nixpkgs/nixos/tests/docker-tools.nix

# this test creates a simple GNU image with docker tools and sees if it executes

import ./make-test-python.nix ({ pkgs, ... }: {
  name = "docker-tools";
  meta = with pkgs.lib.maintainers; {
    maintainers = [ lnl7 ];
  };

  nodes = {
    docker = { ... }: {
      virtualisation = {
        diskSize = 2048;
        docker.enable = true;
      };
    };
  };

  testScript = with pkgs.dockerTools; ''
    unix_time_second1 = "1970-01-01T00:00:01Z"

    docker.wait_for_unit("sockets.target")

    with subtest("Ensure Docker images use a stable date by default"):
        docker.succeed(
            "docker load --input='${examples.bash}'"
        )
        assert unix_time_second1 in docker.succeed(
            "docker inspect ${examples.bash.imageName} "
            + "| ${pkgs.jq}/bin/jq -r .[].Created",
        )

    docker.succeed("docker run --rm ${examples.bash.imageName} bash --version")
    # Check imageTag attribute matches image
    docker.succeed("docker images --format '{{.Tag}}' | grep -F '${examples.bash.imageTag}'")
    docker.succeed("docker rmi ${examples.bash.imageName}")

    # The remaining combinations
    with subtest("Ensure imageTag attribute matches image"):
        docker.succeed(
            "docker load --input='${examples.bashNoTag}'"
        )
        docker.succeed(
            "docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTag.imageTag}'"
        )
        docker.succeed("docker rmi ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag}")

        docker.succeed(
            "docker load --input='${examples.bashNoTagLayered}'"
        )
        docker.succeed(
            "docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTagLayered.imageTag}'"
        )
        docker.succeed("docker rmi ${examples.bashNoTagLayered.imageName}:${examples.bashNoTagLayered.imageTag}")

        docker.succeed(
            "${examples.bashNoTagStreamLayered} | docker load"
        )
        docker.succeed(
            "docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTagStreamLayered.imageTag}'"
        )
        docker.succeed(
            "docker rmi ${examples.bashNoTagStreamLayered.imageName}:${examples.bashNoTagStreamLayered.imageTag}"
        )

        docker.succeed(
            "docker load --input='${examples.nixLayered}'"
        )
        docker.succeed("docker images --format '{{.Tag}}' | grep -F '${examples.nixLayered.imageTag}'")
        docker.succeed("docker rmi ${examples.nixLayered.imageName}")


    with subtest(
        "Check if the nix store is correctly initialized by listing "
        "dependencies of the installed Nix binary"
    ):
        docker.succeed(
            "docker load --input='${examples.nix}'",
            "docker run --rm ${examples.nix.imageName} nix-store -qR ${pkgs.nix}",
            "docker rmi ${examples.nix.imageName}",
        )

    with subtest(
        "Ensure (layered) nix store has correct permissions "
        "and that the container starts when its process does not have uid 0"
    ):
        docker.succeed(
            "docker load --input='${examples.bashLayeredWithUser}'",
            "docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'",
            "docker rmi ${examples.bashLayeredWithUser.imageName}",
        )

    with subtest("The nix binary symlinks are intact"):
        docker.succeed(
            "docker load --input='${examples.nix}'",
            "docker run --rm ${examples.nix.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",
            "docker rmi ${examples.nix.imageName}",
        )

    with subtest("The nix binary symlinks are intact when the image is layered"):
        docker.succeed(
            "docker load --input='${examples.nixLayered}'",
            "docker run --rm ${examples.nixLayered.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",
            "docker rmi ${examples.nixLayered.imageName}",
        )

    with subtest("The pullImage tool works"):
        docker.succeed(
            "docker load --input='${examples.nixFromDockerHub}'",
            "docker run --rm nix:2.2.1 nix-store --version",
            "docker rmi nix:2.2.1",
        )

    with subtest("runAsRoot and entry point work"):
        docker.succeed(
            "docker load --input='${examples.nginx}'",
            "docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}",
        )
        docker.wait_until_succeeds("curl -f http://localhost:8000/")
        docker.succeed(
            "docker rm --force nginx",
            "docker rmi '${examples.nginx.imageName}'",
        )

