dockerTools: Add chown test

proot's --root-id "allows" chown only in the sense that it makes it succeed vacuously, i.e. a no-op. This is undesired if the goal is to actually create a layer with some files owned by different users. Fortunately, fakeroot does allow persistence of emulated file owners, and it is possible to combine fakeroot with proot, so replace proot --root-id with fakeroot to do so. This was fixed recently in d538fefb62, so this commit just adds a test.
2024-01-17 09:41:49 +00:00 · 2024-01-17 09:41:49 +00:00 · 84b5bcae26
commit 84b5bcae26
parent 8433938f9b
1 changed files with 18 additions and 0 deletions
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -46,6 +46,18 @@ let
        echo 'runAsRoot has run.'
      '';
    };
+
+  chownTestImage =
+    pkgs.dockerTools.streamLayeredImage {
+      name = "chown-test";
+      tag = "latest";
+      enableFakechroot = true;
+      fakeRootCommands = ''
+        touch /testfile
+        chown 12345:12345 /testfile
+      '';
+      config.Cmd = [ "${pkgs.coreutils}/bin/stat" "-c" "%u:%g" "/testfile" ];
+    };
 in {
  name = "docker-tools";
  meta = with pkgs.lib.maintainers; {
@ -550,5 +562,11 @@ in {
            "${examples.nix-shell-build-derivation} | docker load",
            "docker run --rm -it nix-shell-build-derivation"
        )
+
+    with subtest("streamLayeredImage: chown is persistent in fakeRootCommands"):
+        docker.succeed(
+            "${chownTestImage} | docker load",
+            "docker run --rm ${chownTestImage.imageName} | diff /dev/stdin <(echo 12345:12345)"
+        )
  '';
 })