Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dockerTools.pullImage: use imageDigest #29505

Closed
wants to merge 3 commits into from
Closed

dockerTools.pullImage: use imageDigest #29505

wants to merge 3 commits into from

Conversation

nlewo
Copy link
Member

@nlewo nlewo commented Sep 17, 2017

Docker provides the "image digest" which is an immutable image
identifier (unlike image name and tag).
It now has to be specified to pull an image.

Note Docker supports URI such as imageName:imageTag@imageDigest however
this is not yet supported by Skopeo:
"Docker references with both a tag and digest are currently not supported"

Motivation for this change

This improve reproducibility of docker pullling operations since it now use a immutable Docker image identifier.

Things done

nix-build ./ -A dockerTools.examples.nix && docker load -i result

  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@nlewo
dockerTools.pullImage: use imageDigest
46be68e 
Docker provides the "image digest" which is an immutable image
identifier (unlike image name and tag).
It now has to be specified to pull an image.

Note Docker supports URI such as imageName:imageTag@imageDigest however
this is not yet supported by Skopeo:
"Docker references with both a tag and digest are currently not supported"
@nlewo nlewo mentioned this pull request Sep 17, 2017
Merged
8 tasks
@purefn
Copy link
Contributor

purefn commented Sep 17, 2017

This looks fantastic, thanks!

puffnfresh
puffnfresh approved these changes Sep 18, 2017
View reviewed changes
Copy link
Contributor

@puffnfresh puffnfresh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! 🎆

@fpletz fpletz added this to the 17.09 milestone Sep 18, 2017
@aneeshusa
Copy link
Contributor

Big fan of digests, so +1 from me. Can you also add a commit to remove the pull.sh script that got orphaned in #29302?

@globin
Copy link
Member

globin commented Sep 18, 2017

+1 also cc @offlinehacker and @matejc

@nlewo
Copy link
Member Author

nlewo commented Sep 19, 2017

@aneeshusa oups... commit pushed. Thanks!

@aneeshusa
Copy link
Contributor

aneeshusa commented Sep 19, 2017
edited

Thanks @nlewo! I just noticed that pullImage is also described in the docs (docs/functions.xml) - can you update it to mention that the digest is now required? Might also be a good idea to update the release notes with the same info.

@nlewo
Copy link
Member Author

nlewo commented Sep 20, 2017

@aneeshusa done.

aneeshusa
aneeshusa approved these changes Sep 20, 2017
View reviewed changes
Copy link
Contributor

@aneeshusa aneeshusa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking forward to using this, thanks!

@offlinehacker
Copy link
Contributor

Nice, looks good, thanks :)

@nlewo
Copy link
Member Author

nlewo commented Sep 30, 2017

Since dockerTools.pull implementation with Skopeo has been reverted from master, this PR is deprecated.
I have to rework on all of these PRs before resubmitting them. So,for now, I close this PR.

@nlewo nlewo closed this Sep 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@puffnfresh puffnfresh puffnfresh approved these changes

@fpletz fpletz fpletz approved these changes

@domenkozar domenkozar domenkozar approved these changes

@aneeshusa aneeshusa aneeshusa approved these changes

Assignees
No one assigned
Labels
0.kind: enhancement
Projects
None yet
Milestone
17.09
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@nlewo @purefn @aneeshusa @globin @offlinehacker @puffnfresh @fpletz @domenkozar