    with subtest("A pulled image can be used as base image"):
        docker.succeed(
            "docker load --input='${examples.onTopOfPulledImage}'",
            "docker run --rm ontopofpulledimage hello",
            "docker rmi ontopofpulledimage",
        )

    with subtest("Regression test for issue #34779"):
        docker.succeed(
            "docker load --input='${examples.runAsRootExtraCommands}'",
            "docker run --rm runasrootextracommands cat extraCommands",
            "docker run --rm runasrootextracommands cat runAsRoot",
            "docker rmi '${examples.runAsRootExtraCommands.imageName}'",
        )

    with subtest("Ensure Docker images can use an unstable date"):
        docker.succeed(
            "docker load --input='${examples.unstableDate}'"
        )
        assert unix_time_second1 not in docker.succeed(
            "docker inspect ${examples.unstableDate.imageName} "
            + "| ${pkgs.jq}/bin/jq -r .[].Created"
        )

    with subtest("Ensure Layered Docker images can use an unstable date"):
        docker.succeed(
            "docker load --input='${examples.unstableDateLayered}'"
        )
        assert unix_time_second1 not in docker.succeed(
            "docker inspect ${examples.unstableDateLayered.imageName} "
            + "| ${pkgs.jq}/bin/jq -r .[].Created"
        )

    with subtest("Ensure Layered Docker images work"):
        docker.succeed(
            "docker load --input='${examples.layered-image}'",
            "docker run --rm ${examples.layered-image.imageName}",
            "docker run --rm ${examples.layered-image.imageName} cat extraCommands",
        )

    with subtest("Ensure building an image on top of a layered Docker images work"):
        docker.succeed(
            "docker load --input='${examples.layered-on-top}'",
            "docker run --rm ${examples.layered-on-top.imageName}",
        )


    def set_of_layers(image_name):
        return set(
            docker.succeed(
                f"docker inspect {image_name} "
                + "| ${pkgs.jq}/bin/jq -r '.[] | .RootFS.Layers | .[]'"
            ).split()
        )


    with subtest("Ensure layers are shared between images"):
        docker.succeed(
            "docker load --input='${examples.another-layered-image}'"
        )
        layers1 = set_of_layers("${examples.layered-image.imageName}")
        layers2 = set_of_layers("${examples.another-layered-image.imageName}")
        assert bool(layers1 & layers2)

    with subtest("Ensure order of layers is correct"):
        docker.succeed(
            "docker load --input='${examples.layersOrder}'"
        )

        for index in 1, 2, 3:
            assert f"layer{index}" in docker.succeed(
                f"docker run --rm  ${examples.layersOrder.imageName} cat /tmp/layer{index}"
            )

    with subtest("Ensure environment variables are correctly inherited"):
        docker.succeed(
            "docker load --input='${examples.environmentVariables}'"
        )
        out = docker.succeed("docker run --rm ${examples.environmentVariables.imageName} env")
        env = out.splitlines()
        assert "FROM_PARENT=true" in env, "envvars from the parent should be preserved"
        assert "FROM_CHILD=true" in env, "envvars from the child should be preserved"
        assert "LAST_LAYER=child" in env, "envvars from the child should take priority"

    with subtest("Ensure image with only 2 layers can be loaded"):
        docker.succeed(
            "docker load --input='${examples.two-layered-image}'"
        )

    with subtest(
        "Ensure the bulk layer doesn't miss store paths (regression test for #78744)"
    ):
        docker.succeed(
            "docker load --input='${pkgs.dockerTools.examples.bulk-layer}'",
            # Ensure the two output paths (ls and hello) are in the layer
            "docker run bulk-layer ls /bin/hello",
        )

    with subtest("Ensure correct behavior when no store is needed"):
        # This check tests that buildLayeredImage can build images that don't need a store.
        docker.succeed(
            "docker load --input='${pkgs.dockerTools.examples.no-store-paths}'"
        )

