| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
| |
this allows nix users to modify existing images without having
to rely on container image inheritance mechanisms via fromImage
|
|
|
|
|
|
|
| |
The command `fakechroot` errored with buffer overflows. The `proot`
command doesn't seem to suffer from the same problem. The tar command
creating the layer errors with "permission denied" on a bunch of paths
in /proc but the layer seems to get built anyway.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since coreutils v9.2 the `--no-clobber` flag results in a non-zero exit
code when the destination files exist. Using `--update=none` will now
reproduce the old behavior of `--no-clobber`.
However, the `--update=none` flag was introduced in coreutils v9.3 and
thus `mergeImages` will fail if you have an older version than v9.3 in
stdenv after applying this commit.
[coreutils v9.3 changelog](https://github.com/coreutils/coreutils/blob/f386722dc0d996d5379f12b4a8d4dd15ca7df4b5/NEWS#L48)
|
| |
|
|
|
|
|
|
| |
Without this change, the `--os` and `--arch` switches are disregarded
for operations involving `skopeo inspect` invocations. This means that,
for example, one cannot fetch Linux images while on macOS.
|
|
|
|
|
| |
This ensures `passwd` will default to yescrypt for newly generated
passwords.
|
| |
|
|
|
|
|
|
| |
This PR addresses issue #214434 by preventing
dockerTools.buildImage from deleting rootfs diffs until after
they've been unpacked.
|
|
|
|
|
| |
This passes --rsyncable / -R to pigz for input-determined block
locations, to improve rsync-ability.
|
| |
|
| |
|
|
|
|
|
| |
> has to fit its domain, which is the OCI spec, which uses
> `architecture`. The `defaultArch` and `GOARCH` names are irrelevant.
|
|
|
|
|
| |
... for buildImage, buildLayeredImage and streamLayeredImage,
adding docs and tests.
|
| |
|
|
|
|
| |
This is a regression from PR #172736
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
To the user running the docker image. If a Nix binary is available in
the resulting derivation, this then behaves like a single-user Nix
installation, except that already-written /nix/store paths can't be
changed. Most notably it makes Nix work not have to rely on a chroot
store in the image
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
|/| |
build-support: Fix error when building images with many layers
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When building a docker image using `dockertools.buildLayeredImage`, the
resulting image layers are passed to `jq` through the command line. When
building an image with too many layers this would exceed the maximum
command line argument length.
Hence, we store the list of layers in the Nix store and pass them to
`jq` as a file argument using `--slurpfile`.
Fixes #140908.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
dockerTools ca-certificates.crt helper
|
| | |
| | |
| | |
| | |
| | | |
Various tools (e.g. wget) expect the ca bundle to be available at
/etc/ssl/certs/ca-certificates.crt
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #186752. This adds buildVMMemorySize (defaults to 512 MiB) to
buildImage, which is passed to vm.runInLinuxVM. This is needed for
larger base images, which may otherwise cause container build failures
due to OOM in the VM.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
/etc/hosts is generally also provided by the container runtime.
|
| | |
| | |
| | |
| | | |
(cherry picked from commit 9b2af8673be82d48ce76c8c152de85ad921d26ba)
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| | |
- add nixosTests to `dockerTools.tests`
- don't use `pkgs` or `lib.singleton`
|
| |
| |
| |
| | |
`pkgs.system` is an alias
|
| |
| |
| |
| |
| |
| |
| | |
Make this reachable from pkgs.fakeNss. This is useful outside docker
contexts, too.
https://github.com/NixOS/nixpkgs/pull/164943#discussion_r833220769
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is useful for a use-case we have with a Nix-based CI system that
specifies things like deploy steps as passthru attributes[0].
Previously the only way to do this would have been to concatenate
attributes onto the resulting derivation, but passing them in and
actually treating them as proper passthru attributes is cleaner.
[0]: https://cs.tvl.fyi/depot@f7d7da6aceb407b719cf4683a75878fd3aca319e/-/blob/nix/buildkite/default.nix?L222-226
|
| | |
|
| | |
|
| |
| |
| |
| | |
Avoid risk of breaking existing images by making it opt-in.
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
hercules-ci/add-dockerTools-customization-layer-dependencies
dockerTools: Add store dependencies of the customization layer
|
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
treewide: remove toplevel `system` attr
|
| | | |
|
|/ / |
|
|/ |
|