diff options
-rw-r--r-- | pkgs/build-support/docker/default.nix | 15 | ||||
-rw-r--r-- | pkgs/build-support/docker/examples.nix | 2 | ||||
-rw-r--r-- | pkgs/build-support/docker/pull.nix | 32 |
3 files changed, 34 insertions, 15 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 267a2812a2a..68b803f6e3c 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -32,20 +32,7 @@ rec { inherit pkgs buildImage pullImage shadowSetup buildImageWithNixDb; }; - pullImage = - let - nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name; - in - # For simplicity we only support sha256. - { imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}" - , sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }: - runCommand name { - impureEnvVars=pkgs.stdenv.lib.fetchers.proxyImpureEnvVars; - outputHashMode="flat"; - outputHashAlgo="sha256"; - outputHash=sha256; - } - "${pkgs.skopeo}/bin/skopeo copy docker://${imageId} docker-archive://$out:${imageId}"; + pullImage = callPackage ./pull.nix {}; # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash. # And we cannot untar it, because then we cannot preserve permissions ecc. diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 498028fb088..02fa9792a06 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -87,7 +87,7 @@ rec { imageName = "nixos/nix"; imageTag = "1.11"; # this hash will need change if the tag is updated at docker hub - sha256 = "18xvcnl0yvj9kfi5bkimrhhjaa8xhm3jhshh2xd7c0sbfrmfqzvi"; + sha256 = "1gk4bq05vl3rj3mh4mlbl4iicgndmimlv8jvkhdk4hrv0r44bwr3"; }; # 5. example of multiple contents, emacs and vi happily coexisting diff --git a/pkgs/build-support/docker/pull.nix b/pkgs/build-support/docker/pull.nix new file mode 100644 index 00000000000..5ccd0a41c5e --- /dev/null +++ b/pkgs/build-support/docker/pull.nix @@ -0,0 +1,32 @@ +{ stdenv, lib, docker, vmTools, utillinux, curl, kmod, dhcp, cacert, e2fsprogs }: +let + nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name; +in +# For simplicity we only support sha256. +{ imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}" +, sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }: +let + pullImage = vmTools.runInLinuxVM ( + stdenv.mkDerivation { + inherit name imageId; + + certs = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + builder = ./pull.sh; + + buildInputs = [ curl utillinux docker kmod dhcp cacert e2fsprogs ]; + + outputHashAlgo = "sha256"; + outputHash = sha256; + + impureEnvVars = lib.fetchers.proxyImpureEnvVars; + + preVM = vmTools.createEmptyImage { + size = 2048; + fullName = "${name}-disk"; + }; + + QEMU_OPTS = "-netdev user,id=net0 -device virtio-net-pci,netdev=net0"; + }); +in + pullImage |