From a5a411e67f53f729fc874082a4e5ed7f6ba23c3f Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 14 May 2020 22:37:34 +1000 Subject: [PATCH 1/4] skopeo: don't set policy and tmpdir during build --- pkgs/development/tools/skopeo/default.nix | 25 +++++++---------------- 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/pkgs/development/tools/skopeo/default.nix b/pkgs/development/tools/skopeo/default.nix index 5532c3088e0..944df5c13d2 100644 --- a/pkgs/development/tools/skopeo/default.nix +++ b/pkgs/development/tools/skopeo/default.nix @@ -12,7 +12,8 @@ , fuse-overlayfs }: -let +buildGoModule rec { + pname = "skopeo"; version = "0.2.0"; src = fetchFromGitHub { @@ -22,34 +23,22 @@ let sha256 = "09zqzrw6f1s6kaknnj3hra3xz4nq6y86vmw5vk8p4f6g7cwakg1x"; }; - defaultPolicyFile = runCommand "skopeo-default-policy.json" {} "cp ${src}/default-policy.json $out"; - - vendorPath = "github.com/containers/skopeo/vendor/github.com/containers/image/v5"; - -in -buildGoModule { - pname = "skopeo"; - inherit version; - inherit src; - outputs = [ "out" "man" ]; vendorSha256 = null; - excludedPackages = [ "integration" ]; - nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper ]; buildInputs = [ gpgme ] ++ stdenv.lib.optionals stdenv.isLinux [ lvm2 btrfs-progs ]; - buildFlagsArray = '' - -ldflags= - -X ${vendorPath}/signature.systemDefaultPolicyPath=${defaultPolicyFile} - -X ${vendorPath}/internal/tmpdir.unixTempDirForBigFiles=/tmp + buildPhase = '' + patchShebangs . + make binary-local ''; - postBuild = '' + installPhase = '' + make install-binary PREFIX=$out make install-docs MANINSTALLDIR="$man/share/man" installShellCompletion --bash completions/bash/skopeo ''; From 580f162fffb981b2ff2b7ff722f2d752d8cb0179 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 14 May 2020 09:48:53 +1000 Subject: [PATCH 2/4] skopeo: add passthru.tests for docker-tools --- pkgs/development/tools/skopeo/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/tools/skopeo/default.nix b/pkgs/development/tools/skopeo/default.nix index 944df5c13d2..a07d5aafba3 100644 --- a/pkgs/development/tools/skopeo/default.nix +++ b/pkgs/development/tools/skopeo/default.nix @@ -10,6 +10,7 @@ , installShellFiles , makeWrapper , fuse-overlayfs +, nixosTests }: buildGoModule rec { @@ -48,6 +49,8 @@ buildGoModule rec { --prefix PATH : ${stdenv.lib.makeBinPath [ fuse-overlayfs ]} ''; + passthru.tests.docker-tools = nixosTests.docker-tools; + meta = with stdenv.lib; { description = "A command line utility for various operations on container images and image repositories"; homepage = "https://github.com/containers/skopeo"; From 42232493a378bb901b47214a71364ad654fedb36 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 13 May 2020 20:21:35 +1000 Subject: [PATCH 3/4] dockerTools: pass insecure-policy and tmpdir to skopeo --- pkgs/build-support/docker/default.nix | 2 +- pkgs/build-support/docker/nix-prefetch-docker | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index f2a1378b8b2..9c60282b7b5 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -95,7 +95,7 @@ rec { sourceURL = "docker://${imageName}@${imageDigest}"; destNameTag = "${finalImageName}:${finalImageTag}"; } '' - skopeo --override-os ${os} --override-arch ${arch} copy "$sourceURL" "docker-archive://$out:$destNameTag" + skopeo --insecure-policy --tmpdir=$TMPDIR --override-os ${os} --override-arch ${arch} copy "$sourceURL" "docker-archive://$out:$destNameTag" ''; # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash. diff --git a/pkgs/build-support/docker/nix-prefetch-docker b/pkgs/build-support/docker/nix-prefetch-docker index 839dc87487a..bf01384ccdb 100755 --- a/pkgs/build-support/docker/nix-prefetch-docker +++ b/pkgs/build-support/docker/nix-prefetch-docker @@ -12,6 +12,7 @@ finalImageTag= hashType=$NIX_HASH_ALGO hashFormat=$hashFormat format=nix +skopeoCmd="skopeo --insecure-policy --tmpdir=$TMPDIR" usage(){ echo >&2 "syntax: nix-prefetch-docker [options] [IMAGE_NAME [IMAGE_TAG|IMAGE_DIGEST]] @@ -38,7 +39,7 @@ get_image_digest(){ imageTag="latest" fi - skopeo inspect "docker://$imageName:$imageTag" | jq '.Digest' -r + "$skopeoCmd" inspect "docker://$imageName:$imageTag" | jq '.Digest' -r } get_name() { @@ -127,9 +128,9 @@ trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$(get_name $finalImageName $finalImageTag)" if test -z "$QUIET"; then - skopeo --override-os ${os} --override-arch ${arch} copy "$sourceUrl" "docker-archive://$tmpFile:$finalImageName:$finalImageTag" + "$skopeoCmd" --override-os ${os} --override-arch ${arch} copy "$sourceUrl" "docker-archive://$tmpFile:$finalImageName:$finalImageTag" else - skopeo --override-os ${os} --override-arch ${arch} copy "$sourceUrl" "docker-archive://$tmpFile:$finalImageName:$finalImageTag" > /dev/null + "$skopeoCmd" --override-os ${os} --override-arch ${arch} copy "$sourceUrl" "docker-archive://$tmpFile:$finalImageName:$finalImageTag" > /dev/null fi # Compute the hash. From 2ee9aac39bcc99cfeee1b35c25af5c4704ee61c8 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 19 May 2020 08:16:45 +1000 Subject: [PATCH 4/4] skopeo: 0.2.0 -> 1.0.0 https://github.com/containers/skopeo/releases/tag/v1.0.0 --- pkgs/development/tools/skopeo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/skopeo/default.nix b/pkgs/development/tools/skopeo/default.nix index a07d5aafba3..45b6867197e 100644 --- a/pkgs/development/tools/skopeo/default.nix +++ b/pkgs/development/tools/skopeo/default.nix @@ -15,13 +15,13 @@ buildGoModule rec { pname = "skopeo"; - version = "0.2.0"; + version = "1.0.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "containers"; repo = "skopeo"; - sha256 = "09zqzrw6f1s6kaknnj3hra3xz4nq6y86vmw5vk8p4f6g7cwakg1x"; + sha256 = "1zg0agf8x7fa8zdzfzgncm64j363lmxrqjhdzsx6mlig87k17p05"; }; outputs = [ "out" "man" ];