diff options
Diffstat (limited to 'pkgs/build-support/docker/pull.sh')
| -rw-r--r-- | pkgs/build-support/docker/pull.sh | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/pkgs/build-support/docker/pull.sh b/pkgs/build-support/docker/pull.sh new file mode 100644 index 00000000000..8a0782780af --- /dev/null +++ b/pkgs/build-support/docker/pull.sh @@ -0,0 +1,75 @@ +# Reference: docker src contrib/download-frozen-image.sh + +source $stdenv/setup + +# Curl flags to handle redirects, not use EPSV, handle cookies for +# servers to need them during redirects, and work on SSL without a +# certificate (this isn't a security problem because we check the +# cryptographic hash of the output anyway). +curl="curl \ + --location --max-redirs 20 \ + --retry 3 \ + --fail \ + --disable-epsv \ + --cookie-jar cookies \ + --insecure \ + $curlOpts \ + $NIX_CURL_FLAGS" + +baseUrl="$registryUrl/$registryVersion" + +fetchLayer() { + local url="$1" + local dest="$2" + local curlexit=18; + + # if we get error code 18, resume partial download + while [ $curlexit -eq 18 ]; do + # keep this inside an if statement, since on failure it doesn't abort the script + if $curl -H "Authorization: Token $token" "$url" --output "$dest"; then + return 0 + else + curlexit=$?; + fi + done + + return $curlexit +} + +token="$($curl -o /dev/null -D- -H 'X-Docker-Token: true' "$indexUrl/$registryVersion/repositories/$imageName/images" | grep X-Docker-Token | tr -d '\r' | cut -d ' ' -f 2)" + +if [ -z "$token" ]; then + echo "error: registry returned no token" + exit 1 +fi + +# token="${token//\"/\\\"}" + +if [ -z "$imageId" ]; then + imageId="$($curl -H "Authorization: Token $token" "$baseUrl/repositories/$imageName/tags/$imageTag")" + imageId="${imageId//\"/}" + if [ -z "$imageId" ]; then + echo "error: no image ID found for ${imageName}:${imageTag}" + exit 1 + fi + + echo "found image ${imageName}:${imageTag}@$imageId" +fi + +mkdir -p $out + +jshon -n object \ + -n object -s "$imageId" -i "$imageTag" \ + -i "$imageName" > $out/repositories + +$curl -H "Authorization: Token $token" "$baseUrl/images/$imageId/ancestry" -o ancestry.json + +layerIds=$(jshon -a -u < ancestry.json) +for layerId in $layerIds; do + echo "fetching layer $layerId" + + mkdir "$out/$layerId" + echo '1.0' > "$out/$layerId/VERSION" + $curl -H "Authorization: Token $token" "$baseUrl/images/$layerId/json" | python $detjson > "$out/$layerId/json" + fetchLayer "$baseUrl/images/$layerId/layer" "$out/$layerId/layer.tar" +done \ No newline at end of file |