diff options
author | Jan Malakhovski <oxij@oxij.org> | 2018-05-26 00:20:17 +0000 |
---|---|---|
committer | Jan Malakhovski <oxij@oxij.org> | 2018-05-26 00:20:17 +0000 |
commit | ad35019501e6b263e08ecb4c66f1ee6e3eee80f1 (patch) | |
tree | 492149cd4a5da50945a5bc7d5fa62de432590dea /pkgs/build-support | |
parent | 98f2f08b4b9b204912c1c097a08cd26151fae0bb (diff) | |
parent | 97e376bf9cafa2d6c812221677f2e38163d0acb8 (diff) | |
download | nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.tar nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.tar.gz nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.tar.bz2 nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.tar.lz nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.tar.xz nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.tar.zst nixlib-ad35019501e6b263e08ecb4c66f1ee6e3eee80f1.zip |
Merge branch 'master' into staging
Fixed conflicts: - lib/systems/for-meta.nix: in favor of staging - pkgs/os-specific/darwin/xcode/default.nix: in favor of master
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/docker/default.nix | 16 | ||||
-rw-r--r-- | pkgs/build-support/docker/examples.nix | 12 |
2 files changed, 17 insertions, 11 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 374b71d42a39..0e10ba036a06 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -52,15 +52,7 @@ rec { outputHashAlgo = "sha256"; outputHash = sha256; - # One of the dependencies of Skopeo uses a hardcoded /var/tmp for storing - # big image files, which is not available in sandboxed builds. - nativeBuildInputs = lib.singleton (pkgs.skopeo.overrideAttrs (drv: { - postPatch = (drv.postPatch or "") + '' - sed -i -e 's!/var/tmp!/tmp!g' \ - vendor/github.com/containers/image/storage/storage_image.go \ - vendor/github.com/containers/image/internal/tmpdir/tmpdir.go - ''; - })); + nativeBuildInputs = lib.singleton (pkgs.skopeo); SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt"; sourceURL = "docker://${imageName}@${imageDigest}"; @@ -360,7 +352,9 @@ rec { extraCommands ? "" }: # Generate an executable script from the `runAsRoot` text. - let runAsRootScript = shellScript "run-as-root.sh" runAsRoot; + let + runAsRootScript = shellScript "run-as-root.sh" runAsRoot; + extraCommandsScript = shellScript "extra-commands.sh" extraCommands; in runWithOverlay { name = "docker-layer-${name}"; @@ -398,7 +392,7 @@ rec { ''; postUmount = '' - (cd layer; eval "${extraCommands}") + (cd layer; ${extraCommandsScript}) echo "Packing layer..." mkdir $out diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index eb5b9fe36e41..ca7f78093794 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -124,4 +124,16 @@ rec { fromImage = nixFromDockerHub; contents = [ pkgs.hello ]; }; + + # 8. regression test for erroneous use of eval and string expansion. + # See issue #34779 and PR #40947 for details. + runAsRootExtraCommands = pkgs.dockerTools.buildImage { + name = "runAsRootExtraCommands"; + contents = [ pkgs.coreutils ]; + # The parens here are to create problematic bash to embed and eval. In case + # this is *embedded* into the script (with nix expansion) the initial quotes + # will close the string and the following parens are unexpected + runAsRoot = ''echo "(runAsRoot)" > runAsRoot''; + extraCommands = ''echo "(extraCommand)" > extraCommands''; + }; } |