Merge pull request #91085 from hercules-ci/fix-dockerTools-nix-symlinks

Fix docker tools nix symlinks
2024-09-21 12:59:04 +02:00 · 2020-06-19 12:01:47 +02:00 · 2020-06-19 12:01:47 +02:00 · 06469493de
parent 36429a4e59 2dd94af186
commit 06469493de
3 changed files with 43 additions and 3 deletions
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -42,6 +42,20 @@ import ./make-test-python.nix ({ pkgs, ... }: {
            "docker rmi ${examples.nix.imageName}",
        )

+    with subtest("The nix binary symlinks are intact"):
+        docker.succeed(
+            "docker load --input='${examples.nix}'",
+            "docker run --rm ${examples.nix.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",
+            "docker rmi ${examples.nix.imageName}",
+        )
+
+    with subtest("The nix binary symlinks are intact when the image is layered"):
+        docker.succeed(
+            "docker load --input='${examples.nixLayered}'",
+            "docker run --rm ${examples.nixLayered.imageName} ${pkgs.bash}/bin/bash -c 'test nix == $(readlink ${pkgs.nix}/bin/nix-daemon)'",
+            "docker rmi ${examples.nixLayered.imageName}",
+        )
+
    with subtest("The pullImage tool works"):
        docker.succeed(
            "docker load --input='${examples.nixFromDockerHub}'",
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -121,6 +121,7 @@ rec {
      # the image env variable NIX_PAGER.
      pkgs.coreutils
      pkgs.nix
+      pkgs.bash
    ];
    config = {
      Env = [
@ -313,4 +314,25 @@ rec {
      )
    ];
  };
+
+  nixLayered = pkgs.dockerTools.buildLayeredImageWithNixDb {
+    name = "nix-layered";
+    tag = "latest";
+    contents = [
+      # nix-store uses cat program to display results as specified by
+      # the image env variable NIX_PAGER.
+      pkgs.coreutils
+      pkgs.nix
+      pkgs.bash
+    ];
+    config = {
+      Env = [
+        "NIX_PAGER=cat"
+        # A user is required by nix
+        # https://github.com/NixOS/nix/blob/9348f9291e5d9e4ba3c4347ea1b235640f54fd79/src/libutil/util.cc#L478
+        "USER=nobody"
+      ];
+    };
+  };
+
 }
--- a/pkgs/build-support/docker/store-path-to-layer.sh
+++ b/pkgs/build-support/docker/store-path-to-layer.sh
@ -16,7 +16,11 @@ mkdir -p "$layerPath"
 # when there are other things being added to the
 # nix store, tar could fail, saying,
 # "tar: /nix/store: file changed as we read it"
-mkdir -p nix/store
+#
+# In addition, we use `__Nix__` instead of `nix` to avoid renaming
+# relative symlink destinations like
+# /nix/store/...-nix-2.3.4/bin/nix-daemon -> nix
+mkdir -p __Nix__/store

 # Then we change into the /nix/store in order to
 # avoid a similar "file changed as we read it" error
@ -35,8 +39,8 @@ tarhash=$(
      --hard-dereference --sort=name \
      --mtime="@$SOURCE_DATE_EPOCH" \
      --owner=0 --group=0 \
-      --transform 's,^nix$,/\0,' \
-      --transform 's,^nix/store$,/\0,' \
+      --transform 's,^__Nix__$,/nix,' \
+      --transform 's,^__Nix__/store$,/nix/store,' \
      --transform 's,^[^/],/nix/store/\0,rS' |
    tee "$layerPath/layer.tar" |
    tarsum