New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerTools.buildImage: do not add /nix/store in the tar stream #34939
Conversation
Since the /nix/store directory is not immutable, tar can fails if it has to push it into the layer archive. Fixes NixOS#34137.
I wrote a simple test to check whether @GrahamcOfBorg test docker-tools |
Success on aarch64-linux (full log) Partial log (click to expand)
|
Success on x86_64-linux (full log) Partial log (click to expand)
|
LGTM |
Do you think we can backport this into 17.09? |
Yeah, why not. I’m not sure how backports work tbh, I think the easiest is if you recreate the PR against the stable branch. |
I just confirmed that this caused LnL7/nix-docker#14 (comment) and the chmod workaround I used doesn't work with older versions of aufs. Reverting these changes works everywhere LnL7/nix-docker@aebee91. |
@LnL7 It’s not clear to me what broke exactly and how to act on it. |
Because |
Ah, hm. @nlewo did you originally push this because you wanted to run nix inside the docker container? Personally I’d say @LnL7 If you add a (failing) VM test for your use-case, we can use it for regression testing in the future. |
I did this because you must not read We are also facing the user permission problem that is addressed in #38837. I also think we should add a test regarding user permissions. |
I posted here because I still don't really understand what this fixes, but since you approved the other pr I will assume it won't reintroduce this problem. |
Since the /nix/store directory is not immutable, tar can fails if it
has to push it into the layer archive.
Fixes #34137.
Motivation for this change
Things done
Build and run 20 of my Docker images
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)