From 01174c5f4d7df0fd0928fbf8a2a8e633a9cf54aa Mon Sep 17 00:00:00 2001
From: Antoine Eiche <lewo@abesis.fr>
Date: Wed, 13 Sep 2017 09:44:07 +0200
Subject: dockerTools.pullImage: use skopeo to pull the image

Before this patch, a VM was used to spawn docker that pulled the
VM. Now, the tool Skopeo does this job well so we can simplify our
dockerTools since we doesn't need Docker anymore:)

This also fixe the regression described in
https://github.com/NixOS/nixpkgs/issues/29271 : cntlm proxy doesn't
work in 17.09 while it worked in 17.03.

Note Skopeo doesn't produce the same output than docker pull so, we
have to update sha.
---
 pkgs/build-support/docker/default.nix  | 15 ++++++++++++++-
 pkgs/build-support/docker/examples.nix |  2 +-
 pkgs/build-support/docker/pull.nix     | 32 --------------------------------
 3 files changed, 15 insertions(+), 34 deletions(-)
 delete mode 100644 pkgs/build-support/docker/pull.nix

(limited to 'pkgs/build-support/docker')

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 17d7f2da035c..8a7b362bd5ed 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -30,7 +30,20 @@ rec {
     inherit pkgs buildImage pullImage shadowSetup;
   };
 
-  pullImage = callPackage ./pull.nix {};
+  pullImage =
+    let
+      nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;
+    in
+      # For simplicity we only support sha256.
+      { imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"
+      , sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:
+      runCommand name {
+        impureEnvVars=pkgs.stdenv.lib.fetchers.proxyImpureEnvVars;
+        outputHashMode="flat";
+        outputHashAlgo="sha256";
+        outputHash=sha256;
+      }
+      "${pkgs.skopeo}/bin/skopeo copy docker://${imageId} docker-archive://$out:${imageId}";
 
   # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash.
   # And we cannot untar it, because then we cannot preserve permissions ecc.
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 49cbb7a98175..aead53f6f7d1 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -87,7 +87,7 @@ rec {
     imageName = "nixos/nix";
     imageTag = "1.11";
     # this hash will need change if the tag is updated at docker hub
-    sha256 = "1gk4bq05vl3rj3mh4mlbl4iicgndmimlv8jvkhdk4hrv0r44bwr3";
+    sha256 = "18xvcnl0yvj9kfi5bkimrhhjaa8xhm3jhshh2xd7c0sbfrmfqzvi";
   };
 
   # 5. example of multiple contents, emacs and vi happily coexisting
diff --git a/pkgs/build-support/docker/pull.nix b/pkgs/build-support/docker/pull.nix
deleted file mode 100644
index 5ccd0a41c5e4..000000000000
--- a/pkgs/build-support/docker/pull.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ stdenv, lib, docker, vmTools, utillinux, curl, kmod, dhcp, cacert, e2fsprogs }:
-let
-  nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;
-in
-# For simplicity we only support sha256.
-{ imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"
-, sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:
-let
-  pullImage = vmTools.runInLinuxVM (
-    stdenv.mkDerivation {
-      inherit name imageId;
-
-      certs = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
-      builder = ./pull.sh;
-
-      buildInputs = [ curl utillinux docker kmod dhcp cacert e2fsprogs ];
-
-      outputHashAlgo = "sha256";
-      outputHash = sha256;
-
-      impureEnvVars = lib.fetchers.proxyImpureEnvVars;
-
-      preVM = vmTools.createEmptyImage {
-        size = 2048;
-        fullName = "${name}-disk";
-      };
-
-      QEMU_OPTS = "-netdev user,id=net0 -device virtio-net-pci,netdev=net0";
-    });
-in
-  pullImage
-- 
cgit 1.4.1