From 8f66dc94a751bf212c8e6541796025bfeabb87dd Mon Sep 17 00:00:00 2001 From: Terin Stock Date: Fri, 11 Dec 2020 18:54:44 -0800 Subject: [PATCH 1/3] dockerTools: normalize arch to GOARCH Docker (via containerd) and the the OCI Image Configuration imply and suggest, respectfully, that the architecture set in images matches those of GOARCH in the Go Language document. This changeset updates the implimentation of getArch in dockerTools to return GOARCH values, to satisfy Docker. Fixes: #106695 --- nixos/tests/docker-tools.nix | 2 +- pkgs/build-support/docker/default.nix | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 3d1e39a379c1..8402ba68b720 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -245,7 +245,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker inspect ${pkgs.dockerTools.examples.cross.imageName} " + "| ${pkgs.jq}/bin/jq -r .[].Architecture" ).strip() - == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64v8"}" + == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}" ) ''; }) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index b30ac5c77655..93c32c68a962 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -58,15 +58,15 @@ let done; ''; - # Map nixpkgs architecture to Docker notation - # Reference: https://github.com/docker-library/official-images#architectures-other-than-amd64 + # Map nixpkgs architecture to OCI recomendation + # Reference: https://github.com/opencontainers/image-spec/blob/master/config.md#properties getArch = nixSystem: { - aarch64-linux = "arm64v8"; - armv7l-linux = "arm32v7"; + aarch64-linux = "arm64"; + armv7l-linux = "arm"; x86_64-linux = "amd64"; powerpc64le-linux = "ppc64le"; - i686-linux = "i386"; - }.${nixSystem} or "Can't map Nix system ${nixSystem} to Docker architecture notation. Please check that your input and your requested build are correct or update the mapping in Nixpkgs."; + i686-linux = "386"; + }.${nixSystem} or "Can't map Nix system ${nixSystem} to Docker architecture. Please check that your input and your requested build are correct or update the mapping in Nixpkgs."; in rec { From d4b7efe5317bcd63e355cc630fa8650708c93325 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 13 Dec 2020 00:33:46 +0100 Subject: [PATCH 2/3] nixosTests.docker-tools-cross: init Not everyone has a suitable remote builder set up, so the cross-compilation tests that _include_ running the result are separate. That way, most people can run the majority of the test suite without the extra setup. --- nixos/tests/all-tests.nix | 1 + nixos/tests/docker-tools-cross.nix | 76 ++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 nixos/tests/docker-tools-cross.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3e134c7544a5..0c06e3f44249 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -91,6 +91,7 @@ in docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {}; docker-registry = handleTest ./docker-registry.nix {}; docker-tools = handleTestOn ["x86_64-linux"] ./docker-tools.nix {}; + docker-tools-cross = handleTestOn ["x86_64-linux" "aarch64-linux"] ./docker-tools-cross.nix {}; docker-tools-overlay = handleTestOn ["x86_64-linux"] ./docker-tools-overlay.nix {}; documize = handleTest ./documize.nix {}; dokuwiki = handleTest ./dokuwiki.nix {}; diff --git a/nixos/tests/docker-tools-cross.nix b/nixos/tests/docker-tools-cross.nix new file mode 100644 index 000000000000..d433b5508fc9 --- /dev/null +++ b/nixos/tests/docker-tools-cross.nix @@ -0,0 +1,76 @@ +# Not everyone has a suitable remote builder set up, so the cross-compilation +# tests that _include_ running the result are separate. That way, most people +# can run the majority of the test suite without the extra setup. + + +import ./make-test-python.nix ({ pkgs, ... }: +let + + remoteSystem = + if pkgs.system == "aarch64-linux" + then "x86_64-linux" + else "aarch64-linux"; + + remoteCrossPkgs = import ../.. /*nixpkgs*/ { + # NOTE: This is the machine that runs the build - local from the + # 'perspective' of the build script. + localSystem = remoteSystem; + + # NOTE: Since this file can't control where the test will be _run_ we don't + # cross-compile _to_ a different system but _from_ a different system + crossSystem = pkgs.system; + }; + + hello1 = remoteCrossPkgs.dockerTools.buildImage { + name = "hello1"; + tag = "latest"; + contents = remoteCrossPkgs.hello; + }; + + hello2 = remoteCrossPkgs.dockerTools.buildLayeredImage { + name = "hello2"; + tag = "latest"; + contents = remoteCrossPkgs.hello; + }; + +in { + name = "docker-tools"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ roberth ]; + }; + + nodes = { + docker = { ... }: { + virtualisation = { + diskSize = 2048; + docker.enable = true; + }; + }; + }; + + testScript = '' + docker.wait_for_unit("sockets.target") + + with subtest("Ensure cross compiled buildImage image can run."): + docker.succeed( + "docker load --input='${hello1}'" + ) + assert "Hello, world!" in docker.succeed( + "docker run --rm ${hello1.imageName} hello", + ) + docker.succeed( + "docker rmi ${hello1.imageName}", + ) + + with subtest("Ensure cross compiled buildLayeredImage image can run."): + docker.succeed( + "docker load --input='${hello2}'" + ) + assert "Hello, world!" in docker.succeed( + "docker run --rm ${hello2.imageName} hello", + ) + docker.succeed( + "docker rmi ${hello2.imageName}", + ) + ''; +}) From 5cacf0fcecdde29b1e72d729fea0e922df29ed02 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 13 Dec 2020 00:42:31 +0100 Subject: [PATCH 3/3] dockerTools: use go.GOARCH as default arch --- pkgs/build-support/docker/default.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 93c32c68a962..276c7cd1bdb8 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -58,15 +58,12 @@ let done; ''; - # Map nixpkgs architecture to OCI recomendation + # The OCI Image specification recommends that configurations use values listed + # in the Go Language document for GOARCH. # Reference: https://github.com/opencontainers/image-spec/blob/master/config.md#properties - getArch = nixSystem: { - aarch64-linux = "arm64"; - armv7l-linux = "arm"; - x86_64-linux = "amd64"; - powerpc64le-linux = "ppc64le"; - i686-linux = "386"; - }.${nixSystem} or "Can't map Nix system ${nixSystem} to Docker architecture. Please check that your input and your requested build are correct or update the mapping in Nixpkgs."; + # For the mapping from Nixpkgs system parameters to GOARCH, we can reuse the + # mapping from the go package. + defaultArch = go.GOARCH; in rec { @@ -84,7 +81,7 @@ rec { , imageDigest , sha256 , os ? "linux" - , arch ? getArch system + , arch ? defaultArch # This is used to set name to the pulled image , finalImageName ? imageName @@ -500,7 +497,7 @@ rec { baseJson = let pure = writeText "${baseName}-config.json" (builtins.toJSON { inherit created config; - architecture = getArch system; + architecture = defaultArch; os = "linux"; }); impure = runCommand "${baseName}-config.json" @@ -754,7 +751,7 @@ rec { streamScript = writePython3 "stream" {} ./stream_layered_image.py; baseJson = writeText "${name}-base.json" (builtins.toJSON { inherit config; - architecture = getArch system; + architecture = defaultArch; os = "linux"; });