ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
pkgs/applications/virtualization/docker/buildx.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "docker-buildx";
version = "0.29.0";
src = fetchFromGitHub {
owner = "docker";
repo = "buildx";
rev = "v${version}";
hash = "sha256-HGhwO0bILHbRyk6YjzI+v6wiIANvTkIRR+SkL4mxv0w=";
};
doCheck = false;
vendorHash = null;
ldflags = [
"-w"
"-s"
"-X github.com/docker/buildx/version.Package=github.com/docker/buildx"
"-X github.com/docker/buildx/version.Version=v${version}"
];
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/buildx $out/libexec/docker/cli-plugins/docker-buildx
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-buildx $out/bin/docker-buildx
runHook postInstall
'';
meta = with lib; {
description = "Docker CLI plugin for extended build capabilities with BuildKit";
mainProgram = "docker-buildx";
homepage = "https://github.com/docker/buildx";
license = licenses.asl20;
maintainers = with maintainers; [
ivan-babrou
developer-guy
];
};
}

48
pkgs/applications/virtualization/docker/compose.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "docker-compose";
version = "2.39.4";
src = fetchFromGitHub {
owner = "docker";
repo = "compose";
rev = "v${version}";
hash = "sha256-NDNyXK4E7TkviESHLp8M+OI56ME0Hatoi9eWjX+G1zo=";
};
postPatch = ''
# entirely separate package that breaks the build
rm -rf pkg/e2e/
'';
vendorHash = "sha256-Uqzul9BiXHAJ1BxlOtRS68Tg71SDva6kg3tv7c6ar2E=";
ldflags = [
"-X github.com/docker/compose/v2/internal.Version=${version}"
"-s"
"-w"
];
doCheck = false;
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/cmd $out/libexec/docker/cli-plugins/docker-compose
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-compose $out/bin/docker-compose
runHook postInstall
'';
meta = with lib; {
description = "Docker CLI plugin to define and run multi-container applications with Docker";
mainProgram = "docker-compose";
homepage = "https://github.com/docker/compose";
license = licenses.asl20;
maintainers = [ ];
};
}

