From 6942ee8a84f695332149f9a14046b51f2cb6462c Mon Sep 17 00:00:00 2001
From: John Axel Eriksson <john@insane.se>
Date: Thu, 16 Dec 2021 11:29:05 +0100
Subject: docker: fix image so that nix profile works

nix profile will otherwise throw this error:

error: path '/nix/var/nix/profiles/default/manifest.nix' is not in the Nix store

That's not entirely true since manifest.nix is within a directory in
the nix store but nix profile seems to require the manifest.nix itself
to be a store path.
---
 docker.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'docker.nix')

diff --git a/docker.nix b/docker.nix
index 2a13c23fb..ffb553f78 100644
--- a/docker.nix
+++ b/docker.nix
@@ -137,11 +137,8 @@ let
         name = "root-profile-env";
         paths = defaultPkgs;
       };
-      profile = pkgs.buildPackages.runCommand "user-environment" { } ''
-        mkdir $out
-        cp -a ${rootEnv}/* $out/
-
-        cat > $out/manifest.nix <<EOF
+      manifest = pkgs.buildPackages.runCommand "manifest.nix" { } ''
+        cat > $out <<EOF
         [
         ${lib.concatStringsSep "\n" (builtins.map (drv: let
           outputs = drv.outputsToInstall or [ "out" ];
@@ -161,6 +158,11 @@ let
         ]
         EOF
       '';
+      profile = pkgs.buildPackages.runCommand "user-environment" { } ''
+        mkdir $out
+        cp -a ${rootEnv}/* $out/
+        ln -s ${manifest} $out/manifest.nix
+      '';
     in
     pkgs.runCommand "base-system"
       {
-- 
cgit v1.2.3


From 534bc5a3d1fba33f25f9921e8cea7ac8e98288c5 Mon Sep 17 00:00:00 2001
From: Rok Garbas <rok@garbas.si>
Date: Tue, 21 Dec 2021 21:17:29 +0100
Subject: Add cacert to /etc/ssl/certs in the docker image

Fixes #5797
---
 docker.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docker.nix')

diff --git a/docker.nix b/docker.nix
index ffb553f78..25930bb87 100644
--- a/docker.nix
+++ b/docker.nix
@@ -180,6 +180,9 @@ let
       set -x
       mkdir -p $out/etc
 
+      mkdir -p $out/etc/ssl/certs
+      ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs
+
       cat $passwdContentsPath > $out/etc/passwd
       echo "" >> $out/etc/passwd
 
-- 
cgit v1.2.3


From d9aabb7acb4d697d4ba9527326602cf3abe77590 Mon Sep 17 00:00:00 2001
From: Wolfgang Thaller <wolfgang.thaller@gmx.net>
Date: Sat, 1 Jan 2022 16:47:05 +0100
Subject: docker.nix: set correct permissions on /tmp

---
 docker.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docker.nix')

diff --git a/docker.nix b/docker.nix
index 25930bb87..bfccdb8f5 100644
--- a/docker.nix
+++ b/docker.nix
@@ -232,6 +232,9 @@ pkgs.dockerTools.buildLayeredImageWithNixDb {
     rm -rf nix-support
     ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
   '';
+  fakeRootCommands = ''
+    chmod 1777 tmp
+  '';
 
   config = {
     Cmd = [ "/root/.nix-profile/bin/bash" ];
-- 
cgit v1.2.3