        # This check may be loosened to allow an *empty* store rather than *no* store.
        docker.succeed("docker run --rm no-store-paths ls /")
        docker.fail("docker run --rm no-store-paths ls /nix/store")

    with subtest("Ensure buildLayeredImage does not change store path contents."):
        docker.succeed(
            "docker load --input='${pkgs.dockerTools.examples.filesInStore}'",
            "docker run --rm file-in-store nix-store --verify --check-contents",
            "docker run --rm file-in-store |& grep 'some data'",
        )

    with subtest("Ensure cross compiled image can be loaded and has correct arch."):
        docker.succeed(
            "docker load --input='${pkgs.dockerTools.examples.cross}'",
        )
        assert (
            docker.succeed(
                "docker inspect ${pkgs.dockerTools.examples.cross.imageName} "
                + "| ${pkgs.jq}/bin/jq -r .[].Architecture"
            ).strip()
            == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}"
        )

    with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"):
        docker.succeed(
            "docker load --input='${examples.layeredStoreSymlink}'",
            "docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'",
            "docker rmi ${examples.layeredStoreSymlink.imageName}",
        )
  '';
})
nixos/tests: add simple dockerTools test 2018-02-14 06:20:16 +01:00			`# this test creates a simple GNU image with docker tools and sees if it executes`

nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/tests: add simple dockerTools test 2018-02-14 06:20:16 +01:00			`name = "docker-tools";`
treewide: simplify pkgs.stdenv.lib -> pkgs.lib The library does not depend on stdenv, that `stdenv` exposes `lib` is an artifact of the ancient origins of nixpkgs. 2021-01-10 20:08:30 +01:00			`meta = with pkgs.lib.maintainers; {`
docker-tools: add a test for permissions issues with AUFS/overlay docker# [ 11.054736] d24d6cdd57c9[763]: /bin/bash: error while loading shared libraries: libreadline.so.7: cannot open shared object file: Permission denied docker# /bin/bash: error while loading shared libraries: libreadline.so.7: cannot open shared object file: Permission denied docker: exit status 127 docker: output: error: command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not succeed (exit code 127) command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not succeed (exit code 127) 2018-04-14 13:41:23 +02:00			`maintainers = [ lnl7 ];`
nixos/tests: add simple dockerTools test 2018-02-14 06:20:16 +01:00			`};`

			`nodes = {`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`docker = { ... }: {`
			`virtualisation = {`
			`diskSize = 2048;`
			`docker.enable = true;`
nixos/tests: add simple dockerTools test 2018-02-14 06:20:16 +01:00			`};`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`};`
nixos/tests: add simple dockerTools test 2018-02-14 06:20:16 +01:00			`};`

nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`testScript = with pkgs.dockerTools; ''`
			`unix_time_second1 = "1970-01-01T00:00:01Z"`

			`docker.wait_for_unit("sockets.target")`

			`with subtest("Ensure Docker images use a stable date by default"):`
			`docker.succeed(`
			`"docker load --input='${examples.bash}'"`
			`)`
			`assert unix_time_second1 in docker.succeed(`
			`"docker inspect ${examples.bash.imageName} "`
			`+ "\| ${pkgs.jq}/bin/jq -r .[].Created",`
			`)`

			`docker.succeed("docker run --rm ${examples.bash.imageName} bash --version")`
dockerTools: Always set imageTag attribute The image tag can be specified or generated from the output hash. Previously, a generated tag could be recovered from the evaluated image with some string operations. However, with the introduction of streamLayeredImage, it's not feasible to compute the generated tag yourself. With this change, the imageTag attribute is set unconditionally, for the buildImage, buildLayeredImage, streamLayeredImage functions. 2020-07-11 15:51:58 +02:00			`# Check imageTag attribute matches image`
			`docker.succeed("docker images --format '{{.Tag}}' \| grep -F '${examples.bash.imageTag}'")`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`docker.succeed("docker rmi ${examples.bash.imageName}")`

dockerTools: Always set imageTag attribute The image tag can be specified or generated from the output hash. Previously, a generated tag could be recovered from the evaluated image with some string operations. However, with the introduction of streamLayeredImage, it's not feasible to compute the generated tag yourself. With this change, the imageTag attribute is set unconditionally, for the buildImage, buildLayeredImage, streamLayeredImage functions. 2020-07-11 15:51:58 +02:00			`# The remaining combinations`
			`with subtest("Ensure imageTag attribute matches image"):`
			`docker.succeed(`
			`"docker load --input='${examples.bashNoTag}'"`
			`)`
			`docker.succeed(`
			`"docker images --format '{{.Tag}}' \| grep -F '${examples.bashNoTag.imageTag}'"`
			`)`
			`docker.succeed("docker rmi ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag}")`

