Running chown inside extraCommands results in “Operation not permitted” error or “Invalid argument” error (if nix is installed with --daemon), probably because the user is not running as root when building a docker image.
pkgs.dockerTools.streamLayeredImage {
# ... other configs ...
extraCommands = ''
mkdir -p ./home/jenkins/agent
mkdir -p ./home/jenkins/.jenkins
chown --verbose -R 1000:1000 ./home/jenkins
'';
}
chown: changing ownership of './home/jenkins/agent': Invalid argument
failed to change ownership of './home/jenkins/agent' from nixbld:nixbld to 1000:1000
chown: changing ownership of './home/jenkins/.jenkins': Invalid argument
failed to change ownership of './home/jenkins/.jenkins' from nixbld:nixbld to 1000:1000
chown: changing ownership of './home/jenkins': Invalid argument
failed to change ownership of './home/jenkins' from nixbld:nixbld to 1000:1000
Only workaround I can think of is creating a Dockerfile to add directories I need. Is there a way to do this without using a Dockerfile? Ideally I don’t want to use 2 tools (nix and Dockerfile) to build a docker image.
dockerTools.buildImage
supports runAsRoot but requires kvm capability to work (which my CI server lacks), and the image built with this function is much bigger than one built with stream(build) layeredImage.
https://github.com/NixOS/nixpkgs/issues/94636
https://github.com/NixOS/nixpkgs/issues/67079