diff options
| author | aszlig <aszlig@nix.build> | 2018-05-06 04:38:47 +0200 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2018-05-06 04:57:24 +0200 |
| commit | 42a0b11450948fd83b45e1ee60c252f8b9e84e81 (patch) | |
| tree | d9edb3567f885d975fc53869702698c53962fd10 /pkgs/development/python-modules/httpserver | |
| parent | cd960b965f2587efbe41061a4dfa10fc72a28781 (diff) | |
dockerTools.pullImage: Fix build with sandboxing
Regression introduced in 736848723e5aefa5d24396c58dc6de603399efde.
This commit most certainly hasn't been tested with sandboxing enabled
and breaks not only pullImage but also the docker-tools NixOS VM test
because it doesn't find it's certificate path and also relies on
/var/tmp being there.
Fixing the certificate path is the easiest one because it can be done
via environment variable.
I've used overrideAttrs for changing the hardcoded path to /tmp (which
is available in sandboxed builds and even hardcoded in Nix), so that
whenever someone uses Skopeo from all-packages.nix the path is still
/var/tmp.
The reason why this is hardcoded to /var/tmp can be seen in a comment in
vendor/github.com/containers/image/storage/storage_image.go:
Do not use the system default of os.TempDir(), usually /tmp, because
with systemd it could be a tmpfs.
With sandboxed builds this isn't the case, however for using Nix without
NixOS this could turn into a problem if this indeed is the case.
So in the long term this needs to have a proper solution.
In addition to that, I cleaned up the expression a bit.
Tested by building dockerTools.examples.nixFromDockerHub and the
docker-tools NixOS VM test.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @nlewo, @Mic92, @Profpatsch, @globin, @LnL7
Diffstat (limited to 'pkgs/development/python-modules/httpserver')
0 files changed, 0 insertions, 0 deletions