			`docker.succeed(`
			`"docker load --input='${examples.bashNoTagLayered}'"`
			`)`
			`docker.succeed(`
			`"docker images --format '{{.Tag}}' \| grep -F '${examples.bashNoTagLayered.imageTag}'"`
			`)`
			`docker.succeed("docker rmi ${examples.bashNoTagLayered.imageName}:${examples.bashNoTagLayered.imageTag}")`

			`docker.succeed(`
			`"${examples.bashNoTagStreamLayered} \| docker load"`
			`)`
			`docker.succeed(`
			`"docker images --format '{{.Tag}}' \| grep -F '${examples.bashNoTagStreamLayered.imageTag}'"`
			`)`
			`docker.succeed(`
			`"docker rmi ${examples.bashNoTagStreamLayered.imageName}:${examples.bashNoTagStreamLayered.imageTag}"`
			`)`

			`docker.succeed(`
			`"docker load --input='${examples.nixLayered}'"`
			`)`
			`docker.succeed("docker images --format '{{.Tag}}' \| grep -F '${examples.nixLayered.imageTag}'")`
			`docker.succeed("docker rmi ${examples.nixLayered.imageName}")`


nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`with subtest(`
			`"Check if the nix store is correctly initialized by listing "`
			`"dependencies of the installed Nix binary"`
			`):`
			`docker.succeed(`
			`"docker load --input='${examples.nix}'",`
			`"docker run --rm ${examples.nix.imageName} nix-store -qR ${pkgs.nix}",`
			`"docker rmi ${examples.nix.imageName}",`
			`)`

nixos/tests/dockerTools: add test for running non-root containers with buildLayeredImage Co-authored-by: Robert Hensing <roberth@users.noreply.github.com> 2020-07-30 17:18:41 +02:00			`with subtest(`
			`"Ensure (layered) nix store has correct permissions "`
			`"and that the container starts when its process does not have uid 0"`
			`):`
			`docker.succeed(`
			`"docker load --input='${examples.bashLayeredWithUser}'",`
			`"docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'",`
			`"docker rmi ${examples.bashLayeredWithUser.imageName}",`
			`)`

dockerTools: test that tar keeps nix binary symlinks intact 2020-06-18 17:29:21 +02:00			`with subtest("The nix binary symlinks are intact"):`
			`docker.succeed(`
			`"docker load --input='${examples.nix}'",`
			`"docker run --rm ${examples.nix.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",`
			`"docker rmi ${examples.nix.imageName}",`
			`)`

			`with subtest("The nix binary symlinks are intact when the image is layered"):`
			`docker.succeed(`
			`"docker load --input='${examples.nixLayered}'",`
			`"docker run --rm ${examples.nixLayered.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",`
			`"docker rmi ${examples.nixLayered.imageName}",`
			`)`

nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`with subtest("The pullImage tool works"):`
			`docker.succeed(`
			`"docker load --input='${examples.nixFromDockerHub}'",`
			`"docker run --rm nix:2.2.1 nix-store --version",`
			`"docker rmi nix:2.2.1",`
			`)`

			`with subtest("runAsRoot and entry point work"):`
			`docker.succeed(`
			`"docker load --input='${examples.nginx}'",`
			`"docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}",`
			`)`
nixos/tests/docker-tools: Use curl --fail 2020-09-16 10:00:25 -07:00			`docker.wait_until_succeeds("curl -f http://localhost:8000/")`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`docker.succeed(`
nixos/tests/docker-tools.nix: Fix format 2020-12-02 08:03:38 +01:00			`"docker rm --force nginx",`
			`"docker rmi '${examples.nginx.imageName}'",`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`)`

			`with subtest("A pulled image can be used as base image"):`
			`docker.succeed(`
			`"docker load --input='${examples.onTopOfPulledImage}'",`
			`"docker run --rm ontopofpulledimage hello",`
			`"docker rmi ontopofpulledimage",`
			`)`