426
pkgs/applications/virtualization/docker/default.nix Normal file
View File

@@ -0,0 +1,426 @@
{ lib, callPackage }:
let
dockerGen =
{
version,
cliRev,
cliHash,
mobyRev,
mobyHash,
runcRev,
runcHash,
containerdRev,
containerdHash,
tiniRev,
tiniHash,
buildxSupport ? true,
composeSupport ? true,
sbomSupport ? false,
initSupport ? false,
# package dependencies
stdenv,
fetchFromGitHub,
buildGoModule,
makeBinaryWrapper,
installShellFiles,
pkg-config,
glibc,
go-md2man,
go,
containerd,
runc,
tini,
libtool,
sqlite,
iproute2,
docker-buildx,
docker-compose,
docker-sbom,
docker-init,
iptables,
e2fsprogs,
xz,
util-linuxMinimal,
xfsprogs,
gitMinimal,
procps,
rootlesskit,
slirp4netns,
fuse-overlayfs,
nixosTests,
clientOnly ? !stdenv.hostPlatform.isLinux,
symlinkJoin,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
systemd,
withBtrfs ? stdenv.hostPlatform.isLinux,
btrfs-progs,
withLvm ? stdenv.hostPlatform.isLinux,
lvm2,
withSeccomp ? stdenv.hostPlatform.isLinux,
libseccomp,
knownVulnerabilities ? [ ],
versionCheckHook,
}:
let
docker-meta = {
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
offline
vdemeester
periklis
teutat3s
];
};
docker-runc = runc.overrideAttrs {
pname = "docker-runc";
inherit version;
src = fetchFromGitHub {
owner = "opencontainers";
repo = "runc";
tag = runcRev;
hash = runcHash;
};
preBuild = ''
substituteInPlace Makefile --replace-warn "/bin/bash" "${stdenv.shell}"
'';
# docker/runc already include these patches / are not applicable
patches = [ ];
};
docker-containerd = containerd.overrideAttrs (oldAttrs: {
pname = "docker-containerd";
inherit version;
# We only need binaries
outputs = [ "out" ];
src = fetchFromGitHub {
owner = "containerd";
repo = "containerd";
tag = containerdRev;
hash = containerdHash;
};
buildInputs = oldAttrs.buildInputs ++ lib.optionals withSeccomp [ libseccomp ];
# See above
installTargets = "install";
});
docker-tini = tini.overrideAttrs {
pname = "docker-tini";
inherit version;
src = fetchFromGitHub {
owner = "krallin";
repo = "tini";
rev = tiniRev;
hash = tiniHash;
};
# Do not remove static from make files as we want a static binary
postPatch = "";
buildInputs = [
glibc
glibc.static
];
env.NIX_CFLAGS_COMPILE = "-DMINIMAL=ON";
};
moby-src = fetchFromGitHub {
owner = "moby";
repo = "moby";
tag = mobyRev;
hash = mobyHash;
};
moby = buildGoModule (
lib.optionalAttrs stdenv.hostPlatform.isLinux {
pname = "moby";
inherit version;
src = moby-src;
vendorHash = null;
nativeBuildInputs = [
makeBinaryWrapper
pkg-config
go-md2man
go
libtool
installShellFiles
];
buildInputs = [
sqlite
]
++ lib.optionals withLvm [ lvm2 ]
++ lib.optionals withBtrfs [ btrfs-progs ]
++ lib.optionals withSystemd [ systemd ]
++ lib.optionals withSeccomp [ libseccomp ];
extraPath = lib.optionals stdenv.hostPlatform.isLinux (
lib.makeBinPath [
iproute2
iptables
e2fsprogs
xz
xfsprogs
procps
util-linuxMinimal
gitMinimal
]
);
extraUserPath = lib.optionals (stdenv.hostPlatform.isLinux && !clientOnly) (
lib.makeBinPath [
rootlesskit
slirp4netns
fuse-overlayfs
]
);
postPatch = ''
patchShebangs hack/make.sh hack/make/ hack/with-go-mod.sh
'';
buildPhase = ''
runHook preBuild
export GOCACHE="$TMPDIR/go-cache"
# build engine
export AUTO_GOPATH=1
export DOCKER_GITCOMMIT="${cliRev}"
export VERSION="${version}"
./hack/make.sh dynbinary
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm755 ./bundles/dynbinary-daemon/dockerd $out/libexec/docker/dockerd
install -Dm755 ./bundles/dynbinary-daemon/docker-proxy $out/libexec/docker/docker-proxy
makeWrapper $out/libexec/docker/dockerd $out/bin/dockerd \
--prefix PATH : "$out/libexec/docker:$extraPath"
ln -s ${docker-containerd}/bin/containerd $out/libexec/docker/containerd
ln -s ${docker-containerd}/bin/containerd-shim $out/libexec/docker/containerd-shim
ln -s ${docker-runc}/bin/runc $out/libexec/docker/runc
ln -s ${docker-tini}/bin/tini-static $out/libexec/docker/docker-init
# systemd
install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service
substituteInPlace $out/etc/systemd/system/docker.service --replace-fail /usr/bin/dockerd $out/bin/dockerd
install -Dm644 ./contrib/init/systemd/docker.socket $out/etc/systemd/system/docker.socket
# rootless Docker
install -Dm755 ./contrib/dockerd-rootless.sh $out/libexec/docker/dockerd-rootless.sh
makeWrapper $out/libexec/docker/dockerd-rootless.sh $out/bin/dockerd-rootless \
--prefix PATH : "$out/libexec/docker:$extraPath:$extraUserPath"
runHook postInstall
'';
env.DOCKER_BUILDTAGS = toString (
lib.optionals withSystemd [ "journald" ]
++ lib.optionals (!withBtrfs) [ "exclude_graphdriver_btrfs" ]
++ lib.optionals (!withLvm) [ "exclude_graphdriver_devicemapper" ]
++ lib.optionals withSeccomp [ "seccomp" ]
);
meta = docker-meta // {
homepage = "https://mobyproject.org/";
