diff options
| author | Orivej Desh <orivej@gmx.fr> | 2020-05-22 09:13:23 +0000 |
|---|---|---|
| committer | Orivej Desh <orivej@gmx.fr> | 2020-05-22 09:13:23 +0000 |
| commit | 16d7f7edae6847e7a792d79b533b245f71907f46 (patch) | |
| tree | a304b937bc072e96e2745ede17c7e6b9b4495bee /pkgs/build-support/docker/default.nix | |
| parent | eae4f22176789ce3b6a66bad773a45b12e895cdf (diff) | |
| parent | 5de1e307f29ab91baeb43ab2a58ed13a944e40ea (diff) | |
| download | nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.tar nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.tar.gz nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.tar.bz2 nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.tar.lz nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.tar.xz nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.tar.zst nixlib-16d7f7edae6847e7a792d79b533b245f71907f46.zip | |
Merge branch 'master' into staging
Diffstat (limited to 'pkgs/build-support/docker/default.nix')
| -rw-r--r-- | pkgs/build-support/docker/default.nix | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index f2a1378b8b27..83f4a9e0c01b 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -95,7 +95,7 @@ rec { sourceURL = "docker://${imageName}@${imageDigest}"; destNameTag = "${finalImageName}:${finalImageTag}"; } '' - skopeo --override-os ${os} --override-arch ${arch} copy "$sourceURL" "docker-archive://$out:$destNameTag" + skopeo --insecure-policy --tmpdir=$TMPDIR --override-os ${os} --override-arch ${arch} copy "$sourceURL" "docker-archive://$out:$destNameTag" ''; # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash. @@ -392,14 +392,10 @@ rec { (cd layer; eval "$extraCommands") fi - # Tar up the layer and throw it into 'layer.tar'. + # Tar up the layer and throw it into 'layer.tar', while calculating its checksum. echo "Packing layer..." mkdir $out - tar --transform='s|^\./||' -C layer --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar . - - # Compute a checksum of the tarball. - echo "Computing layer checksum..." - tarhash=$(tarsum < $out/layer.tar) + tarhash=$(tar --transform='s|^\./||' -C layer --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf - . | tee $out/layer.tar | tarsum) # Add a 'checksum' field to the JSON, with the value set to the # checksum of the tarball. @@ -449,11 +445,7 @@ rec { # Tar up the layer and throw it into 'layer.tar'. echo "Packing layer..." mkdir $out - tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar . - - # Compute a checksum of the tarball. - echo "Computing layer checksum..." - tarhash=$(tarsum < $out/layer.tar) + tarhash=$(tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf - . | tee $out/layer.tar | tarsum) # Add a 'checksum' field to the JSON, with the value set to the # checksum of the tarball. @@ -537,11 +529,10 @@ rec { echo "Packing layer..." mkdir -p $out - tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . + tarhash=$(tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cf - . | + tee $out/layer.tar | + ${tarsum}/bin/tarsum) - # Compute the tar checksum and add it to the output json. - echo "Computing checksum..." - tarhash=$(${tarsum}/bin/tarsum < $out/layer.tar) cat ${baseJson} | jshon -s "$tarhash" -i checksum > $out/json # Indicate to docker that we're using schema version 1.0. echo -n "1.0" > $out/VERSION |