pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #79736 from Ma27/minor-imperative-container-fixes

nixos-container: minor fixes

Danylo Hlynskyi 9336b084 bd91caca

options
unified split
Changed files
+38 -8
nixos
tests
containers-imperative.nix
pkgs
tools
virtualization
nixos-container
nixos-container.pl
+15
nixos/tests/containers-imperative.nix 
···

       
46

       
 

       
          };


     

       
47

       
 

       
        }


     

       
48

       
 

       
      '';


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
49

       
 

       
    in ''


     

       
50

       
 

       
      with subtest("Make sure we have a NixOS tree (required by ‘nixos-container create’)"):


     

       
51

       
 

       
          machine.succeed("PAGER=cat nix-env -qa -A nixos.hello >&2")


     
···

       
130

       
 

       
      with subtest("Ensure that the container path is gone"):


     

       
131

       
 

       
          print(machine.succeed("ls -lsa /var/lib/containers"))


     

       
132

       
 

       
          machine.succeed(f"test ! -e /var/lib/containers/{id1}")


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
133

       
 

       
    '';


     

       
134

       
 

       
})


     
···

       
46

       
 

       
          };


     

       
47

       
 

       
        }


     

       
48

       
 

       
      '';


     

       
49

       
+

       
      brokenCfg = pkgs.writeText "broken.nix" ''


     

       
50

       
+

       
        {


     

       
51

       
+

       
          assertions = [


     

       
52

       
+

       
            { assertion = false;


     

       
53

       
+

       
              message = "I never evaluate";


     

       
54

       
+

       
            }


     

       
55

       
+

       
          ];


     

       
56

       
+

       
        }


     

       
57

       
+

       
      '';


     

       
58

       
 

       
    in ''


     

       
59

       
 

       
      with subtest("Make sure we have a NixOS tree (required by ‘nixos-container create’)"):


     

       
60

       
 

       
          machine.succeed("PAGER=cat nix-env -qa -A nixos.hello >&2")


     
···

       
139

       
 

       
      with subtest("Ensure that the container path is gone"):


     

       
140

       
 

       
          print(machine.succeed("ls -lsa /var/lib/containers"))


     

       
141

       
 

       
          machine.succeed(f"test ! -e /var/lib/containers/{id1}")


     

       
142

       
+

       



     

       
143

       
+

       
      with subtest("Ensure that a failed container creation doesn'leave any state"):


     

       
144

       
+

       
          machine.fail(


     

       
145

       
+

       
              "nixos-container create b0rk --config-file ${brokenCfg}"


     

       
146

       
+

       
          )


     

       
147

       
+

       
          machine.succeed(f"test ! -e /var/lib/containers/b0rk")


     

       
148

       
 

       
    '';


     

       
149

       
 

       
})
+23 -8
pkgs/tools/virtualization/nixos-container/nixos-container.pl 
···

       
43

       
 

       
         [--config <string>]


     

       
44

       
 

       
         [--config-file <path>]


     

       
45

       
 

       
         [--flake <flakeref>]


     

       

       

       
     

       
46

       
 

       
       nixos-container login <container-name>


     

       
47

       
 

       
       nixos-container root-login <container-name>


     

       
48

       
 

       
       nixos-container run <container-name> -- args...


     
···

       
149

       
 

       
    unlink("$systemPath.tmp");


     

       
150

       
 

       
}


     

       
151

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
152

       
 

       
if ($action eq "create") {


     

       
153

       
 

       
    # Acquire an exclusive lock to prevent races with other


     

       
154

       
 

       
    # invocations of ‘nixos-container create’.


     
···

       
226

       
 

       



     

       
227

       
 

       
    if (defined $systemPath) {


     

       
228

       
 

       
        system("nix-env", "-p", "$profileDir/system", "--set", $systemPath) == 0


     

       
229

       
-

       
            or die "$0: failed to set initial container configuration\n";


     

       

       

       
     

       

       

       
     

       

       

       
     

       
230

       
 

       
    } else {


     

       
231

       
 

       
        mkpath("$root/etc/nixos", 0, 0755);


     

       
232

       
 

       



     
···

       
237

       
 

       
        system("nix-env", "-p", "$profileDir/system",


     

       
238

       
 

       
               "-I", "nixos-config=$nixosConfigFile", "-f", "$nixenvF",


     

       
239

       
 

       
               "--set", "-A", "system") == 0


     

       
240

       
-

       
            or die "$0: failed to build initial container configuration\n";


     

       

       

       
     

       

       

       
     

       

       

       
     

       
241

       
 

       
    }


     

       
242

       
 

       



     

       
243

       
 

       
    print "$containerName\n" if $ensureUniqueName;


     
···

       
331

       
 

       



     

       
332

       
 

       
    terminateContainer if (isContainerRunning);


     

       
333

       
 

       



     

       
334

       
-

       
    safeRemoveTree($profileDir) if -e $profileDir;


     

       
335

       
-

       
    safeRemoveTree($gcRootsDir) if -e $gcRootsDir;


     

       
336

       
-

       
    system("chattr", "-i", "$root/var/empty") if -e "$root/var/empty";


     

       
337

       
-

       
    safeRemoveTree($root) if -e $root;


     

       
338

       
-

       
    unlink($confFile) or die;


     

       
339

       
 

       
}


     

       
340

       
 

       



     

