dockerTools.buildImage fails on mac when runAsRoot set

mrlobo · January 12, 2024, 7:08pm

It seems it is impossible to use the runAsRoot attribute when building a docker image with Nix on Mac OS. I have this docker.nix file:

{ pkgs ? import <nixpkgs> { }
, pkgsLinux ? import <nixpkgs> { system = "x86_64-linux"; }
}: 
pkgs.dockerTools.buildImage {
  name = "bash";
  tag = "latest";
  runAsRoot = "echo hello world";
  copyToRoot = pkgs.buildEnv {
    name = "image-root";
    paths = [ pkgs.bashInteractive ];
    pathsToLink = [ "/bin" ];
  };
}

When I run it on my Mac, I get this error:

error: Unsupported guest system x86_64-darwin for host x86_64-darwin, supported: x86_64-linux

When I remove the runAsRoot attribute the build runs fine. Is there some way around this?

arianvp · January 13, 2024, 1:18pm

This is because without runAsRoot this takes a few pre-cached Linux binaries and packages them up in a tarball. Something macOS can do fine. However runAsRoot works by actually running the container layer as part of the build. A Linux binary can’t run on a macOS machine so it fails. At least this is what I am expecting is happening

mrlobo · January 15, 2024, 1:00pm

Aha, I expected to run in the Docker container like the RUN command in a Dockerfile.

Does this mean you can only use runAsRoot when you’re on the Linux architecture as the container that your’e building? If so, I think that would be a great thing to add to the documentation, because that seems like a pretty large limitation and I could have prevented myself from going down this very deep rabbit hole if that had been documented.