summary refs log tree commit diff
path: root/pkgs/build-support/docker/default.nix
diff options
context:
space:
mode:
authorAntoine Eiche <lewo@abesis.fr>2017-09-13 11:40:26 +0200
committerAntoine Eiche <lewo@abesis.fr>2017-09-20 20:14:29 +0200
commitcb6fc52f998f8f3106a1506c052cffae752e8b7c (patch)
tree296308066707eb93e206ec565c7723b1d78de9ab /pkgs/build-support/docker/default.nix
parentdf589a438e01c06a6661cbd18bfe8f568d8b7f83 (diff)
downloadnixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.tar
nixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.tar.gz
nixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.tar.bz2
nixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.tar.lz
nixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.tar.xz
nixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.tar.zst
nixpkgs-cb6fc52f998f8f3106a1506c052cffae752e8b7c.zip
dockerTools.buildImageWithNixDb: Make output paths valid and add gcroots
The database dump doesn't contain sha and size. This leads to invalid
path in the container. We have to fix the database by using
nix-store.
Note a better way to do this is available in Nix 1.12 (since the
database dump contains all required information).

We also add content output paths in the gcroots since they ca be used
by the container.
Diffstat (limited to 'pkgs/build-support/docker/default.nix')
-rw-r--r--pkgs/build-support/docker/default.nix22
1 files changed, 20 insertions, 2 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index cfd2c8a31f9..267a2812a2a 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -249,7 +249,9 @@ rec {
       in map (x: [("closure-" + baseNameOf x) x]) contentsList;
     }
     ''
-      printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
+      mkdir $out
+      printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out/db.dump
+      perl ${pkgs.pathsFromGraph} closure-* > $out/storePaths
     '';
 
   # Create a "layer" (set of files).
@@ -571,7 +573,23 @@ rec {
         echo "         be better to only have one layer that contains a nix store."
         # This requires Nix 1.12 or higher
         export NIX_REMOTE=local?root=$PWD
-        ${nixUnstable}/bin/nix-store --load-db < ${nixRegistration contents}
+        ${nixUnstable}/bin/nix-store --load-db < ${nixRegistration contents}/db.dump
+
+        # We fill the store in order to run the 'verify' command that
+        # generates hash and size of output paths.
+        # Note when Nix 1.12 is be the stable one, the database dump
+        # generated by the exportReferencesGraph function will
+        # contains sha and size. See
+        # https://github.com/NixOS/nix/commit/c2b0d8749f7e77afc1c4b3e8dd36b7ee9720af4a
+        storePaths=$(cat ${nixRegistration contents}/storePaths)
+        echo "Copying everything to /nix/store (will take a while)..."
+        cp -prd $storePaths nix/store/
+        ${nixUnstable}/bin/nix-store --verify --check-contents
+
+        mkdir -p nix/var/nix/gcroots/docker/
+        for i in ${lib.concatStringsSep " " contents}; do
+          ln -s $i nix/var/nix/gcroots/docker/$(basename $i)
+        done;
       '' + extraCommands;
     });
 }