diff options
| author | Katharina Fey <kookie@spacekookie.de> | 2019-08-30 15:46:38 +0200 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-09-04 22:46:42 +0000 |
| commit | 18f7f19ce2adc6d61d73cf993cec5de89869d86a (patch) | |
| tree | 292fb06df4b4af7e861a1ac7acf2a6d903af5414 /pkgs/build-support/oci-tools/default.nix | |
| parent | 43dade238f39fc3edb6c6be6d318e4f7f990f971 (diff) | |
| download | nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.tar nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.tar.gz nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.tar.bz2 nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.tar.lz nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.tar.xz nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.tar.zst nixpkgs-18f7f19ce2adc6d61d73cf993cec5de89869d86a.zip | |
ociTools: init
Diffstat (limited to 'pkgs/build-support/oci-tools/default.nix')
| -rw-r--r-- | pkgs/build-support/oci-tools/default.nix | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/pkgs/build-support/oci-tools/default.nix b/pkgs/build-support/oci-tools/default.nix new file mode 100644 index 00000000000..18b238033ff --- /dev/null +++ b/pkgs/build-support/oci-tools/default.nix @@ -0,0 +1,78 @@ +{ lib, writeText, runCommand, writeReferencesToFile }: + +{ + buildContainer = + { args + , mounts ? {} + , os ? "linux" + , arch ? "x86_64" + , readonly ? false + }: + let + sysMounts = { + "/proc" = { + type = "proc"; + source = "proc"; + }; + "/dev" = { + type = "tmpfs"; + source = "tmpfs"; + options = [ "nosuid" "strictatime" "mode=755" "size=65536k" ]; + }; + "/dev/pts" = { + type = "devpts"; + source = "devpts"; + options = [ "nosuid" "noexec" "newinstance" "ptmxmode=0666" "mode=755" "gid=5" ]; + }; + "/dev/shm" = { + type = "tmpfs"; + source = "shm"; + options = [ "nosuid" "noexec" "nodev" "mode=1777" "size=65536k" ]; + }; + "/dev/mqueue" = { + type = "mqueue"; + source = "mqueue"; + options = [ "nosuid" "noexec" "nodev" ]; + }; + "/sys" = { + type = "sysfs"; + source = "sysfs"; + options = [ "nosuid" "noexec" "nodev" "ro" ]; + }; + "/sys/fs/cgroup" = { + type = "cgroup"; + source = "cgroup"; + options = [ "nosuid" "noexec" "nodev" "realatime" "ro" ]; + }; + }; + config = writeText "config.json" (builtins.toJSON { + ociVersion = "1.0.0"; + platform = { + inherit os arch; + }; + + linux = { + namespaces = map (type: { inherit type; }) [ "pid" "network" "mount" "ipc" "uts" ]; + }; + + root = { path = "rootfs"; inherit readonly; }; + + process = { + inherit args; + user = { uid = 0; gid = 0; }; + cwd = "/"; + }; + + mounts = lib.mapAttrsToList (destination: { type, source, options ? null }: { + inherit destination type source options; + }) sysMounts; + }); + in + runCommand "join" {} '' + set -o pipefail + mkdir -p $out/rootfs/{dev,proc,sys} + cp ${config} $out/config.json + xargs tar c < ${writeReferencesToFile args} | tar -xC $out/rootfs/ + ''; +} + |