about summary refs log tree commit diff
path: root/tools/nixery/build-image/build-image.nix
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2019-09-01T22·28+0100
committerVincent Ambo <github@tazj.in>2019-09-01T23·08+0100
commit92270fcbe472c2cef3cbd8f3f92b950aa78bc777 (patch)
treed75910eacf9dde945f7856c2ac784417b90ecbaa /tools/nixery/build-image/build-image.nix
parent306e12787a9977334d44f215eece8f4ae89fe03f (diff)
refactor(build-image): Simplify customisation layer builder
Moves the relevant parts of the customisation layer construction from
dockerTools.mkCustomisationLayer into the Nixery code base.

The version in dockerTools builds additional files (including via
hashing of potentially large files) which are not required when
serving an image over the registry protocol.
Diffstat (limited to 'tools/nixery/build-image/build-image.nix')
-rw-r--r--tools/nixery/build-image/build-image.nix31
1 files changed, 16 insertions, 15 deletions
diff --git a/tools/nixery/build-image/build-image.nix b/tools/nixery/build-image/build-image.nix
index b67fef6ceb88..7b0f2cac9739 100644
--- a/tools/nixery/build-image/build-image.nix
+++ b/tools/nixery/build-image/build-image.nix
@@ -31,8 +31,6 @@
   # Packages to install by name (which must refer to top-level attributes of
   # nixpkgs). This is passed in as a JSON-array in string form.
   packages ? "[]",
-  # Optional bash script to run on the files prior to fixturizing the layer.
-  extraCommands ? "", uid ? 0, gid ? 0,
   # Docker's modern image storage mechanisms have a maximum of 125
   # layers. To allow for some extensibility (via additional layers),
   # the default here is set to something a little less than that.
@@ -106,11 +104,6 @@ let
         fetched = (map (deepFetch pkgs) (fromJSON packages));
     in foldl' splitter init fetched;
 
-  contentsEnv = symlinkJoin {
-    name = "bulk-layers";
-    paths = allContents.contents;
-  };
-
   popularity = builtins.fetchurl {
     url = "https://storage.googleapis.com/nixery-layers/popularity/nixos-19.03-20190812.json";
     sha256 = "16sxd49vqqg2nrhwynm36ba6bc2yff5cd5hf83wi0hanw5sx3svk";
@@ -156,13 +149,23 @@ let
   (lib.concatStringsSep "\n" (map (layer: pathsToLayer layer.contents)
                                    groupedLayers));
 
-  customisationLayer = mkCustomisationLayer {
-    name = baseName;
-    contents = contentsEnv;
-    baseJson = writeText "empty.json" "{}";
-    inherit uid gid extraCommands;
+  # Create a symlink forest into all top-level store paths.
+  contentsEnv = symlinkJoin {
+    name = "bulk-layers";
+    paths = allContents.contents;
   };
 
+  # This customisation layer which contains the symlink forest
+  # required at container runtime is assembled with a simplified
+  # version of dockerTools.mkCustomisationLayer.
+  #
+  # No metadata creation (such as layer hashing) is required when
+  # serving images over the API.
+  customisationLayer = runCommand "customisation-layer.tar" {} ''
+    cp -r ${contentsEnv}/ ./layer
+    tar --transform='s|^\./||' -C layer --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 -cf $out .
+  '';
+
   # Inspect the returned bulk layers to determine which layers belong to the
   # image and how to serve them.
   #
@@ -172,9 +175,7 @@ let
     buildInputs = [ coreutils findutils jq openssl ];
   } ''
       cat ${bulkLayers} | sort -t/ -k5 -n > layer-list
-      echo -n layer-list:
-      cat layer-list
-      echo ${customisationLayer}/layer.tar >> layer-list
+      echo ${customisationLayer} >> layer-list
 
       for layer in $(cat layer-list); do
         layerSha256=$(sha256sum $layer | cut -d ' ' -f1)