Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/dockerTools: fix includeStorePaths when enableFakechroot #271976

Merged
merged 2 commits into from
Feb 14, 2024
Merged

nixos/dockerTools: fix includeStorePaths when enableFakechroot #271976

merged 2 commits into from
Feb 14, 2024

Conversation

r-k-b
Copy link
Contributor

@r-k-b r-k-b commented Dec 4, 2023
edited
Loading

Description of changes

After #268458, when setting enableFakechroot = true and includeStorePaths = false, some of the store paths were getting included into the image anyway, thru bind-paths. This resulted in unexpectedly large images.

Now, the images will not contain any store paths under those circumstances.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@r-k-b r-k-b requested a review from roberth as a code owner December 4, 2023 04:22
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Dec 4, 2023
roberth
roberth requested changes Dec 4, 2023
View reviewed changes
Copy link
Member

@roberth roberth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a tests cases for such duplication in nixos/tests/docker-tools.nix?

pkgs/build-support/docker/default.nix Outdated
@@ -922,6 +922,7 @@ rec {
--sort name \
--exclude=./proc \
--exclude=./sys \
${optionalString (!includeStorePaths) "--exclude=.${builtins.storeDir}"} \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Store paths should under no circumstance be added to the customization layer. That's what the other layers are for.

Suggested change
${optionalString (!includeStorePaths) "--exclude=.${builtins.storeDir}"} \
--exclude=.${builtins.storeDir} \

Copy link
Contributor Author

@r-k-b r-k-b Dec 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the tip! I've amended my commit to: f09b8484b3604beeaafae15c4e3d1170175da126 9be14e2f323c56c57e4fb034dd73720358370b84

About the nixos tests, I'm new to them; I'll try to add them this week.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a test, and fixed my breaking typo.

Hopefully the use of pkgs.crane in the tests is ok, I had trouble finding a concise way of listing out the image files.

@r-k-b r-k-b force-pushed the fix-dockerTools-includeStorePaths branch 2 times, most recently from f09b848 to 9be14e2 Compare December 5, 2023 09:55
@github-actions github-actions bot added the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Dec 5, 2023
@r-k-b r-k-b force-pushed the fix-dockerTools-includeStorePaths branch from 9be14e2 to 22ee6de Compare December 6, 2023 00:53
@r-k-b
nixos/dockerTools: fix includeStorePaths when enableFakechroot
8353fad 
After NixOS#268458, when setting `enableFakechroot = true` and
`includeStorePaths = false`, some of the store paths were getting
included into the image anyway, thru `bind-paths`.
This resulted in unexpectedly large images.

Now, the images will not contain any store paths under those
circumstances.
@r-k-b r-k-b force-pushed the fix-dockerTools-includeStorePaths branch from 22ee6de to 8353fad Compare December 7, 2023 07:28
@the-sun-will-rise-tomorrow
Copy link
Contributor

the-sun-will-rise-tomorrow commented Jan 17, 2024
edited
Loading

I ran into the same problem and can confirm that this pull request fixes it. Thank you!

Ping @roberth
CC @Mic92

@roberth
Copy link
Member

roberth commented Jan 17, 2024

I've added added a few test cases so that the includeStorePaths tests exercise both code paths.
This can be merged when ofborg agrees.

@ofborg test docker-tools

This was referenced Jan 22, 2024
Merged
Merged
@the-sun-will-rise-tomorrow
Copy link
Contributor

@roberth Kind ping, I think this is ready to go in.

@roberth roberth merged commit dcf9853 into NixOS:master Feb 14, 2024
23 checks passed
@roberth
Copy link
Member

roberth commented Feb 14, 2024

@WxNzEMof thanks!

@github-actions github-actions bot mentioned this pull request Feb 14, 2024
Merged
1 task
@github-actions GitHub Actions
Copy link
Contributor

Successfully created backport PR for release-23.11:

@r-k-b r-k-b deleted the fix-dockerTools-includeStorePaths branch February 14, 2024 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roberth roberth roberth approved these changes

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@r-k-b @the-sun-will-rise-tomorrow @roberth