diff options
author | Andrew Brooks <andrewgrantbrooks@gmail.com> | 2021-12-17 19:26:53 -0600 |
---|---|---|
committer | Andrew Brooks <andrewgrantbrooks@gmail.com> | 2021-12-17 19:26:53 -0600 |
commit | 57718902e34486288f63760faddda49ce2eecbdb (patch) | |
tree | f2e67c9132714ab4dd5027f3ac4fd2f4e5c0cf40 /pkgs/build-support/docker | |
parent | 69ffb0004a2f447c6452c33483465e454504960a (diff) | |
download | nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.tar nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.tar.gz nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.tar.bz2 nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.tar.lz nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.tar.xz nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.tar.zst nixpkgs-57718902e34486288f63760faddda49ce2eecbdb.zip |
nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order
Diffstat (limited to 'pkgs/build-support/docker')
-rw-r--r-- | pkgs/build-support/docker/examples.nix | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index f2d4f809ae4..941ee048666 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -405,6 +405,29 @@ rec { created = "now"; }; + # 23. Ensure that layers are unpacked in the correct order before the + # runAsRoot script is executed. + layersUnpackOrder = + let + layerOnTopOf = parent: layerName: + pkgs.dockerTools.buildImage { + name = "layers-unpack-order-${layerName}"; + tag = "latest"; + fromImage = parent; + contents = [ pkgs.coreutils ]; + runAsRoot = '' + #!${pkgs.runtimeShell} + echo -n "${layerName}" >> /layer-order + ''; + }; + # When executing the runAsRoot script when building layer C, if layer B is + # not unpacked on top of layer A, the contents of /layer-order will not be + # "ABC". + layerA = layerOnTopOf null "a"; + layerB = layerOnTopOf layerA "b"; + layerC = layerOnTopOf layerB "c"; + in layerC; + # buildImage without explicit tag bashNoTag = pkgs.dockerTools.buildImage { name = "bash-no-tag"; |