dockerTools.buildImageWithNixDb: simplifications and switch to closureInfo

Since Nix 2 is now the stable Nix version, we can use closureInfo
which simplifies the Nix database initialisation (size and hash are
included in the "dump").
This commit is contained in:
Antoine Eiche 2018-04-30 15:01:30 +02:00
parent 3ec657ab0c
commit c12f75649e

View File

@ -11,7 +11,6 @@
pkgs, pkgs,
pigz, pigz,
nix, nix,
perl,
runCommand, runCommand,
rsync, rsync,
shadow, shadow,
@ -23,6 +22,7 @@
referencesByPopularity, referencesByPopularity,
writeScript, writeScript,
writeText, writeText,
closureInfo
}: }:
# WARNING: this API is unstable and may be subject to backwards-incompatible changes in the future. # WARNING: this API is unstable and may be subject to backwards-incompatible changes in the future.
@ -261,19 +261,6 @@ rec {
${text} ${text}
''; '';
nixRegistration = contents: runCommand "nix-registration" {
buildInputs = [ nix perl ];
# For obtaining the closure of `contents'.
exportReferencesGraph =
let contentsList = if builtins.isList contents then contents else [ contents ];
in map (x: [("closure-" + baseNameOf x) x]) contentsList;
}
''
mkdir $out
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out/db.dump
perl ${pkgs.pathsFromGraph} closure-* > $out/storePaths
'';
# Create $maxLayers worth of Docker Layers, one layer per store path # Create $maxLayers worth of Docker Layers, one layer per store path
# unless there are more paths than $maxLayers. In that case, create # unless there are more paths than $maxLayers. In that case, create
# $maxLayers-1 for the most popular layers, and smush the remainaing # $maxLayers-1 for the most popular layers, and smush the remainaing
@ -795,29 +782,19 @@ rec {
# the container. # the container.
# Be careful since this doesn't work well with multilayer. # Be careful since this doesn't work well with multilayer.
buildImageWithNixDb = args@{ contents ? null, extraCommands ? "", ... }: buildImageWithNixDb = args@{ contents ? null, extraCommands ? "", ... }:
buildImage (args // { let contentsList = if builtins.isList contents then contents else [ contents ];
in buildImage (args // {
extraCommands = '' extraCommands = ''
echo "Generating the nix database..." echo "Generating the nix database..."
echo "Warning: only the database of the deepest Nix layer is loaded." echo "Warning: only the database of the deepest Nix layer is loaded."
echo " If you want to use nix commands in the container, it would" echo " If you want to use nix commands in the container, it would"
echo " be better to only have one layer that contains a nix store." echo " be better to only have one layer that contains a nix store."
# This requires Nix 1.12 or higher
export NIX_REMOTE=local?root=$PWD
${nix}/bin/nix-store --load-db < ${nixRegistration contents}/db.dump
# We fill the store in order to run the 'verify' command that export NIX_REMOTE=local?root=$PWD
# generates hash and size of output paths. ${nix}/bin/nix-store --load-db < ${closureInfo {rootPaths = contentsList;}}/registration
# Note when Nix 1.12 is be the stable one, the database dump
# generated by the exportReferencesGraph function will
# contains sha and size. See
# https://github.com/NixOS/nix/commit/c2b0d8749f7e77afc1c4b3e8dd36b7ee9720af4a
storePaths=$(cat ${nixRegistration contents}/storePaths)
echo "Copying everything to /nix/store (will take a while)..."
cp -prd $storePaths nix/store/
${nix}/bin/nix-store --verify --check-contents
mkdir -p nix/var/nix/gcroots/docker/ mkdir -p nix/var/nix/gcroots/docker/
for i in ${lib.concatStringsSep " " contents}; do for i in ${lib.concatStringsSep " " contentsList}; do
ln -s $i nix/var/nix/gcroots/docker/$(basename $i) ln -s $i nix/var/nix/gcroots/docker/$(basename $i)
done; done;
'' + extraCommands; '' + extraCommands;