09-29 09:34:45 +02:00
Robert Hensing
63bf4539b9 dockerTools.runWithOverlay: Avoid cluttering $out and copying 2021-09-29 09:34:06 +02:00
Justin Bedo
fa0cc611ff
dockerTools: fix export 2021-09-29 15:35:25 +10:00
Justin Bedo
0319228a45
docker-tools: add example for exportImage functionality and test 2021-09-29 15:35:21 +10:00
divanorama
b012fe5e7e
use --verbatim-files-from in dockerTools
https://www.gnu.org/software/tar/manual/html_node/files.html
files starting with - can be treated as command line options, which isn't desirable here
2021-09-10 19:12:32 +02:00
Florian Klink
14b61efa87 dockerTools.usrBinEnv: add
This provides a /usr/bin/env, for shell scripts using the
"/usr/bin/env executable" shebang.
2021-08-25 16:08:39 +02:00
Florian Klink
f8031c60b7
dockerTools.fakeNss: add /etc/nsswitch.conf (#134958)
Apparently, a non-existent nsswitch.conf causes a very misleading host
resolution, differing from the defaults people are used to.

According to
https://github.com/golang/go/issues/22846#issuecomment-346377144, glibc
says the default is "dns [!UNAVAIL=return] files".

This means, `/etc/hosts` isn't really honored, causing all sorts of
unexpected behaviour.

Let's prevent this, and first ask `/etc/hosts` before querying DNS, like
we do on NixOS too.
2021-08-20 19:44:17 +02:00
Robert Hensing
fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
Luke Granger-Brown
dbe9bf9848 dockerTools.pullImage: fix for skopeo 1.4.x
skopeo 1.4.x doesn't accept --src-tls-verify as a flag to the *program*,
only as a flag to copy; we must pass it after the "copy" verb, or it
will fail with:

> FATA[0000] unknown flag: --src-tls-verify
2021-08-14 21:21:26 +00:00
Sandro Jäckel
ceb417aaf1
docker: format 2021-08-10 10:32:46 +02:00
Robert Hensing
1c4b1018a3
Merge pull request #132626 from zowoq/tarsum
tarsum: init
2021-08-05 12:14:35 +02:00
zowoq
5dde5ea73e tarsum: init
- move from dockerTools.tarsum
- remove go from runtime closure
2021-08-05 08:54:41 +10:00
Robert Hensing
641bac80e5
dockerTools.buildImage: Allow build on darwin (#132640)
Indeed Docker can not run darwin exes, but darwin can build
Docker images, as some users already do with buildLayeredImage.
2021-08-04 06:06:06 -04:00
zowoq
05fe220746 dockerTools.tarsum: use current go 2021-07-08 16:31:33 +10:00
Luke Granger-Brown
48c23a086b dockerTools.pullImage: force disable skopeo's progress bar
skopeo will disable the progress bar if it detects that stdout isn't a
TTY - in order to make it think that stdout _isn't_ a TTY and therefore
avoid it printing a lot of "…" on separate lines, we pipe the output
through cat.

This changes the output from:

…
…
…
…
…
…

to the eminently more useful and less spammy:

Getting image source signatures
Copying blob sha256:[snip]
Copying blob sha256:[snip]
Copying blob sha256:[snip]
Copying config sha256:[snip]
Writing manifest to image destination
Storing signatures
2021-07-03 01:40:38 +00:00
Robert Hensing
76f53eef48
Merge pull request #125223 from hercules-ci/fix-dockerTools-example-fetch-sha
nixosTests.docker-tools: Fix nixFromDockerHub example sha
2021-06-10 10:10:18 +02:00
Robert Hensing
1834bc8711
Merge pull request #125216 from hercules-ci/follow-up-115491
dockerTools: Fix passthru image tag
2021-06-02 16:58:49 +02:00
Robert Hensing
d155b8c438 nixosTests.docker-tools: Fix nixFromDockerHub example sha
For https://github.com/NixOS/nixpkgs/pull/125211 I tried to test
the fetcher with

    nix-build -A dockerTools.examples.nixFromDockerHub --option substitute false

But it failed. I haven't figured out the cause, but the outputs
match, so it's probably the hashing method (flat/recursive) that
changed at some point. (The names did match.)
2021-06-01 15:13:03 +02:00
Robert Hensing
7f6a395070
Merge pull request #125211 from edwtjo/docker-fetch-wotls
build-support/docker: pass tlsVerify to support http registries
2021-06-01 15:07:48 +02:00
Robert Hensing
ff55c41fac dockerTools: Fix passthru image tag
It should match the actual image tag.
This fixes the problem introduced in 00996b5e03
https://github.com/NixOS/nixpkgs/pull/115491#pullrequestreview-672789901
2021-06-01 14:42:21 +02:00
Edward Tjörnhammar
ab4649e9d1
build-support/docker: pass tlsVerify to support http registries 2021-06-01 14:34:24 +02:00