New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerTools.streamLayeredImage: Store the customisation layer as a tarball #95409
Conversation
I've added the test for arion to make sure its base image is built correctly, which seems to be still the case with this PR.
It would be nice to be able to combine non-symlink files by listing derivations in For completeness I'll note here that you only need to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These names seem to be inaccurate.
e992d22
to
ef35ce1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As for the no-store-paths test case, the most useful property still holds. The others are micro-optimizations. It seems like the test case now has a useless assertions about custom-true
though.
Otherwise looks good afaict.
…rball This fixes as issue described here[1], where permissions set by 'extraCommands' were ignored by Nix. [1] NixOS#91084 (comment)
ef35ce1
to
ae82f81
Compare
Good catch @roberth . I removed those assertions. Sorry about the late reply. @GrahamcOfBorg test docker-tools |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
Motivation for this change
This fixes as issue described here, where permissions set by 'extraCommands' were ignored. We fix it by storing the customisation layer as a tarball rather than a regular directory. Another minor added advantage is that we can precalculate the checksum of the customization layer when building the store path.
The existing NixOS tests pass (
nix-build -A nixosTests.docker-tools
), with one modification where we were asserting that a derivation in 'contents' do not end up in /nix/store of the image if it doesn't have any dependencies; however I do find that behaviour counter-intuitive; since that derivation is declared in 'contents', I'd definitely expect it to end up in the images /nix/store, whether it has any dependencies or not. It looks like that test is introduced here; @roberth can you tell me if I am understanding it correctly?cc @thatsmydoing @purcell
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)