diff options
Diffstat (limited to 'nixos/tests/docker-tools.nix')
-rw-r--r-- | nixos/tests/docker-tools.nix | 163 |
1 files changed, 150 insertions, 13 deletions
diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 2543801ae8b..4c3c26980aa 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -2,8 +2,8 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "docker-tools"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ lnl7 ]; + meta = with pkgs.lib.maintainers; { + maintainers = [ lnl7 roberth ]; }; nodes = { @@ -20,6 +20,20 @@ import ./make-test-python.nix ({ pkgs, ... }: { docker.wait_for_unit("sockets.target") + with subtest("includeStorePath"): + with subtest("assumption"): + docker.succeed("${examples.helloOnRoot} | docker load") + docker.succeed("docker run --rm hello | grep -i hello") + docker.succeed("docker image rm hello:latest") + with subtest("includeStorePath = false; breaks example"): + docker.succeed("${examples.helloOnRootNoStore} | docker load") + docker.fail("docker run --rm hello | grep -i hello") + docker.succeed("docker image rm hello:latest") + with subtest("includeStorePath = false; works with mounted store"): + docker.succeed("${examples.helloOnRootNoStore} | docker load") + docker.succeed("docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello") + docker.succeed("docker image rm hello:latest") + with subtest("Ensure Docker images use a stable date by default"): docker.succeed( "docker load --input='${examples.bash}'" @@ -115,9 +129,10 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker load --input='${examples.nginx}'", "docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}", ) - docker.wait_until_succeeds("curl http://localhost:8000/") + docker.wait_until_succeeds("curl -f http://localhost:8000/") docker.succeed( - "docker rm --force nginx", "docker rmi '${examples.nginx.imageName}'", + "docker rm --force nginx", + "docker rmi '${examples.nginx.imageName}'", ) with subtest("A pulled image can be used as base image"): @@ -160,12 +175,18 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker run --rm ${examples.layered-image.imageName} cat extraCommands", ) - with subtest("Ensure building an image on top of a layered Docker images work"): + with subtest("Ensure images built on top of layered Docker images work"): docker.succeed( "docker load --input='${examples.layered-on-top}'", "docker run --rm ${examples.layered-on-top.imageName}", ) + with subtest("Ensure layered images built on top of layered Docker images work"): + docker.succeed( + "docker load --input='${examples.layered-on-top-layered}'", + "docker run --rm ${examples.layered-on-top-layered.imageName}", + ) + def set_of_layers(image_name): return set( @@ -204,6 +225,31 @@ import ./make-test-python.nix ({ pkgs, ... }: { assert "FROM_CHILD=true" in env, "envvars from the child should be preserved" assert "LAST_LAYER=child" in env, "envvars from the child should take priority" + with subtest("Ensure environment variables of layered images are correctly inherited"): + docker.succeed( + "docker load --input='${examples.environmentVariablesLayered}'" + ) + out = docker.succeed("docker run --rm ${examples.environmentVariablesLayered.imageName} env") + env = out.splitlines() + assert "FROM_PARENT=true" in env, "envvars from the parent should be preserved" + assert "FROM_CHILD=true" in env, "envvars from the child should be preserved" + assert "LAST_LAYER=child" in env, "envvars from the child should take priority" + + with subtest( + "Ensure inherited environment variables of layered images are correctly resolved" + ): + # Read environment variables as stored in image config + config = docker.succeed( + "tar -xOf ${examples.environmentVariablesLayered} manifest.json | ${pkgs.jq}/bin/jq -r .[].Config" + ).strip() + out = docker.succeed( + f"tar -xOf ${examples.environmentVariablesLayered} {config} | ${pkgs.jq}/bin/jq -r '.config.Env | .