feat(layers.tmp): helper to add a /tmp dir

@moduon MT-1075
nlewo · Apr 19, 2024 · cb94103 · cb94103
1 parent 8e2f156
commit cb94103
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -298,6 +298,11 @@ Function arguments:
     groups to create in the image and add to the user. Valid keys are `gid`
     (optional) and `gname`.
 
+### `nix2container.layers.tmp`
+
+This prebuilt layer will help you to add a working `/tmp` dir to your image.
+[Usage example here](./examples/tmp.nix).
+
 ## Isolate dependencies in dedicated layers
 
 It is possible to isolate application dependencies in a dedicated

diff --git a/default.nix b/default.nix
@@ -1,4 +1,4 @@
-{ pkgs ? import <nixpkgs> { }, system }:
+{ pkgs ? import <nixpkgs> { }, system ? pkgs.system }:
 let
   l = pkgs.lib // builtins;
 
@@ -556,6 +556,20 @@ let
       copyToRoot = shadowSetup;
       perms = l.forEach allUsers userPerms;
     };
+
+  layers.tmp = buildLayer {
+    copyToRoot = pkgs.runCommand "tmp-dir" {
+      outputHash = "sha256-AVwrjJdGCmzJ8JlT6x69JkHlFlRvOJ4hcqNt10YNoAU=";
+      outputHashAlgo = "sha256";
+      outputHashMode = "recursive";
+      preferLocalBuild = true;
+    } ''
+      mkdir -p $out/tmp
+    '';
+    perms = [
+      { path = "/tmp"; regex = ".*"; mode = "a=rwxt"; }
+    ];
+  };
 in {
   inherit nix2container-bin skopeo-nix2container;
   nix2container = {
@@ -564,7 +578,7 @@ in {
       buildLayer
       pullImage
       pullImageFromManifest
-      layers.shadow
+      layers
       ;
   };
 }
diff --git a/examples/default.nix b/examples/default.nix
@@ -15,4 +15,5 @@
   nix-user = pkgs.callPackage ./nix-user.nix { inherit nix2container; };
   ownership = pkgs.callPackage ./ownership.nix { inherit nix2container; };
   shadow = pkgs.callPackage ./shadow.nix { inherit nix2container; };
+  tmp = pkgs.callPackage ./tmp.nix { inherit nix2container; };
 }
diff --git a/examples/tmp.nix b/examples/tmp.nix
@@ -0,0 +1,13 @@
+{
+  pkgs,
+  nix2container,
+}:
+nix2container.buildImage {
+  name = "tmp";
+  tag = "latest";
+
+  layers = [nix2container.layers.tmp];
+
+  copyToRoot = [pkgs.coreutils];
+
+}
diff --git a/tests/default.nix b/tests/default.nix
@@ -98,6 +98,11 @@ let
       command = "id";
       pattern = "uid=0(root) gid=0(root) groups=0(root)";
     };
+    tmp = testScript {
+      image = examples.tmp;
+      command = "stat -c %a /tmp";
+      pattern = "1777";
+    };
     # Ensure the Nix database is correctly initialized by querying the
     # closure of the Nix binary.
     # The store path is in a dedicated layer
@@ -171,4 +176,3 @@ let
       ${scripts}
     '';
 in tests // { inherit all; }
-