			`with subtest("Regression test for issue #34779"):`
			`docker.succeed(`
			`"docker load --input='${examples.runAsRootExtraCommands}'",`
			`"docker run --rm runasrootextracommands cat extraCommands",`
			`"docker run --rm runasrootextracommands cat runAsRoot",`
			`"docker rmi '${examples.runAsRootExtraCommands.imageName}'",`
			`)`

			`with subtest("Ensure Docker images can use an unstable date"):`
			`docker.succeed(`
dockerTools.buildLayeredImage: fix created=now 2020-07-09 09:34:18 +02:00			`"docker load --input='${examples.unstableDate}'"`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`)`
			`assert unix_time_second1 not in docker.succeed(`
			`"docker inspect ${examples.unstableDate.imageName} "`
			`+ "\| ${pkgs.jq}/bin/jq -r .[].Created"`
			`)`

dockerTools.buildLayeredImage: fix created=now 2020-07-09 09:34:18 +02:00			`with subtest("Ensure Layered Docker images can use an unstable date"):`
			`docker.succeed(`
			`"docker load --input='${examples.unstableDateLayered}'"`
			`)`
			`assert unix_time_second1 not in docker.succeed(`
			`"docker inspect ${examples.unstableDateLayered.imageName} "`
			`+ "\| ${pkgs.jq}/bin/jq -r .[].Created"`
			`)`

nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`with subtest("Ensure Layered Docker images work"):`
			`docker.succeed(`
			`"docker load --input='${examples.layered-image}'",`
			`"docker run --rm ${examples.layered-image.imageName}",`
			`"docker run --rm ${examples.layered-image.imageName} cat extraCommands",`
			`)`

			`with subtest("Ensure building an image on top of a layered Docker images work"):`
			`docker.succeed(`
			`"docker load --input='${examples.layered-on-top}'",`
			`"docker run --rm ${examples.layered-on-top.imageName}",`
			`)`


			`def set_of_layers(image_name):`
			`return set(`
			`docker.succeed(`
			`f"docker inspect {image_name} "`
			`+ "\| ${pkgs.jq}/bin/jq -r '.[] \| .RootFS.Layers \| .[]'"`
			`).split()`
			`)`


			`with subtest("Ensure layers are shared between images"):`
			`docker.succeed(`
			`"docker load --input='${examples.another-layered-image}'"`
			`)`
			`layers1 = set_of_layers("${examples.layered-image.imageName}")`
			`layers2 = set_of_layers("${examples.another-layered-image.imageName}")`
			`assert bool(layers1 & layers2)`

			`with subtest("Ensure order of layers is correct"):`
			`docker.succeed(`
			`"docker load --input='${examples.layersOrder}'"`
			`)`

			`for index in 1, 2, 3:`
			`assert f"layer{index}" in docker.succeed(`
			`f"docker run --rm ${examples.layersOrder.imageName} cat /tmp/layer{index}"`
			`)`

dockerTools.buildImage: Preserve environment variables from the parent image 2020-05-08 21:49:16 +12:00			`with subtest("Ensure environment variables are correctly inherited"):`
			`docker.succeed(`
			`"docker load --input='${examples.environmentVariables}'"`
			`)`
			`out = docker.succeed("docker run --rm ${examples.environmentVariables.imageName} env")`
			`env = out.splitlines()`
			`assert "FROM_PARENT=true" in env, "envvars from the parent should be preserved"`
			`assert "FROM_CHILD=true" in env, "envvars from the child should be preserved"`
			`assert "LAST_LAYER=child" in env, "envvars from the child should take priority"`

nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`with subtest("Ensure image with only 2 layers can be loaded"):`
			`docker.succeed(`
			`"docker load --input='${examples.two-layered-image}'"`
			`)`

