diff options
| author | Daiderd Jordan <daiderd@gmail.com> | 2017-07-15 12:22:53 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-15 12:22:53 +0200 |
| commit | 90ff6b1d030e15a6b05945c787ff6b7740128ae1 (patch) | |
| tree | e3e4df7868452596cc3d4acb6a451af8273811a1 /pkgs/build-support/docker | |
| parent | 071693e5df98a7493f8a62eaf0d190d02e285740 (diff) | |
| parent | 83fbc0f0359f6885d5c3b22fb5331f459ade7329 (diff) | |
| download | nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.tar nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.tar.gz nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.tar.bz2 nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.tar.lz nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.tar.xz nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.tar.zst nixlib-90ff6b1d030e15a6b05945c787ff6b7740128ae1.zip | |
Merge pull request #27017 from LnL7/docker-pure-layer
docker-tools: set user/group when creating a pure layer
Diffstat (limited to 'pkgs/build-support/docker')
| -rw-r--r-- | pkgs/build-support/docker/default.nix | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index e06be51f4a4e..506ef7837a2e 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -234,11 +234,10 @@ rec { # Files to add to the layer. contents ? null, # Additional commands to run on the layer before it is tar'd up. - extraCommands ? "" + extraCommands ? "", uid ? 0, gid ? 0 }: runCommand "docker-layer-${name}" { inherit baseJson contents extraCommands; - buildInputs = [ jshon rsync ]; } '' @@ -253,6 +252,8 @@ rec { echo "No contents to add to layer." fi + chmod ug+w layer + if [[ -n $extraCommands ]]; then (cd layer; eval "$extraCommands") fi @@ -260,7 +261,7 @@ rec { # Tar up the layer and throw it into 'layer.tar'. echo "Packing layer..." mkdir $out - tar -C layer --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . + tar -C layer --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar . # Compute a checksum of the tarball. echo "Computing layer checksum..." @@ -312,6 +313,8 @@ rec { echo "Adding $item..." rsync -ak --chown=0:0 $item/ layer/ done + + chmod ug+w layer ''; postMount = '' @@ -375,7 +378,7 @@ rec { # Docker config; e.g. what command to run on the container. config ? null, # Optional bash script to run on the files prior to fixturizing the layer. - extraCommands ? "", + extraCommands ? "", uid ? 0, gid ? 0, # Optional bash script to run as root on the image when provisioning. runAsRoot ? null, # Size of the virtual machine disk to provision when building the image. @@ -398,7 +401,7 @@ rec { if runAsRoot == null then mkPureLayer { name = baseName; - inherit baseJson contents extraCommands; + inherit baseJson contents extraCommands uid gid; } else mkRootLayer { name = baseName; inherit baseJson fromImage fromImageName fromImageTag @@ -498,7 +501,7 @@ rec { chmod -R a-w image echo "Cooking the image..." - tar -C image --mtime="@$SOURCE_DATE_EPOCH" -c . | pigz -nT > $out + tar -C image --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 -c . | pigz -nT > $out echo "Finished." ''; |