description = "Collaborative project for the container ecosystem to assemble container-based systems";
};
}
);
plugins =
lib.optionals buildxSupport [ docker-buildx ]
++ lib.optionals composeSupport [ docker-compose ]
++ lib.optionals sbomSupport [ docker-sbom ]
++ lib.optionals initSupport [ docker-init ];
pluginsRef = symlinkJoin {
name = "docker-plugins";
paths = plugins;
};
in
buildGoModule (
{
pname = "docker";
inherit version;
src = fetchFromGitHub {
owner = "docker";
repo = "cli";
# Cannot use `tag` since upstream forgot to tag release, see
# https://github.com/docker/cli/issues/5789
rev = cliRev;
hash = cliHash;
};
vendorHash = null;
nativeBuildInputs = [
makeBinaryWrapper
pkg-config
go-md2man
go
libtool
installShellFiles
];
buildInputs =
plugins
++ lib.optionals (stdenv.hostPlatform.isLinux) [
glibc
glibc.static
];
postPatch = ''
patchShebangs man scripts/build/
substituteInPlace ./scripts/build/.variables --replace-fail "set -eu" ""
''
+ lib.optionalString (plugins != [ ]) ''
substituteInPlace ./cli-plugins/manager/manager_unix.go --replace-fail /usr/libexec/docker/cli-plugins \
"${pluginsRef}/libexec/docker/cli-plugins"
'';
# Keep eyes on BUILDTIME format - https://github.com/docker/cli/blob/${version}/scripts/build/.variables
buildPhase = ''
runHook preBuild
export GOCACHE="$TMPDIR/go-cache"
# Mimic AUTO_GOPATH
mkdir -p .gopath/src/github.com/docker/
ln -sf $PWD .gopath/src/github.com/docker/cli
export GOPATH="$PWD/.gopath:$GOPATH"
export GITCOMMIT="${cliRev}"
export VERSION="${version}"
export BUILDTIME="1970-01-01T00:00:00Z"
make dynbinary
runHook postBuild
'';
outputs = [ "out" ];
installPhase = ''
runHook preInstall
install -Dm755 ./build/docker $out/libexec/docker/docker
makeWrapper $out/libexec/docker/docker $out/bin/docker \
--prefix PATH : "$out/libexec/docker:$extraPath"
''
+ lib.optionalString (!clientOnly) ''
# symlink docker daemon to docker cli derivation
ln -s ${moby}/bin/dockerd $out/bin/dockerd
ln -s ${moby}/bin/dockerd-rootless $out/bin/dockerd-rootless
# systemd
mkdir -p $out/etc/systemd/system
ln -s ${moby}/etc/systemd/system/docker.service $out/etc/systemd/system/docker.service
ln -s ${moby}/etc/systemd/system/docker.socket $out/etc/systemd/system/docker.socket
''
# Required to avoid breaking cross builds
+ lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
# completion (cli)
installShellCompletion --cmd docker \
--bash <($out/bin/docker completion bash) \
--fish <($out/bin/docker completion fish) \
--zsh <($out/bin/docker completion zsh)
''
+ ''
runHook postInstall
'';
doInstallCheck = true;
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "--version";
passthru = {
# Exposed for tarsum build on non-linux systems (build-support/docker/default.nix)
inherit moby-src;
tests = lib.optionalAttrs (!clientOnly) { inherit (nixosTests) docker; };
};
meta = docker-meta // {
homepage = "https://www.docker.com/";
description = "Open source project to pack, ship and run any application as a lightweight container";
longDescription = ''
Docker is a platform designed to help developers build, share, and run modern applications.
To enable the docker daemon on NixOS, set the `virtualisation.docker.enable` option to `true`.
'';
mainProgram = "docker";
inherit knownVulnerabilities;
};
}
// lib.optionalAttrs (!clientOnly) {
# allow overrides of docker components
# TODO: move packages out of the let...in into top-level to allow proper overrides
inherit
docker-runc
docker-containerd
docker-tini
moby
;
}
);
in
{
# Get revisions from
# https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/*
docker_25 =
let
version = "25.0.13";
in
callPackage dockerGen {
inherit version;
# Upstream forgot to tag release
# https://github.com/docker/cli/issues/5789
cliRev = "43987fca488a535d810c429f75743d8c7b63bf4f";
cliHash = "sha256-OwufdfuUPbPtgqfPeiKrQVkOOacU2g4ommHb770gV40=";
mobyRev = "v${version}";
mobyHash = "sha256-X+1QG/toJt+VNLktR5vun8sG3PRoTVBAcekFXxocJdU=";
runcRev = "v1.2.5";
runcHash = "sha256-J/QmOZxYnMPpzm87HhPTkYdt+fN+yeSUu2sv6aUeTY4=";
containerdRev = "v1.7.27";
containerdHash = "sha256-H94EHnfW2Z59KcHcbfJn+BipyZiNUvHe50G5EXbrIps=";
tiniRev = "369448a167e8b3da4ca5bca0b3307500c3371828";
tiniHash = "sha256-jCBNfoJAjmcTJBx08kHs+FmbaU82CbQcf0IVjd56Nuw=";
};
docker_28 =
let
version = "28.4.0";
in
callPackage dockerGen {
inherit version;
cliRev = "v${version}";
cliHash = "sha256-SgePAc+GvjZgymu7VA2whwIFEYAfMVUz9G0ppxeOi7M=";
mobyRev = "v${version}";
mobyHash = "sha256-hiuwdemnjhi/622xGcevG4rTC7C+DyUijE585a9APSM=";
runcRev = "v1.3.0";
runcHash = "sha256-oXoDio3l23Z6UyAhb9oDMo1O4TLBbFyLh9sRWXnfLVY=";
containerdRev = "v1.7.28";
containerdHash = "sha256-vz7RFJkFkMk2gp7bIMx1kbkDFUMS9s0iH0VoyD9A21s=";
tiniRev = "369448a167e8b3da4ca5bca0b3307500c3371828";
tiniHash = "sha256-jCBNfoJAjmcTJBx08kHs+FmbaU82CbQcf0IVjd56Nuw=";
};
}

