diff options
author | Viktor Kronvall <viktor.kronvall@gmail.com> | 2023-08-17 00:50:10 +0900 |
---|---|---|
committer | Viktor Kronvall <viktor.kronvall@gmail.com> | 2023-08-19 23:34:21 +0900 |
commit | ca072c08a2543b4a7a107ebbfbb03ab23426f6ed (patch) | |
tree | 9e3d69be7fc0fe55ab25e22ba886509b9165b2ca /pkgs/build-support/docker/default.nix | |
parent | b35440bfcf536d1043dc04356c9f021bddc68256 (diff) | |
download | nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.tar nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.tar.gz nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.tar.bz2 nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.tar.lz nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.tar.xz nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.tar.zst nixpkgs-ca072c08a2543b4a7a107ebbfbb03ab23426f6ed.zip |
dockerTools: replace fakechroot with proot
The command `fakechroot` errored with buffer overflows. The `proot` command doesn't seem to suffer from the same problem. The tar command creating the layer errors with "permission denied" on a bunch of paths in /proc but the layer seems to get built anyway.
Diffstat (limited to 'pkgs/build-support/docker/default.nix')
-rw-r--r-- | pkgs/build-support/docker/default.nix | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index f6416c81cc0..9f57804e957 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -5,7 +5,7 @@ , closureInfo , coreutils , e2fsprogs -, fakechroot +, proot , fakeNss , fakeroot , go @@ -887,6 +887,13 @@ rec { }); contentsList = if builtins.isList contents then contents else [ contents ]; + bind-paths = builtins.toString (builtins.map (path: "--bind=${path}:${path}!") [ + "/dev/" + "/proc/" + "/sys/" + "${builtins.storeDir}/" + "$out/layer.tar" + ]); # We store the customisation layer as a tarball, to make sure that # things like permissions set on 'extraCommands' are not overridden @@ -898,21 +905,14 @@ rec { nativeBuildInputs = [ fakeroot ] ++ optionals enableFakechroot [ - fakechroot - # for chroot - coreutils - # fakechroot needs getopt, which is provided by util-linux - util-linux + proot ]; postBuild = '' mv $out old_out (cd old_out; eval "$extraCommands" ) mkdir $out - ${optionalString enableFakechroot '' - export FAKECHROOT_EXCLUDE_PATH=/dev:/proc:/sys:${builtins.storeDir}:$out/layer.tar - ''} - ${optionalString enableFakechroot ''fakechroot chroot $PWD/old_out ''}fakeroot bash -c ' + ${optionalString enableFakechroot ''proot -r $PWD/old_out ${bind-paths} --pwd=/ ''}fakeroot bash -c ' source $stdenv/setup ${optionalString (!enableFakechroot) ''cd old_out''} eval "$fakeRootCommands" |