[]'" + ) + env = out.splitlines() + assert ( + sum(entry.startswith("LAST_LAYER") for entry in env) == 1 + ), "envvars overridden by child should be unique" + with subtest("Ensure image with only 2 layers can be loaded"): docker.succeed( "docker load --input='${examples.two-layered-image}'" @@ -218,19 +264,24 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker run bulk-layer ls /bin/hello", ) + with subtest( + "Ensure the bulk layer with a base image respects the number of maxLayers" + ): + docker.succeed( + "docker load --input='${pkgs.dockerTools.examples.layered-bulk-layer}'", + # Ensure the image runs correctly + "docker run layered-bulk-layer ls /bin/hello", + ) + + # Ensure the image has the correct number of layers + assert len(set_of_layers("layered-bulk-layer")) == 4 + with subtest("Ensure correct behavior when no store is needed"): - # This check tests two requirements simultaneously - # 1. buildLayeredImage can build images that don't need a store. - # 2. Layers of symlinks are eliminated by the customization layer. - # + # This check tests that buildLayeredImage can build images that don't need a store. docker.succeed( "docker load --input='${pkgs.dockerTools.examples.no-store-paths}'" ) - # Busybox will not recognize argv[0] and print an error message with argv[0], - # but it confirms that the custom-true symlink is present. - docker.succeed("docker run --rm no-store-paths custom-true |& grep custom-true") - # This check may be loosened to allow an *empty* store rather than *no* store. docker.succeed("docker run --rm no-store-paths ls /") docker.fail("docker run --rm no-store-paths ls /nix/store") @@ -241,5 +292,91 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker run --rm file-in-store nix-store --verify --check-contents", "docker run --rm file-in-store |& grep 'some data'", ) + + with subtest("Ensure cross compiled image can be loaded and has correct arch."): + docker.succeed( + "docker load --input='${pkgs.dockerTools.examples.cross}'", + ) + assert ( + docker.succeed( + "docker inspect ${pkgs.dockerTools.examples.cross.imageName} " + + "| ${pkgs.jq}/bin/jq -r .[].Architecture" + ).strip() + == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}" + ) + + with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"): + docker.succeed( + "docker load --input='${examples.layeredStoreSymlink}'", + "docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'", + "docker rmi ${examples.layeredStoreSymlink.imageName}", + ) + + with subtest("buildImage supports registry/ prefix in image name"): + docker.succeed( + "docker load --input='${examples.prefixedImage}'" + ) + docker.succeed( + "docker images --format '{{.Repository}}' | grep -F '${examples.prefixedImage.imageName}'" + ) + + with subtest("buildLayeredImage supports registry/ prefix in image name"): + docker.succeed( + "docker load --input='${examples.prefixedLayeredImage}'" + ) + docker.succeed( + "docker images --format '{{.Repository}}' | grep -F '${examples.prefixedLayeredImage.imageName}'" + ) + + with subtest("buildLayeredImage supports running chown with fakeRootCommands"): + docker.succeed( + "docker load --input='${examples.layeredImageWithFakeRootCommands}'" + ) + docker.succeed( + "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" + ) + + with subtest("Ensure docker load on merged images loads all of the constituent images"): + docker.succeed( + "docker load --input='${examples.mergedBashAndRedis}'" + ) + docker.succeed( + "docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.bash.imageName}-${examples.bash.imageTag}'" + ) + docker.succeed( + "docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.redis.imageName}-${examples.redis.imageTag}'" + ) + docker.succeed("docker run --rm ${examples.bash.imageName} bash --version") + docker.succeed("docker run --rm ${examples.redis.imageName} redis-cli --version") + docker.succeed("docker rmi ${examples.bash.imageName}") + docker.succeed("docker rmi ${examples.redis.imageName}") + + with subtest( + "Ensure docker load on merged images loads all of the constituent images (missing tags)" + ): + docker.succeed( + "docker load --input='${examples.mergedBashNoTagAndRedis}'" + ) + docker.succeed( + "docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.bashNoTag.imageName}-${examples.bashNoTag.imageTag}'" + ) + docker.succeed( + "docker images --format '{{.Repository}}-{{.Tag}}' | grep -F '${examples.redis.imageName}-${examples.redis.imageTag}'" + ) + # we need to explicitly specify the generated tag here + docker.succeed( + "docker run --rm ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag} bash --version" + ) + docker.succeed("docker run --rm ${examples.redis.imageName} redis-cli --version") + docker.succeed("docker rmi ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag}") + docker.succeed("docker rmi ${examples.redis.imageName}") + + with subtest("mergeImages preserves owners of the original images"): + docker.succeed( + "docker load --input='${examples.mergedBashFakeRoot}'" + ) + docker.succeed( + "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" + ) ''; }) |