diff options
Diffstat (limited to 'nixpkgs/nixos/tests/docker-tools.nix')
-rw-r--r-- | nixpkgs/nixos/tests/docker-tools.nix | 88 |
1 files changed, 79 insertions, 9 deletions
diff --git a/nixpkgs/nixos/tests/docker-tools.nix b/nixpkgs/nixos/tests/docker-tools.nix index 2375d15b381..edb9aec62db 100644 --- a/nixpkgs/nixos/tests/docker-tools.nix +++ b/nixpkgs/nixos/tests/docker-tools.nix @@ -30,8 +30,45 @@ import ./make-test-python.nix ({ pkgs, ... }: { ) docker.succeed("docker run --rm ${examples.bash.imageName} bash --version") + # Check imageTag attribute matches image + docker.succeed("docker images --format '{{.Tag}}' | grep -F '${examples.bash.imageTag}'") docker.succeed("docker rmi ${examples.bash.imageName}") + # The remaining combinations + with subtest("Ensure imageTag attribute matches image"): + docker.succeed( + "docker load --input='${examples.bashNoTag}'" + ) + docker.succeed( + "docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTag.imageTag}'" + ) + docker.succeed("docker rmi ${examples.bashNoTag.imageName}:${examples.bashNoTag.imageTag}") + + docker.succeed( + "docker load --input='${examples.bashNoTagLayered}'" + ) + docker.succeed( + "docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTagLayered.imageTag}'" + ) + docker.succeed("docker rmi ${examples.bashNoTagLayered.imageName}:${examples.bashNoTagLayered.imageTag}") + + docker.succeed( + "${examples.bashNoTagStreamLayered} | docker load" + ) + docker.succeed( + "docker images --format '{{.Tag}}' | grep -F '${examples.bashNoTagStreamLayered.imageTag}'" + ) + docker.succeed( + "docker rmi ${examples.bashNoTagStreamLayered.imageName}:${examples.bashNoTagStreamLayered.imageTag}" + ) + + docker.succeed( + "docker load --input='${examples.nixLayered}'" + ) + docker.succeed("docker images --format '{{.Tag}}' | grep -F '${examples.nixLayered.imageTag}'") + docker.succeed("docker rmi ${examples.nixLayered.imageName}") + + with subtest( "Check if the nix store is correctly initialized by listing " "dependencies of the installed Nix binary" @@ -42,6 +79,30 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker rmi ${examples.nix.imageName}", ) + with subtest( + "Ensure (layered) nix store has correct permissions " + "and that the container starts when its process does not have uid 0" + ): + docker.succeed( + "docker load --input='${examples.bashLayeredWithUser}'", + "docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'", + "docker rmi ${examples.bashLayeredWithUser.imageName}", + ) + + with subtest("The nix binary symlinks are intact"): + docker.succeed( + "docker load --input='${examples.nix}'", + "docker run --rm ${examples.nix.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'", + "docker rmi ${examples.nix.imageName}", + ) + + with subtest("The nix binary symlinks are intact when the image is layered"): + docker.succeed( + "docker load --input='${examples.nixLayered}'", + "docker run --rm ${examples.nixLayered.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'", + "docker rmi ${examples.nixLayered.imageName}", + ) + with subtest("The pullImage tool works"): docker.succeed( "docker load --input='${examples.nixFromDockerHub}'", @@ -76,13 +137,22 @@ import ./make-test-python.nix ({ pkgs, ... }: { with subtest("Ensure Docker images can use an unstable date"): docker.succeed( - "docker load --input='${examples.bash}'" + "docker load --input='${examples.unstableDate}'" ) assert unix_time_second1 not in docker.succeed( "docker inspect ${examples.unstableDate.imageName} " + "| ${pkgs.jq}/bin/jq -r .[].Created" ) + with subtest("Ensure Layered Docker images can use an unstable date"): + docker.succeed( + "docker load --input='${examples.unstableDateLayered}'" + ) + assert unix_time_second1 not in docker.succeed( + "docker inspect ${examples.unstableDateLayered.imageName} " + + "| ${pkgs.jq}/bin/jq -r .[].Created" + ) + with subtest("Ensure Layered Docker images work"): docker.succeed( "docker load --input='${examples.layered-image}'", @@ -149,20 +219,20 @@ import ./make-test-python.nix ({ pkgs, ... }: { ) with subtest("Ensure correct behavior when no store is needed"): - # This check tests two requirements simultaneously - # 1. buildLayeredImage can build images that don't need a store. - # 2. Layers of symlinks are eliminated by the customization layer. - # + # This check tests that buildLayeredImage can build images that don't need a store. docker.succeed( "docker load --input='${pkgs.dockerTools.examples.no-store-paths}'" ) - # Busybox will not recognize argv[0] and print an error message with argv[0], - # but it confirms that the custom-true symlink is present. - docker.succeed("docker run --rm no-store-paths custom-true |& grep custom-true") - # This check may be loosened to allow an *empty* store rather than *no* store. docker.succeed("docker run --rm no-store-paths ls /") docker.fail("docker run --rm no-store-paths ls /nix/store") + + with subtest("Ensure buildLayeredImage does not change store path contents."): + docker.succeed( + "docker load --input='${pkgs.dockerTools.examples.filesInStore}'", + "docker run --rm file-in-store nix-store --verify --check-contents", + "docker run --rm file-in-store |& grep 'some data'", + ) ''; }) |