diff options
author | Sarah Brofeldt <sarah@qtr.dk> | 2021-01-04 21:33:32 +0100 |
---|---|---|
committer | Sarah Brofeldt <sarah@qtr.dk> | 2021-01-04 21:44:47 +0100 |
commit | ffe5ff6009017ebbc384e38b5a26e37556d60ecc (patch) | |
tree | 8bd7db4017b4811f2160bfd8820e94410f81dba1 | |
parent | 08b0d02944eb94359726ac61af3c3ab84b53ee7d (diff) |
dockerTools: Test buildLayeredImage with symlinks
This exercises layer creation in face of store path symlinks, ensuring
they are not dereferenced, which can lead to broken layer tarballs
-rw-r--r-- | nixos/tests/docker-tools.nix | 7 | ||||
-rw-r--r-- | pkgs/build-support/docker/examples.nix | 11 |
2 files changed, 18 insertions, 0 deletions
diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 8402ba68b720..369ef94f9fad 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -247,5 +247,12 @@ import ./make-test-python.nix ({ pkgs, ... }: { ).strip() == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}" ) + + with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"): + docker.succeed( + "docker load --input='${examples.layeredStoreSymlink}'", + "docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'", + "docker rmi ${examples.layeredStoreSymlink.imageName}", + ) ''; }) diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 85ddeb257405..86375a40baa0 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -416,4 +416,15 @@ rec { contents = crossPkgs.hello; }; + # layered image where a store path is itself a symlink + layeredStoreSymlink = + let + target = pkgs.writeTextDir "dir/target" "Content doesn't matter."; + symlink = pkgs.runCommandNoCC "symlink" {} "ln -s ${target} $out"; + in + pkgs.dockerTools.buildLayeredImage { + name = "layeredstoresymlink"; + tag = "latest"; + contents = [ pkgs.bash symlink ]; + } // { passthru = { inherit symlink; }; }; } |