diff options
author | Edward Tjörnhammar <ed@cflags.cc> | 2021-05-05 10:40:08 +0200 |
---|---|---|
committer | Edward Tjörnhammar <ed@cflags.cc> | 2021-06-01 14:34:24 +0200 |
commit | ab4649e9d11f58e52fcb35c055ce57e763c8e882 (patch) | |
tree | e5ce7e592c39148758bf5f2ab7122e88cb5b06a6 /pkgs/build-support/docker | |
parent | 7a47055a0f00b224e9fc4d555834b2dea66dcfa8 (diff) | |
download | nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.tar nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.tar.gz nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.tar.bz2 nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.tar.lz nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.tar.xz nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.tar.zst nixpkgs-ab4649e9d11f58e52fcb35c055ce57e763c8e882.zip |
build-support/docker: pass tlsVerify to support http registries
Diffstat (limited to 'pkgs/build-support/docker')
-rw-r--r-- | pkgs/build-support/docker/default.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 54eb13d38ff..292ab00cfd1 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -86,6 +86,8 @@ rec { , finalImageName ? imageName # This used to set a tag to the pulled image , finalImageTag ? "latest" + # This is used to disable TLS certificate verification, allowing access to http registries on (hopefully) trusted networks + , tlsVerify ? true , name ? fixName "docker-image-${finalImageName}-${finalImageTag}.tar" }: @@ -105,7 +107,13 @@ rec { sourceURL = "docker://${imageName}@${imageDigest}"; destNameTag = "${finalImageName}:${finalImageTag}"; } '' - skopeo --insecure-policy --tmpdir=$TMPDIR --override-os ${os} --override-arch ${arch} copy "$sourceURL" "docker-archive://$out:$destNameTag" + skopeo \ + --src-tls-verify=${lib.boolToString tlsVerify} \ + --insecure-policy \ + --tmpdir=$TMPDIR \ + --override-os ${os} \ + --override-arch ${arch} \ + copy "$sourceURL" "docker-archive://$out:$destNameTag" ''; # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash. |