diff options
| author | Jean-Philippe Braun <eon@patapon.info> | 2018-04-12 13:03:56 +0200 |
|---|---|---|
| committer | Jean-Philippe Braun <eon@patapon.info> | 2018-04-16 10:19:01 +0200 |
| commit | 9751771c73209b58c89829bf3889473a801a013f (patch) | |
| tree | 068736ce050e01b257136cba27839b4c3496b6b1 /pkgs/build-support | |
| parent | b70ad2ac314229c3cdbde6f2a243f536b81b7433 (diff) | |
| download | nixlib-9751771c73209b58c89829bf3889473a801a013f.tar nixlib-9751771c73209b58c89829bf3889473a801a013f.tar.gz nixlib-9751771c73209b58c89829bf3889473a801a013f.tar.bz2 nixlib-9751771c73209b58c89829bf3889473a801a013f.tar.lz nixlib-9751771c73209b58c89829bf3889473a801a013f.tar.xz nixlib-9751771c73209b58c89829bf3889473a801a013f.tar.zst nixlib-9751771c73209b58c89829bf3889473a801a013f.zip | |
dockerTools.buildImage: add /nix/store with correct permissions
Fixes #38835.
Diffstat (limited to 'pkgs/build-support')
| -rw-r--r-- | pkgs/build-support/docker/default.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index b8eda3d09673..75e279afdc37 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -497,6 +497,16 @@ rec { # Record the contents of the tarball with ls_tar. ls_tar temp/layer.tar >> baseFiles + # Append nix/store directory to the layer so that when the layer is loaded in the + # image /nix/store has read permissions for non-root users. + # nix/store is added only if the layer has /nix/store paths in it. + if [ $(wc -l < $layerClosure) -gt 1 ] && [ $(grep -c -e "^/nix/store$" baseFiles) -eq 0 ]; then + mkdir -p nix/store + chmod -R 555 nix + echo "./nix" >> layerFiles + echo "./nix/store" >> layerFiles + fi + # Get the files in the new layer which were *not* present in # the old layer, and record them as newFiles. comm <(sort -n baseFiles|uniq) \ |