Fixes #94: do not include config file in nix database.

nlewo / nix2container

An archive-less dockerTools.buildImage implementation

Apache License 2.0

501 stars 45 forks source link

Fixes #94: do not include config file in nix database. #96

Closed kolloch closed 9 months ago

kolloch commented 10 months ago

closureGraph is extended with an ignore argument which will filter out the config file when needed.

The resulting graph is both passed to nix2container-bin and makeNixDatabase -- ensuring that both contain the same paths.

The --ignore flag of the nix2container-bin is not used anymore.

https://github.com/nlewo/nix2container/issues/94

kolloch commented 10 months ago

I noticed the the closure-graphs end up in the image in addition to what also was added before:

layers.json (only needed for build, right?)
perms derivations (even though also copied to root)
root-links (even though also copied to root)

kolloch commented 10 months ago

Hi @nlewo,

I extended this quite a lot:

closure-graph.json and layer.json files are now excluded from the resulting container.
closureGraph is now deterministic in my limited test cases.
makeNixDatabase is now deterministic in my limited test cases.

Question: Not sure if I need to handle /nix/store/.links in a special fashion.

Now my test case works reliably with reproducible=false but not if I have reproducible=true.

If that isn't ironic!

nlewo commented 9 months ago

Thanks @kolloch

This LGTM (but i'm not 100% confident since these parts are not really we tested...).

Now my test case works reliably with reproducible=false but not if I have reproducible=true.

It means there are still some data that are not reproducible. Could you share a command to reproduce this? I could then take a look at the built image. (I know you set up a repository to reproduce your issue, but after all your changes and fixes, i'm a bit confused.)

BTW, these changes improve the current state. So, even if they are not perfect yet, we can merge them.

kolloch commented 9 months ago

Hi @nlewo, thanks for the merge!

I tested so many things, I am also confused ;)

I am not at my work machine right now where I reproduced the error last. I tried to reproduce it on an Ubuntu WM and couldn't anymore. Maybe it is good now?

According to my notes, this should have reproduced the error:

nix run .\#x86_64-linux.gitlab.runnables.debug-building-stdenv-only-in-nix-ci

in https://gitlab.com/nexxiot-labs/nix2container-checksum

But for me it just works now. Did we fix it completely by accident? Or was there some weird store path thing on my work machine? I don't know...