summary refs log tree commit diff
path: root/pkgs/build-support/docker/default.nix
Commit message (Collapse)AuthorAge
* dockerTools: create /tmp in rootLayerTim Windelschmidt2023-10-09
|
* dockerTools: use makeOverridable for buildImage family of functionsRobert Scott2023-09-11
| | | | | this allows nix users to modify existing images without having to rely on container image inheritance mechanisms via fromImage
* dockerTools: replace fakechroot with prootViktor Kronvall2023-08-19
| | | | | | | The command `fakechroot` errored with buffer overflows. The `proot` command doesn't seem to suffer from the same problem. The tar command creating the layer errors with "permission denied" on a bunch of paths in /proc but the layer seems to get built anyway.
* dockerTools: replace --no-clobber with --update=noneViktor Kronvall2023-08-17
| | | | | | | | | | | | Since coreutils v9.2 the `--no-clobber` flag results in a non-zero exit code when the destination files exist. Using `--update=none` will now reproduce the old behavior of `--no-clobber`. However, the `--update=none` flag was introduced in coreutils v9.3 and thus `mergeImages` will fail if you have an older version than v9.3 in stdenv after applying this commit. [coreutils v9.3 changelog](https://github.com/coreutils/coreutils/blob/f386722dc0d996d5379f12b4a8d4dd15ca7df4b5/NEWS#L48)
* treewide: use optionalString instead of 'then ""'Felix Buehler2023-06-24
|
* treewide: Make yescrypt the default algorithm for pam_unix.soMartin Weinelt2023-03-13
| | | | | This ensures `passwd` will default to yescrypt for newly generated passwords.
* dockerTools: Preprocess layers list before unpack to handle repeated layersAndrew Brooks2023-02-06
|
* dockerTools: Correctly unpack duplicate rootfs diffsAndrew Brooks2023-02-03
| | | | | | This PR addresses issue #214434 by preventing dockerTools.buildImage from deleting rootfs diffs until after they've been unpacked.
* dockerTools: make gzipped docker images faster to update by rsyncWalter Franzini2022-12-23
| | | | | This passes --rsyncable / -R to pigz for input-determined block locations, to improve rsync-ability.
* treewide: fix typosfigsoda2022-12-17
|
* dockerTools: refactor, rename internal variableRobert Hensing2022-12-08
| | | | | > has to fit its domain, which is the OCI spec, which uses > `architecture`. The `defaultArch` and `GOARCH` names are irrelevant.
* dockerTools: allowing architecture to be specifiedChristian Kemper2022-12-08
| | | | | ... for buildImage, buildLayeredImage and streamLayeredImage, adding docs and tests.
* dockerTools: fixup evaluation without allowed aliasesVladimír Čunát2022-11-27
| | | | This is a regression from PR #172736
* Merge pull request #172736 from infinisil/docker-nix-shellSilvan Mosberger2022-11-26
|\
| * dockerTools.buildNixShellImage: Chown nix directoriesSilvan Mosberger2022-11-07
| | | | | | | | | | | | | | | | To the user running the docker image. If a Nix binary is available in the resulting derivation, this then behaves like a single-user Nix installation, except that already-written /nix/store paths can't be changed. Most notably it makes Nix work not have to rely on a chroot store in the image
| * nixos/tests: Add tests for dockerTools.buildNixShellImageSilvan Mosberger2022-10-07
| |
| * Introduce dockerTools.buildNixShellImageSilvan Mosberger2022-10-07
| |
* | dockerTools: prefer local buildsmupdt2022-11-18
| |
* | Merge pull request #141050 from koenw/dockertools_too_many_argumentsRobert Hensing2022-10-13
|\ \ | |/ |/| build-support: Fix error when building images with many layers
| * build-support: Fix error when building images with many layersKoen Wilde2022-10-13
| | | | | | | | | | | | | | | | | | | | | | | | When building a docker image using `dockertools.buildLayeredImage`, the resulting image layers are passed to `jq` through the command line. When building an image with too many layers this would exceed the maximum command line argument length. Hence, we store the list of layers in the Nix store and pass them to `jq` as a file argument using `--slurpfile`. Fixes #140908.
* | dockerTools: add missing mkdir to caCertificates derivationRoss Light2022-09-20
| |
* | Merge pull request #170906 from Sohalt/dockerTools.ca-certificates.crtRobert Hensing2022-08-31
|\ \ | | | | | | dockerTools ca-certificates.crt helper
| * | dockerTools: add caCertificates helpersohalt2022-05-03
| | | | | | | | | | | | | | | Various tools (e.g. wget) expect the ca bundle to be available at /etc/ssl/certs/ca-certificates.crt
* | | dockerTools.buildImage: make VM memSize configurableAlex James2022-08-16
| | | | | | | | | | | | | | | | | | | | | Fixes #186752. This adds buildVMMemorySize (defaults to 512 MiB) to buildImage, which is passed to vm.runInLinuxVM. This is needed for larger base images, which may otherwise cause container build failures due to OOM in the VM.
