diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index b74d7885d54a..9f57804e957d 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -5,7 +5,7 @@ , closureInfo , coreutils , e2fsprogs -, fakechroot +, proot , fakeNss , fakeroot , go @@ -777,7 +777,7 @@ rec { fi done # Copy all layers from input images to output image directory - cp -R --no-clobber inputs/*/* image/ + cp -R --update=none inputs/*/* image/ # Merge repositories objects and manifests jq -s add "''${repos[@]}" > repositories jq -s add "''${manifests[@]}" > manifest.json @@ -887,6 +887,13 @@ rec { }); contentsList = if builtins.isList contents then contents else [ contents ]; + bind-paths = builtins.toString (builtins.map (path: "--bind=${path}:${path}!") [ + "/dev/" + "/proc/" + "/sys/" + "${builtins.storeDir}/" + "$out/layer.tar" + ]); # We store the customisation layer as a tarball, to make sure that # things like permissions set on 'extraCommands' are not overridden @@ -898,21 +905,14 @@ rec { nativeBuildInputs = [ fakeroot ] ++ optionals enableFakechroot [ - fakechroot - # for chroot - coreutils - # fakechroot needs getopt, which is provided by util-linux - util-linux + proot ]; postBuild = '' mv $out old_out (cd old_out; eval "$extraCommands" ) mkdir $out - ${optionalString enableFakechroot '' - export FAKECHROOT_EXCLUDE_PATH=/dev:/proc:/sys:${builtins.storeDir}:$out/layer.tar - ''} - ${optionalString enableFakechroot ''fakechroot chroot $PWD/old_out ''}fakeroot bash -c ' + ${optionalString enableFakechroot ''proot -r $PWD/old_out ${bind-paths} --pwd=/ ''}fakeroot bash -c ' source $stdenv/setup ${optionalString (!enableFakechroot) ''cd old_out''} eval "$fakeRootCommands"