Hi, I’m not sure if the following is currently possible:
I think it would be a useful usecase to extend Docker images with commands inside the (existing) docker image. I tried something like the following (which fails as described below):
{
virtualisation.oci-containers = let
debianDockerHub = pkgs.dockerTools.pullImage {
imageName = "debian";
imageDigest =
"sha256:33965bf1eaadb19ce2f9396595c4a669e3e04c1ab8cc073b8929f529c58404bb";
sha256 = "sha256-BXsbuHmnZ7j6NQeKaUvyMjYyOeHWyabcGXLHQIgUiZ4=";
};
debianTest = pkgs.dockerTools.buildImage {
name = "debian-test";
tag = "latest";
fromImage = debianDockerHub;
runAsRoot = ''
#!/bin/sh
set -ex;
apt-get update;
apt-get install -y --no-install-recommends hello
'';
};
in
{
backend = "podman";
containers = {
debian-test = {
image = "debian-test";
imageFile = debianTest;
};
};
};
}
This is just an example, I’m aware that this should be done by using nix(pkgs).
There are however some images, which have some special equipped software which is used to extend the docker image (e.g. php with docker-php-ext-install).
The code above fails:
/nix/store/ga7da3jslqhgfpq3z30raqlb77npi7b6-run-as-root.sh: line 7: apt-get: command not found
Because runAsRoot creates a (sandboxed) script like this:
#!/nix/store/kxj6cblcsd1qcbbxlmbswwrn89zcmgd6-bash-4.4-p23/bin/bash
set -e
export PATH=/nix/store/a4v1akahda85rl9gfphb07zzw79z8pb1-coreutils-8.32/bin:/bin
#!/bin/sh
set -ex;
apt-get update;
apt-get install -y --no-install-recommends hello
Does anyone have an idea if it is possible (probably different solution) to achieve what I’m trying to achieve, or otherwise might it be a good idea to extend dockerTools to support this feature?