Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: dd5e9ab4f295
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 508a2c684964
Choose a head ref
  • 2 commits
  • 3 files changed
  • 2 contributors

Commits on Feb 28, 2020

  1. buildLayeredImage: Allow empty store, no paths to add 

    This is useful when buildLayeredImage is called in a generic way
that should allow simple (base) images to be built, which may not
reference any store paths.
    @roberth
    roberth committed Feb 28, 2020
    Copy the full SHA
    6dab1b5 View commit details

Commits on Mar 8, 2020

  1. Merge pull request #80921 from hercules-ci/buildLayeredImage-allow-em… 

    …pty-store

buildLayeredImage: Allow empty store, no paths to add
    @domenkozar
    domenkozar authored Mar 8, 2020
    Copy the full SHA
    508a2c6 View commit details
Showing with 44 additions and 4 deletions.
  1. +17 −0 nixos/tests/docker-tools.nix
  2. +5 −4 pkgs/build-support/docker/default.nix
  3. +22 −0 pkgs/build-support/docker/examples.nix
17 changes: 17 additions & 0 deletions nixos/tests/docker-tools.nix
View file
Original file line number Diff line number Diff line change
@@ -137,5 +137,22 @@ import ./make-test-python.nix ({ pkgs, ... }: {
# Ensure the two output paths (ls and hello) are in the layer
"docker run bulk-layer ls /bin/hello",
)
with subtest("Ensure correct behavior when no store is needed"):
# This check tests two requirements simultaneously
# 1. buildLayeredImage can build images that don't need a store.
# 2. Layers of symlinks are eliminated by the customization layer.
#
docker.succeed(
"docker load --input='${pkgs.dockerTools.examples.no-store-paths}'"
)
# Busybox will not recognize argv[0] and print an error message with argv[0],
# but it confirms that the custom-true symlink is present.
docker.succeed("docker run --rm no-store-paths custom-true |& grep custom-true")
# This check may be loosened to allow an *empty* store rather than *no* store.
docker.succeed("docker run --rm no-store-paths ls /")
docker.fail("docker run --rm no-store-paths ls /nix/store")
'';
})
9 changes: 5 additions & 4 deletions pkgs/build-support/docker/default.nix
View file
Original file line number Diff line number Diff line change
@@ -319,6 +319,8 @@ rec {
enableParallelBuilding = true;
}
''
mkdir layers
# Delete impurities for store path layers, so they don't get
# shared and taint other projects.
cat ${configJson} \
@@ -330,13 +332,12 @@ rec {
# created, and that no paths are missed. If you change the
# following head and tail call lines, double-check that your
# code behaves properly when the number of layers equals:
# maxLayers-1, maxLayers, and maxLayers+1
# maxLayers-1, maxLayers, and maxLayers+1, 0
paths() {
cat $paths ${lib.concatMapStringsSep " " (path: "| grep -v ${path}") (closures ++ [ overallClosure ])}
cat $paths ${lib.concatMapStringsSep " " (path: "| (grep -v ${path} || true)") (closures ++ [ overallClosure ])}
}
# We need to sponge to avoid grep broken pipe error when maxLayers == 1
paths | sponge | head -n $((maxLayers - 1)) | cat -n | xargs -r -P$NIX_BUILD_CORES -n2 ${storePathToLayer}
paths | head -n $((maxLayers - 1)) | cat -n | xargs -r -P$NIX_BUILD_CORES -n2 ${storePathToLayer}
if [ $(paths | wc -l) -ge $maxLayers ]; then
paths | tail -n+$maxLayers | xargs ${storePathToLayer} $maxLayers
fi
22 changes: 22 additions & 0 deletions pkgs/build-support/docker/examples.nix
View file
Original file line number Diff line number Diff line change
@@ -258,4 +258,26 @@ rec {
maxLayers = 2;
};

# 17. Create a "layered" image without nix store layers. This is not
# recommended, but can be useful for base images in rare cases.
no-store-paths = pkgs.dockerTools.buildLayeredImage {
name = "no-store-paths";
tag = "latest";
extraCommands = ''
chmod a+w bin
# This removes sharing of busybox and is not recommended. We do this
# to make the example suitable as a test case with working binaries.
cp -r ${pkgs.pkgsStatic.busybox}/* .
'';
contents = [
# This layer has no dependencies and its symlinks will be dereferenced
# when creating the customization layer.
(pkgs.runCommand "layer-to-flatten" {} ''
mkdir -p $out/bin
ln -s /bin/true $out/bin/custom-true
''
)
];
};
}