Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 517241f35480
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5540dd9b9ba6
Choose a head ref
  • 3 commits
  • 3 files changed
  • 2 contributors

Commits on Jan 4, 2021

  1. dockerTools: Fix streamLayeredImage for symlinks 

    When archiving `/nix/store/foo` and `foo` is itself a symlink, we must
not traverse the symlink target, but archive the `foo` symlink itself
    @srhb
    srhb committed Jan 4, 2021

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    08b0d02 View commit details

  2. dockerTools: Test buildLayeredImage with symlinks 

    This exercises layer creation in face of store path symlinks, ensuring
they are not dereferenced, which can lead to broken layer tarballs
    @srhb
    srhb committed Jan 4, 2021

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    dtzWill Will Dietz
    GPG key ID: EBB0EA4124809D02
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ffe5ff6 View commit details

Commits on Jan 5, 2021

  1. Merge pull request #108416 from srhb/streamlayeredimage-symlinked-sto… 

    …repaths

dockerTools: Fix streamLayeredImage for symlinks
    @roberth
    roberth authored Jan 5, 2021
    Copy the full SHA
    5540dd9 View commit details
Showing with 23 additions and 1 deletion.
  1. +7 −0 nixos/tests/docker-tools.nix
  2. +11 −0 pkgs/build-support/docker/examples.nix
  3. +5 −1 pkgs/build-support/docker/stream_layered_image.py
7 changes: 7 additions & 0 deletions nixos/tests/docker-tools.nix
View file
Original file line number Diff line number Diff line change
@@ -247,5 +247,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
).strip()
== "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}"
)
with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"):
docker.succeed(
"docker load --input='${examples.layeredStoreSymlink}'",
"docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'",
"docker rmi ${examples.layeredStoreSymlink.imageName}",
)
'';
})
11 changes: 11 additions & 0 deletions pkgs/build-support/docker/examples.nix
View file
Original file line number Diff line number Diff line change
@@ -416,4 +416,15 @@ rec {
contents = crossPkgs.hello;
};

# layered image where a store path is itself a symlink
layeredStoreSymlink =
let
target = pkgs.writeTextDir "dir/target" "Content doesn't matter.";
symlink = pkgs.runCommandNoCC "symlink" {} "ln -s ${target} $out";
in
pkgs.dockerTools.buildLayeredImage {
name = "layeredstoresymlink";
tag = "latest";
contents = [ pkgs.bash symlink ];
} // { passthru = { inherit symlink; }; };
}
6 changes: 5 additions & 1 deletion pkgs/build-support/docker/stream_layered_image.py
View file
Original file line number Diff line number Diff line change
@@ -83,7 +83,11 @@ def dir(path):

for path in paths:
path = pathlib.Path(path)
files = itertools.chain([path], path.rglob("*"))
if path.is_symlink():
files = [path]
else:
files = itertools.chain([path], path.rglob("*"))

for filename in sorted(files):
ti = append_root(tar.gettarinfo(filename))