* | | dockerTools.buildImage: Add copyToRoot to replace contents, explain usageRobert Hensing2022-07-06
| | |
* | | treewide: remove nativeBuildInputs that are in stdenvBen Siraphob2022-04-16
|/ /
* | dockerTools: misc fixeszowoq2022-04-05
| | | | | | | | | | - add nixosTests to `dockerTools.tests` - don't use `pkgs` or `lib.singleton`
* | fakeNss: move to toplevelFlorian Klink2022-03-24
| | | | | | | | | | | | | | Make this reachable from pkgs.fakeNss. This is useful outside docker contexts, too. https://github.com/NixOS/nixpkgs/pull/164943#discussion_r833220769
* | streamLayeredImage: pass through passthru attributesVincent Ambo2022-01-31
| | | | | | | | | | | | | | | | | | | | | | This is useful for a use-case we have with a Nix-based CI system that specifies things like deploy steps as passthru attributes[0]. Previously the only way to do this would have been to concatenate attributes onto the resulting derivation, but passing them in and actually treating them as proper passthru attributes is cleaner. [0]: https://cs.tvl.fyi/depot@f7d7da6aceb407b719cf4683a75878fd3aca319e/-/blob/nix/buildkite/default.nix?L222-226
* | dockerTools.buildImage: unpack base image layers in correct orderAndrew Brooks2021-12-17
| |
* | dockerTools: Keep fakechroot disabled by defaultRobert Hensing2021-12-04
| | | | | | | | Avoid risk of breaking existing images by making it opt-in.
* | dockerTools: Add fakechroot to fakeRootCommandsRobert Hensing2021-12-04
| |
* | Merge pull request #148341 from ↵Robert Hensing2021-12-03
|\ \ | | | | | | | | | | | | hercules-ci/add-dockerTools-customization-layer-dependencies dockerTools: Add store dependencies of the customization layer
| * | dockerTools: Add store dependencies of the customization layerRobert Hensing2021-10-06
| |/
* | build-support/docker: remove toplevel system attrRyan Burns2021-10-22
| |
* | dockerTools: Fix and test #118722 path in contentsRobert Hensing2021-10-18
|/
* dockerTools.exportImage: Make $out a tarball againRobert Hensing2021-09-29
|
* dockerTools.runWithOverlay: Avoid cluttering $out and copyingRobert Hensing2021-09-29
|
* dockerTools: fix exportJustin Bedo2021-09-29
|
* use --verbatim-files-from in dockerToolsdivanorama2021-09-10
| | | | https://www.gnu.org/software/tar/manual/html_node/files.html files starting with - can be treated as command line options, which isn't desirable here
* dockerTools.usrBinEnv: addFlorian Klink2021-08-25
| | | | | This provides a /usr/bin/env, for shell scripts using the "/usr/bin/env executable" shebang.
* dockerTools.fakeNss: add /etc/nsswitch.conf (#134958)Florian Klink2021-08-20
| | | | | | | | | | | | | | Apparently, a non-existent nsswitch.conf causes a very misleading host resolution, differing from the defaults people are used to. According to https://github.com/golang/go/issues/22846#issuecomment-346377144, glibc says the default is "dns [!UNAVAIL=return] files". This means, `/etc/hosts` isn't really honored, causing all sorts of unexpected behaviour. Let's prevent this, and first ask `/etc/hosts` before querying DNS, like we do on NixOS too.
* dockerTools.pullImage: fix for skopeo 1.4.xLuke Granger-Brown2021-08-14
| | | | | | | | skopeo 1.4.x doesn't accept --src-tls-verify as a flag to the *program*, only as a flag to copy; we must pass it after the "copy" verb, or it will fail with: > FATA[0000] unknown flag: --src-tls-verify
* docker: formatSandro Jäckel2021-08-10
|
* Merge pull request #132626 from zowoq/tarsumRobert Hensing2021-08-05
|\ | | | | tarsum: init
| * tarsum: initzowoq2021-08-05
| | | | | | | | | | - move from dockerTools.tarsum - remove go from runtime closure
* | dockerTools.buildImage: Allow build on darwin (#132640)Robert Hensing2021-08-04
|/ | | | Indeed Docker can not run darwin exes, but darwin can build Docker images, as some users already do with buildLayeredImage.
* dockerTools.tarsum: use current gozowoq2021-07-08
|
* dockerTools.pullImage: force disable skopeo's progress barLuke Granger-Brown2021-07-03
| | | | | | | | | | | | | | | | | | | | | | | | | | skopeo will disable the progress bar if it detects that stdout isn't a TTY - in order to make it think that stdout _isn't_ a TTY and therefore avoid it printing a lot of "…" on separate lines, we pipe the output through cat. This changes the output from: … … … … … … to the eminently more useful and less spammy: Getting image source signatures Copying blob sha256:[snip] Copying blob sha256:[snip] Copying blob sha256:[snip] Copying config sha256:[snip] Writing manifest to image destination Storing signatures
* Merge pull request #125216 from hercules-ci/follow-up-115491Robert Hensing2021-06-02
|\ | | | | dockerTools: Fix passthru image tag
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 01:51:37 +0000