Open flokli opened 3 years ago
Spun out of https://github.com/google/nixery/pull/132#issuecomment-905520242
Right now we add cacert and iana-etc from nixpkgs into every image (see builder/builder.go).
cacert
iana-etc
builder/builder.go
We sometimes add a /usr/bin/env symlink (if coreutils is part of the container), should will become available in nixpkgs as dockerTools.usrBinEnv.
/usr/bin/env
coreutils
dockerTools.usrBinEnv
Maybe we also should add dockerTools.{binSh,fakeNss} too, to add /bin/sh, and workaround some annoying nss-related problems.
/bin/sh
Related, we might want to set the SSL_CERT_FILE environment variable to pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt to fix https://github.com/google/nixery/issues/101.
SSL_CERT_FILE
pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt
Once we agree on this, we should document all this, so people know what they can expect from these containers.
Spun out of https://github.com/google/nixery/pull/132#issuecomment-905520242
Right now we add
cacertandiana-etcfrom nixpkgs into every image (seebuilder/builder.go).We sometimes add a
/usr/bin/envsymlink (ifcoreutilsis part of the container), should will become available in nixpkgs asdockerTools.usrBinEnv.Maybe we also should add dockerTools.{binSh,fakeNss} too, to add
/bin/sh, and workaround some annoying nss-related problems.Related, we might want to set the
SSL_CERT_FILEenvironment variable topkgs.cacert.out}/etc/ssl/certs/ca-bundle.crtto fix https://github.com/google/nixery/issues/101.Once we agree on this, we should document all this, so people know what they can expect from these containers.