			`with subtest(`
			`"Ensure the bulk layer doesn't miss store paths (regression test for #78744)"`
			`):`
			`docker.succeed(`
			`"docker load --input='${pkgs.dockerTools.examples.bulk-layer}'",`
			`# Ensure the two output paths (ls and hello) are in the layer`
			`"docker run bulk-layer ls /bin/hello",`
			`)`
buildLayeredImage: Allow empty store, no paths to add This is useful when buildLayeredImage is called in a generic way that should allow simple (base) images to be built, which may not reference any store paths. 2020-02-24 00:41:55 +01:00
			`with subtest("Ensure correct behavior when no store is needed"):`
dockerTools.streamLayeredImage: Store the customisation layer as a tarball This fixes as issue described here[1], where permissions set by 'extraCommands' were ignored by Nix. [1] https://github.com/NixOS/nixpkgs/pull/91084#issuecomment-669834938 2020-08-14 21:06:00 +12:00			`# This check tests that buildLayeredImage can build images that don't need a store.`
buildLayeredImage: Allow empty store, no paths to add This is useful when buildLayeredImage is called in a generic way that should allow simple (base) images to be built, which may not reference any store paths. 2020-02-24 00:41:55 +01:00			`docker.succeed(`
			`"docker load --input='${pkgs.dockerTools.examples.no-store-paths}'"`
			`)`

			`# This check may be loosened to allow an empty store rather than no store.`
			`docker.succeed("docker run --rm no-store-paths ls /")`
			`docker.fail("docker run --rm no-store-paths ls /nix/store")`
dockerTools: Support files directly under /nix/store Also makes sure that the files inside a layer added in a sorted order to make the results more deterministic. 2020-07-04 22:00:57 +12:00
dockerTools: Verify nix-store contents on buildLayeredImage test 2020-07-06 16:59:58 +12:00			`with subtest("Ensure buildLayeredImage does not change store path contents."):`
dockerTools: Support files directly under /nix/store Also makes sure that the files inside a layer added in a sorted order to make the results more deterministic. 2020-07-04 22:00:57 +12:00			`docker.succeed(`
			`"docker load --input='${pkgs.dockerTools.examples.filesInStore}'",`
dockerTools: Verify nix-store contents on buildLayeredImage test 2020-07-06 16:59:58 +12:00			`"docker run --rm file-in-store nix-store --verify --check-contents",`
			`"docker run --rm file-in-store \|& grep 'some data'",`
dockerTools: Support files directly under /nix/store Also makes sure that the files inside a layer added in a sorted order to make the results more deterministic. 2020-07-04 22:00:57 +12:00			`)`
dockerTools: Add cross compilation test 2020-11-19 18:12:36 +01:00
			`with subtest("Ensure cross compiled image can be loaded and has correct arch."):`
			`docker.succeed(`
dockerTools: Always cross compile for another arch in the cross example The example fails to build on aarch64, so lets cross build for gnu64. 2020-11-20 11:57:56 +01:00			`"docker load --input='${pkgs.dockerTools.examples.cross}'",`
dockerTools: Add cross compilation test 2020-11-19 18:12:36 +01:00			`)`
			`assert (`
			`docker.succeed(`
dockerTools: Always cross compile for another arch in the cross example The example fails to build on aarch64, so lets cross build for gnu64. 2020-11-20 11:57:56 +01:00			`"docker inspect ${pkgs.dockerTools.examples.cross.imageName} "`
dockerTools: Add cross compilation test 2020-11-19 18:12:36 +01:00			`+ "\| ${pkgs.jq}/bin/jq -r .[].Architecture"`
			`).strip()`
dockerTools: normalize arch to GOARCH Docker (via containerd) and the the OCI Image Configuration imply and suggest, respectfully, that the architecture set in images matches those of GOARCH in the Go Language document. This changeset updates the implimentation of getArch in dockerTools to return GOARCH values, to satisfy Docker. Fixes: #106695 2020-12-11 18:54:44 -08:00			`== "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}"`
dockerTools: Add cross compilation test 2020-11-19 18:12:36 +01:00			`)`
dockerTools: Test buildLayeredImage with symlinks This exercises layer creation in face of store path symlinks, ensuring they are not dereferenced, which can lead to broken layer tarballs 2021-01-04 21:33:32 +01:00
			`with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"):`
			`docker.succeed(`
			`"docker load --input='${examples.layeredStoreSymlink}'",`
			`"docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'",`
			`"docker rmi ${examples.layeredStoreSymlink.imageName}",`
			`)`
nixosTests.docker-tools: Port to Python 2020-02-13 12:38:26 +01:00			`'';`
nixos/tests: add simple dockerTools test 2018-02-14 06:20:16 +01:00			`})`