pyrox.dev / nixpkgs
lol
fork atom

Revert "dockerTools.pullImage: use skopeo to pull the image"

This reverts commit 01174c5f4d7df0fd0928fbf8a2a8e633a9cf54aa.

See https://github.com/NixOS/nixpkgs/pull/29302#issuecomment-332809092
for more information. This broke image format compatibility and
therefore amongst others mesos.

Robin Gloster 5c6dc717 69344de7

options
unified split
Changed files
+34 -15
pkgs
build-support
docker
default.nix
examples.nix
pull.nix
+1 -14
pkgs/build-support/docker/default.nix 
···

       
32

       
32

       
 

       
    inherit pkgs buildImage pullImage shadowSetup buildImageWithNixDb;


     

       
33

       
33

       
 

       
  };


     

       
34

       
34

       
 

       



     

       
35

       

       
-

       
  pullImage =


     

       
36

       

       
-

       
    let


     

       
37

       

       
-

       
      nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;


     

       
38

       

       
-

       
    in


     

       
39

       

       
-

       
      # For simplicity we only support sha256.


     

       
40

       

       
-

       
      { imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"


     

       
41

       

       
-

       
      , sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:


     

       
42

       

       
-

       
      runCommand name {


     

       
43

       

       
-

       
        impureEnvVars=pkgs.stdenv.lib.fetchers.proxyImpureEnvVars;


     

       
44

       

       
-

       
        outputHashMode="flat";


     

       
45

       

       
-

       
        outputHashAlgo="sha256";


     

       
46

       

       
-

       
        outputHash=sha256;


     

       
47

       

       
-

       
      }


     

       
48

       

       
-

       
      "${pkgs.skopeo}/bin/skopeo copy docker://${imageId} docker-archive://$out:${imageId}";


     

       

       
35

       
+

       
  pullImage = callPackage ./pull.nix {};


     

       
49

       
36

       
 

       



     

       
50

       
37

       
 

       
  # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash.


     

       
51

       
38

       
 

       
  # And we cannot untar it, because then we cannot preserve permissions ecc.
+1 -1
pkgs/build-support/docker/examples.nix 
···

       
87

       
87

       
 

       
    imageName = "nixos/nix";


     

       
88

       
88

       
 

       
    imageTag = "1.11";


     

       
89

       
89

       
 

       
    # this hash will need change if the tag is updated at docker hub


     

       
90

       

       
-

       
    sha256 = "18xvcnl0yvj9kfi5bkimrhhjaa8xhm3jhshh2xd7c0sbfrmfqzvi";


     

       

       
90

       
+

       
    sha256 = "1gk4bq05vl3rj3mh4mlbl4iicgndmimlv8jvkhdk4hrv0r44bwr3";


     

       
91

       
91

       
 

       
  };


     

       
92

       
92

       
 

       



     

       
93

       
93

       
 

       
  # 5. example of multiple contents, emacs and vi happily coexisting
+32
pkgs/build-support/docker/pull.nix 
···

       

       
1

       
+

       
{ stdenv, lib, docker, vmTools, utillinux, curl, kmod, dhcp, cacert, e2fsprogs }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;


     

       

       
4

       
+

       
in


     

       

       
5

       
+

       
# For simplicity we only support sha256.


     

       

       
6

       
+

       
{ imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"


     

       

       
7

       
+

       
, sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:


     

       

       
8

       
+

       
let


     

       

       
9

       
+

       
  pullImage = vmTools.runInLinuxVM (


     

       

       
10

       
+

       
    stdenv.mkDerivation {


     

       

       
11

       
+

       
      inherit name imageId;


     

       

       
12

       
+

       



     

       

       
13

       
+

       
      certs = "${cacert}/etc/ssl/certs/ca-bundle.crt";


     

       

       
14

       
+

       



     

       

       
15

       
+

       
      builder = ./pull.sh;


     

       

       
16

       
+

       



     

       

       
17

       
+

       
      buildInputs = [ curl utillinux docker kmod dhcp cacert e2fsprogs ];


     

       

       
18

       
+

       



     

       

       
19

       
+

       
      outputHashAlgo = "sha256";


     

       

       
20

       
+

       
      outputHash = sha256;


     

       

       
21

       
+

       



     

       

       
22

       
+

       
      impureEnvVars = lib.fetchers.proxyImpureEnvVars;


     

       

       
23

       
+

       



     

       

       
24

       
+

       
      preVM = vmTools.createEmptyImage {


     

       

       
25

       
+

       
        size = 2048;


     

       

       
26

       
+

       
        fullName = "${name}-disk";


     

       

       
27

       
+

       
      };


     

       

       
28

       
+

       



     

       

       
29

       
+

       
      QEMU_OPTS = "-netdev user,id=net0 -device virtio-net-pci,netdev=net0";


     

       

       
30

       
+

       
    });


     

       

       
31

       
+

       
in


     

       

       
32

       
+

       
  pullImage