Revert "dockerTools.pullImage: use skopeo to pull the image"

This reverts commit 01174c5f4d7df0fd0928fbf8a2a8e633a9cf54aa. See https://github.com/NixOS/nixpkgs/pull/29302#issuecomment-332809092 for more information. This broke image format compatibility and therefore amongst others mesos.
2017-09-28 13:24:56 +02:00 · 2017-09-28 13:24:56 +02:00 · 5c6dc717a6
commit 5c6dc717a6
parent 69344de783
3 changed files with 34 additions and 15 deletions
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@ -32,20 +32,7 @@ rec {
    inherit pkgs buildImage pullImage shadowSetup buildImageWithNixDb;
  };

-  pullImage =
-    let
-      nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;
-    in
-      # For simplicity we only support sha256.
-      { imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"
-      , sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:
-      runCommand name {
-        impureEnvVars=pkgs.stdenv.lib.fetchers.proxyImpureEnvVars;
-        outputHashMode="flat";
-        outputHashAlgo="sha256";
-        outputHash=sha256;
-      }
-      "${pkgs.skopeo}/bin/skopeo copy docker://${imageId} docker-archive://$out:${imageId}";
+  pullImage = callPackage ./pull.nix {};

  # We need to sum layer.tar, not a directory, hence tarsum instead of nix-hash.
  # And we cannot untar it, because then we cannot preserve permissions ecc.
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -87,7 +87,7 @@ rec {
    imageName = "nixos/nix";
    imageTag = "1.11";
    # this hash will need change if the tag is updated at docker hub
-    sha256 = "18xvcnl0yvj9kfi5bkimrhhjaa8xhm3jhshh2xd7c0sbfrmfqzvi";
+    sha256 = "1gk4bq05vl3rj3mh4mlbl4iicgndmimlv8jvkhdk4hrv0r44bwr3";
  };

  # 5. example of multiple contents, emacs and vi happily coexisting
--- a/pkgs/build-support/docker/pull.nix
+++ b/pkgs/build-support/docker/pull.nix
@ -0,0 +1,32 @@
+{ stdenv, lib, docker, vmTools, utillinux, curl, kmod, dhcp, cacert, e2fsprogs }:
+let
+  nameReplace = name: builtins.replaceStrings ["/" ":"] ["-" "-"] name;
+in
+# For simplicity we only support sha256.
+{ imageName, imageTag ? "latest", imageId ? "${imageName}:${imageTag}"
+, sha256, name ? (nameReplace "docker-image-${imageName}-${imageTag}.tar") }:
+let
+  pullImage = vmTools.runInLinuxVM (
+    stdenv.mkDerivation {
+      inherit name imageId;
+
+      certs = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+
+      builder = ./pull.sh;
+
+      buildInputs = [ curl utillinux docker kmod dhcp cacert e2fsprogs ];
+
+      outputHashAlgo = "sha256";
+      outputHash = sha256;
+
+      impureEnvVars = lib.fetchers.proxyImpureEnvVars;
+
+      preVM = vmTools.createEmptyImage {
+        size = 2048;
+        fullName = "${name}-disk";
+      };
+
+      QEMU_OPTS = "-netdev user,id=net0 -device virtio-net-pci,netdev=net0";
+    });
+in
+  pullImage