diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-12-01 21:00:52 -0600 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-12-01 21:00:52 -0600 |
commit | 25865688a729d15dbb2dc21ebd9fbf74e2cffc4b (patch) | |
tree | 137ba921eb3a0eeefad4b6edab5c553c7c214a1a /pkgs/build-support/fetchdocker/generic-fetcher.nix | |
parent | fdb8dea0c6440dfa8c6ffa6203ca2a6953fc2f6b (diff) | |
download | nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.tar nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.tar.gz nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.tar.bz2 nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.tar.lz nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.tar.xz nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.tar.zst nixpkgs-25865688a729d15dbb2dc21ebd9fbf74e2cffc4b.zip |
docker: init fetchdocker nix code for docker2nix
This change adds granular, non-docker daemon docker image fetchers and a docker image layer compositor to be used in conjunction with the `docker2nix` utility provided by the `haskellPackages.hocker` package. This change includes a hackage package version bump and updated sha256 for recent fixes released to `hocker` resulting from formulating this patch.
Diffstat (limited to 'pkgs/build-support/fetchdocker/generic-fetcher.nix')
-rw-r--r-- | pkgs/build-support/fetchdocker/generic-fetcher.nix | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/pkgs/build-support/fetchdocker/generic-fetcher.nix b/pkgs/build-support/fetchdocker/generic-fetcher.nix new file mode 100644 index 00000000000..e051cee0843 --- /dev/null +++ b/pkgs/build-support/fetchdocker/generic-fetcher.nix @@ -0,0 +1,97 @@ +{ stdenv, lib, haskellPackages, writeText, gawk }: +let + awk = "${gawk}/bin/awk"; + dockerCredentialsFile = import ./credentials.nix; + stripScheme = + builtins.replaceStrings [ "https://" "http://" ] [ "" "" ]; +in +{ fetcher +, name + , registry ? "https://registry-1.docker.io/v2/" + , repository ? "library" + , imageName + , sha256 + , tag ? "" + , layerDigest ? "" +}: + +# There must be no slashes in the repository or container names since +# we use these to make the output derivation name for the nix store +# path +assert null == lib.findFirst (c: "/"==c) null (lib.stringToCharacters repository); +assert null == lib.findFirst (c: "/"==c) null (lib.stringToCharacters imageName); + +# Only allow hocker-config and hocker-layer as fetchers for now +assert (builtins.elem fetcher ["hocker-config" "hocker-layer"]); + +# If layerDigest is non-empty then it must not have a 'sha256:' prefix! +assert + (if layerDigest != "" + then !lib.hasPrefix "sha256:" layerDigest + else true); + +let + layerDigestFlag = + lib.optionalString (layerDigest != "") "--layer ${layerDigest}"; +in +stdenv.mkDerivation { + inherit name; + builder = writeText "${fetcher}-builder.sh" '' + source "$stdenv/setup" + header "${fetcher} exporting to $out" + + declare -A creds + + # This is a hack for Hydra since we have no way of adding values + # to the NIX_PATH for Hydra jobsets!! + staticCredentialsFile="/etc/nix-docker-credentials.txt" + if [ ! -f "$dockerCredentialsFile" -a -f "$staticCredentialsFile" ]; then + echo "credentials file not set, falling back on static credentials file at: $staticCredentialsFile" + dockerCredentialsFile=$staticCredentialsFile + fi + + if [ -f "$dockerCredentialsFile" ]; then + header "using credentials from $dockerCredentialsFile" + + CREDSFILE=$(cat "$dockerCredentialsFile") + creds[token]=$(${awk} -F'=' '/DOCKER_TOKEN/ {print $2}' <<< "$CREDSFILE" | head -n1) + + # Prefer DOCKER_TOKEN over the username and password + # authentication method + if [ -z "''${creds[token]}" ]; then + creds[user]=$(${awk} -F'=' '/DOCKER_USER/ {print $2}' <<< "$CREDSFILE" | head -n1) + creds[pass]=$(${awk} -F'=' '/DOCKER_PASS/ {print $2}' <<< "$CREDSFILE" | head -n1) + fi + fi + + # These variables will be filled in first by the impureEnvVars, if + # those variables are empty then they will default to the + # credentials that may have been read in from the 'DOCKER_CREDENTIALS' + DOCKER_USER="''${DOCKER_USER:-''${creds[user]}}" + DOCKER_PASS="''${DOCKER_PASS:-''${creds[pass]}}" + DOCKER_TOKEN="''${DOCKER_TOKEN:-''${creds[token]}}" + + ${fetcher} --out="$out" \ + ''${registry:+--registry "$registry"} \ + ''${DOCKER_USER:+--username "$DOCKER_USER"} \ + ''${DOCKER_PASS:+--password "$DOCKER_PASS"} \ + ''${DOCKER_TOKEN:+--token "$DOCKER_TOKEN"} \ + ${layerDigestFlag} \ + "${repository}/${imageName}" \ + "${tag}" + + stopNest + ''; + + buildInputs = [ haskellPackages.hocker ]; + + outputHashAlgo = "sha256"; + outputHashMode = "flat"; + outputHash = sha256; + + preferLocalBuild = true; + + impureEnvVars = [ "DOCKER_USER" "DOCKER_PASS" "DOCKER_TOKEN" ]; + + inherit registry dockerCredentialsFile; +} |