       
341

       
 

       
elsif ($action eq "restart") {


     
···

       
374

       
 

       
        system("nix-env", "-p", "$profileDir/system", "--set", $systemPath) == 0


     

       
375

       
 

       
            or die "$0: failed to set container configuration\n";


     

       
376

       
 

       
    } else {


     

       

       

       
     

       
377

       
 

       
        my $nixosConfigFile = "$root/etc/nixos/configuration.nix";


     

       
378

       
 

       



     

       
379

       
 

       
        # FIXME: may want to be more careful about clobbering the existing


     
···

       
383

       
 

       
            writeNixOSConfig $nixosConfigFile;


     

       
384

       
 

       
        }


     

       
385

       
 

       



     

       

       

       
     

       
386

       
 

       
        system("nix-env", "-p", "$profileDir/system",


     

       
387

       
-

       
               "-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>",


     

       
388

       
 

       
               "--set", "-A", "system") == 0


     

       
389

       
 

       
            or die "$0: failed to build container configuration\n";


     

       
390

       
 

       
    }


     
···

       
43

       
 

       
         [--config <string>]


     

       
44

       
 

       
         [--config-file <path>]


     

       
45

       
 

       
         [--flake <flakeref>]


     

       
46

       
+

       
         [--nixos-path <path>]


     

       
47

       
 

       
       nixos-container login <container-name>


     

       
48

       
 

       
       nixos-container root-login <container-name>


     

       
49

       
 

       
       nixos-container run <container-name> -- args...


     
···

       
150

       
 

       
    unlink("$systemPath.tmp");


     

       
151

       
 

       
}


     

       
152

       
 

       



     

       
153

       
+

       
sub clearContainerState {


     

       
154

       
+

       
    my ($profileDir, $gcRootsDir, $root, $configFile) = @_;


     

       
155

       
+

       



     

       
156

       
+

       
    safeRemoveTree($profileDir) if -e $profileDir;


     

       
157

       
+

       
    safeRemoveTree($gcRootsDir) if -e $gcRootsDir;


     

       
158

       
+

       
    system("chattr", "-i", "$root/var/empty") if -e "$root/var/empty";


     

       
159

       
+

       
    safeRemoveTree($root) if -e $root;


     

       
160

       
+

       
    unlink($configFile) or die;


     

       
161

       
+

       
}


     

       
162

       
+

       



     

       
163

       
 

       
if ($action eq "create") {


     

       
164

       
 

       
    # Acquire an exclusive lock to prevent races with other


     

       
165

       
 

       
    # invocations of ‘nixos-container create’.


     
···

       
237

       
 

       



     

       
238

       
 

       
    if (defined $systemPath) {


     

       
239

       
 

       
        system("nix-env", "-p", "$profileDir/system", "--set", $systemPath) == 0


     

       
240

       
+

       
            or do {


     

       
241

       
+

       
                clearContainerState($profileDir, "$profileDir/$containerName", $root, $confFile);


     

       
242

       
+

       
                die "$0: failed to set initial container configuration\n";


     

       
243

       
+

       
            };


     

       
244

       
 

       
    } else {


     

       
245

       
 

       
        mkpath("$root/etc/nixos", 0, 0755);


     

       
246

       
 

       



     
···

       
251

       
 

       
        system("nix-env", "-p", "$profileDir/system",


     

       
252

       
 

       
               "-I", "nixos-config=$nixosConfigFile", "-f", "$nixenvF",


     

       
253

       
 

       
               "--set", "-A", "system") == 0


     

       
254

       
+

       
            or do {


     

       
255

       
+

       
                clearContainerState($profileDir, "$profileDir/$containerName", $root, $confFile);


     

       
256

       
+

       
                die "$0: failed to build initial container configuration\n"


     

       
257

       
+

       
            };


     

       
258

       
 

       
    }


     

       
259

       
 

       



     

       
260

       
 

       
    print "$containerName\n" if $ensureUniqueName;


     
···

       
348

       
 

       



     

       
349

       
 

       
    terminateContainer if (isContainerRunning);


     

       
350

       
 

       



     

       
351

       
+

       
    clearContainerState($profileDir, $gcRootsDir, $root, $confFile);


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
352

       
 

       
}


     

       
353

       
 

       



     

       
354

       
 

       
elsif ($action eq "restart") {


     
···

       
387

       
 

       
        system("nix-env", "-p", "$profileDir/system", "--set", $systemPath) == 0


     

       
388

       
 

       
            or die "$0: failed to set container configuration\n";


     

       
389

       
 

       
    } else {


     

       
390

       
+

       



     

       
391

       
 

       
        my $nixosConfigFile = "$root/etc/nixos/configuration.nix";


     

       
392

       
 

       



     

       
393

       
 

       
        # FIXME: may want to be more careful about clobbering the existing


     
···

       
397

       
 

       
            writeNixOSConfig $nixosConfigFile;


     

       
398

       
 

       
        }


     

       
399

       
 

       



     

       
400

       
+

       
        my $nixenvF = $nixosPath // "<nixpkgs/nixos>";


     

       
401

       
 

       
        system("nix-env", "-p", "$profileDir/system",


     

       
402

       
+

       
               "-I", "nixos-config=$nixosConfigFile", "-f", $nixenvF,


     

       
403

       
 

       
               "--set", "-A", "system") == 0


     

       
404

       
 

       
            or die "$0: failed to build container configuration\n";


     

       
405

       
 

       
    }