public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #27017 from LnL7/docker-pure-layer

Browse Source 
docker-tools: set user/group when creating a pure layer
This commit is contained in:
Daiderd Jordan 2017-07-15 12:22:53 +02:00 committed by GitHub
commit 90ff6b1d03
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkgs/build-support/docker/default.nix
View File

@ -234,11 +234,10 @@ rec {
# Files to add to the layer. # Files to add to the layer.
contents ? null, contents ? null,
# Additional commands to run on the layer before it is tar'd up. # Additional commands to run on the layer before it is tar'd up.
extraCommands ? "" extraCommands ? "", uid ? 0, gid ? 0
}: }:
runCommand "docker-layer-${name}" { runCommand "docker-layer-${name}" {
inherit baseJson contents extraCommands; inherit baseJson contents extraCommands;
buildInputs = [ jshon rsync ]; buildInputs = [ jshon rsync ];
} }
'' ''
@ -253,6 +252,8 @@ rec {
echo "No contents to add to layer." echo "No contents to add to layer."
fi fi
chmod ug+w layer
if [[ -n $extraCommands ]]; then if [[ -n $extraCommands ]]; then
(cd layer; eval "$extraCommands") (cd layer; eval "$extraCommands")
fi fi
@ -260,7 +261,7 @@ rec {
# Tar up the layer and throw it into 'layer.tar'. # Tar up the layer and throw it into 'layer.tar'.
echo "Packing layer..." echo "Packing layer..."
mkdir $out mkdir $out
tar -C layer --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . tar -C layer --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar .
# Compute a checksum of the tarball. # Compute a checksum of the tarball.
echo "Computing layer checksum..." echo "Computing layer checksum..."
@ -312,6 +313,8 @@ rec {
echo "Adding $item..." echo "Adding $item..."
rsync -ak --chown=0:0 $item/ layer/ rsync -ak --chown=0:0 $item/ layer/
done done
chmod ug+w layer
''; '';
postMount = '' postMount = ''
@ -375,7 +378,7 @@ rec {
# Docker config; e.g. what command to run on the container. # Docker config; e.g. what command to run on the container.
config ? null, config ? null,
# Optional bash script to run on the files prior to fixturizing the layer. # Optional bash script to run on the files prior to fixturizing the layer.
extraCommands ? "", extraCommands ? "", uid ? 0, gid ? 0,
# Optional bash script to run as root on the image when provisioning. # Optional bash script to run as root on the image when provisioning.
runAsRoot ? null, runAsRoot ? null,
# Size of the virtual machine disk to provision when building the image. # Size of the virtual machine disk to provision when building the image.
@ -398,7 +401,7 @@ rec {
if runAsRoot == null if runAsRoot == null
then mkPureLayer { then mkPureLayer {
name = baseName; name = baseName;
inherit baseJson contents extraCommands; inherit baseJson contents extraCommands uid gid;
} else mkRootLayer { } else mkRootLayer {
name = baseName; name = baseName;
inherit baseJson fromImage fromImageName fromImageTag inherit baseJson fromImage fromImageName fromImageTag
@ -498,7 +501,7 @@ rec {
chmod -R a-w image chmod -R a-w image
echo "Cooking the image..." echo "Cooking the image..."
tar -C image --mtime="@$SOURCE_DATE_EPOCH" -c . | pigz -nT > $out tar -C image --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 -c . | pigz -nT > $out
echo "Finished." echo "Finished."
''; '';