51
pkgs/applications/virtualization/docker/gc.nix Normal file
View File

@@ -0,0 +1,51 @@
{
stdenv,
lib,
fetchFromGitHub,
makeWrapper,
docker,
coreutils,
procps,
gnused,
findutils,
gnugrep,
}:
stdenv.mkDerivation {
pname = "docker-gc";
version = "unstable-2015-10-5";
src = fetchFromGitHub {
owner = "spotify";
repo = "docker-gc";
rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc";
sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp docker-gc $out/bin
chmod +x $out/bin/docker-gc
wrapProgram $out/bin/docker-gc \
--prefix PATH : "${
lib.makeBinPath [
docker
coreutils
procps
gnused
findutils
gnugrep
]
}"
'';
meta = with lib; {
description = "Docker garbage collection of containers and images";
mainProgram = "docker-gc";
license = licenses.asl20;
homepage = "https://github.com/spotify/docker-gc";
maintainers = with maintainers; [ offline ];
platforms = docker.meta.platforms;
};
}

28
pkgs/applications/virtualization/docker/sbom-disable-tests.patch Normal file
View File

@@ -0,0 +1,28 @@
diff --git a/test/cli/all_formats_expressible_test.go b/test/cli/all_formats_expressible_test.go
index 3f40a46..5ba04e8 100644
--- a/test/cli/all_formats_expressible_test.go
+++ b/test/cli/all_formats_expressible_test.go
@@ -8,7 +8,8 @@ import (
"github.com/anchore/syft/syft"
)
-func TestAllFormatsExpressible(t *testing.T) {
+// Disabled because it needs a running docker daemon
+func disabledTestAllFormatsExpressible(t *testing.T) {
commonAssertions := []traitAssertion{
func(tb testing.TB, stdout, _ string, _ int) {
tb.Helper()
diff --git a/test/cli/sbom_cmd_test.go b/test/cli/sbom_cmd_test.go
index 0a0771c..a086c3b 100644
--- a/test/cli/sbom_cmd_test.go
+++ b/test/cli/sbom_cmd_test.go
@@ -8,7 +8,8 @@ import (
"github.com/docker/sbom-cli-plugin/internal"
)
-func TestSBOMCmdFlags(t *testing.T) {
+// Disabled because it needs a running docker daemon
+func disabledTestSBOMCmdFlags(t *testing.T) {
hiddenPackagesImage := getFixtureImage(t, "image-hidden-packages")
coverageImage := getFixtureImage(t, "image-pkg-coverage")
tmp := t.TempDir() + "/"

45
pkgs/applications/virtualization/docker/sbom.nix Normal file
View File

@@ -0,0 +1,45 @@
{
buildGoModule,
fetchFromGitHub,
docker,
lib,
}:
buildGoModule rec {
pname = "docker-sbom";
version = "0.6.1";
src = fetchFromGitHub {
owner = "docker";
repo = "sbom-cli-plugin";
rev = "tags/v${version}";
hash = "sha256-i3gIogHb0oW/VDuZUo6LGBmvqs/XfMXjpvTTYeGCK7Q=";
};
patches = [
# Disable tests that require a docker daemon to be running
# in the sandbox
./sbom-disable-tests.patch
];
vendorHash = "sha256-XPPVAdY2NaasZ9bkf24VWWk3X5pjnryvsErYIWkeekc=";
nativeBuildInputs = [ docker ];
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/sbom-cli-plugin $out/libexec/docker/cli-plugins/docker-sbom
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-sbom $out/bin/docker-sbom
runHook postInstall
'';
meta = with lib; {
description = "Plugin for Docker CLI to support SBOM creation using Syft";
mainProgram = "docker-sbom";
homepage = "https://github.com/docker/sbom-cli-plugin";
license = licenses.asl20;
maintainers = with maintainers; [ raboof ];
};
}