dockerTools.streamLayeredImage: add fakeRootCommands option

pkgs/build-support/docker/default.nix

@@ -7,6 +7,7 @@
   coreutils,
   docker,
   e2fsprogs,
+  fakeroot,
   findutils,
   go,
   jq,
@@ -738,6 +739,9 @@ rec {
     created ? "1970-01-01T00:00:01Z",
     # Optional bash script to run on the files prior to fixturizing the layer.
     extraCommands ? "",
+    # Optional bash script to run inside fakeroot environment.
+    # Could be used for changing ownership of files in customisation layer.
+    fakeRootCommands ? "",
     # We pick 100 to ensure there is plenty of room for extension. I
     # believe the actual maximum is 128.
     maxLayers ? 100
@@ -764,18 +768,24 @@ rec {
         name = "${baseName}-customisation-layer";
         paths = contentsList;
         inherit extraCommands;
+        inherit fakeRootCommands;
+        nativeBuildInputs = [ fakeroot ];
         postBuild = ''
           mv $out old_out
           (cd old_out; eval "$extraCommands" )
 
           mkdir $out
 
-          tar \
+          fakeroot bash -c '
-            --sort name \
+            set -e
-            --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \
+            cd old_out
-            --hard-dereference \
+            eval "$fakeRootCommands"
-            -C old_out \
+            tar \
-            -cf $out/layer.tar .
+              --sort name \
+              --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
+              --hard-dereference \
+              -cf $out/layer.tar .
+          '
 
           sha256sum $out/layer.tar \
             | cut -f 1 -d ' ' \