diff options
Diffstat (limited to 'nixpkgs/pkgs/build-support/docker/examples.nix')
| -rw-r--r-- | nixpkgs/pkgs/build-support/docker/examples.nix | 110 |
1 files changed, 102 insertions, 8 deletions
diff --git a/nixpkgs/pkgs/build-support/docker/examples.nix b/nixpkgs/pkgs/build-support/docker/examples.nix index d533e3abd03..4a611add8a1 100644 --- a/nixpkgs/pkgs/build-support/docker/examples.nix +++ b/nixpkgs/pkgs/build-support/docker/examples.nix @@ -121,6 +121,7 @@ rec { # the image env variable NIX_PAGER. pkgs.coreutils pkgs.nix + pkgs.bash ]; config = { Env = [ @@ -297,20 +298,113 @@ rec { name = "no-store-paths"; tag = "latest"; extraCommands = '' - chmod a+w bin - # This removes sharing of busybox and is not recommended. We do this # to make the example suitable as a test case with working binaries. cp -r ${pkgs.pkgsStatic.busybox}/* . ''; + }; + + nixLayered = pkgs.dockerTools.buildLayeredImageWithNixDb { + name = "nix-layered"; + tag = "latest"; + contents = [ + # nix-store uses cat program to display results as specified by + # the image env variable NIX_PAGER. + pkgs.coreutils + pkgs.nix + pkgs.bash + ]; + config = { + Env = [ + "NIX_PAGER=cat" + # A user is required by nix + # https://github.com/NixOS/nix/blob/9348f9291e5d9e4ba3c4347ea1b235640f54fd79/src/libutil/util.cc#L478 + "USER=nobody" + ]; + }; + }; + + # 19. Support files in the store on buildLayeredImage + # See: https://github.com/NixOS/nixpkgs/pull/91084#issuecomment-653496223 + filesInStore = pkgs.dockerTools.buildLayeredImageWithNixDb { + name = "file-in-store"; + tag = "latest"; contents = [ - # This layer has no dependencies and its symlinks will be dereferenced - # when creating the customization layer. - (pkgs.runCommand "layer-to-flatten" {} '' - mkdir -p $out/bin - ln -s /bin/true $out/bin/custom-true + pkgs.coreutils + pkgs.nix + (pkgs.writeScriptBin "myscript" '' + #!${pkgs.runtimeShell} + cat ${pkgs.writeText "somefile" "some data"} + '') + ]; + config = { + Cmd = [ "myscript" ]; + # For some reason 'nix-store --verify' requires this environment variable + Env = [ "USER=root" ]; + }; + }; + + # 20. Ensure that setting created to now results in a date which + # isn't the epoch + 1 for layered images. + unstableDateLayered = pkgs.dockerTools.buildLayeredImage { + name = "unstable-date-layered"; + tag = "latest"; + contents = [ pkgs.coreutils ]; + created = "now"; + }; + + # buildImage without explicit tag + bashNoTag = pkgs.dockerTools.buildImage { + name = "bash-no-tag"; + contents = pkgs.bashInteractive; + }; + + # buildLayeredImage without explicit tag + bashNoTagLayered = pkgs.dockerTools.buildLayeredImage { + name = "bash-no-tag-layered"; + contents = pkgs.bashInteractive; + }; + + # buildImage without explicit tag + bashNoTagStreamLayered = pkgs.dockerTools.streamLayeredImage { + name = "bash-no-tag-stream-layered"; + contents = pkgs.bashInteractive; + }; + + # buildLayeredImage with non-root user + bashLayeredWithUser = + let + nonRootShadowSetup = { user, uid, gid ? uid }: with pkgs; [ + ( + writeTextDir "etc/shadow" '' + root:!x::::::: + ${user}:!::::::: + '' + ) + ( + writeTextDir "etc/passwd" '' + root:x:0:0::/root:${runtimeShell} + ${user}:x:${toString uid}:${toString gid}::/home/${user}: + '' + ) + ( + writeTextDir "etc/group" '' + root:x:0: + ${user}:x:${toString gid}: + '' + ) + ( + writeTextDir "etc/gshadow" '' + root:x:: + ${user}:x:: '' ) ]; - }; + in + pkgs.dockerTools.buildLayeredImage { + name = "bash-layered-with-user"; + tag = "latest"; + contents = [ pkgs.bash pkgs.coreutils ] ++ nonRootShadowSetup { uid = 999; user = "somebody"; }; + }; + } |