diff --git a/buildkitd.go b/buildkitd.go index a2e65cc..702ab67 100644 --- a/buildkitd.go +++ b/buildkitd.go @@ -74,7 +74,7 @@ func SpawnBuildkitd(req Request, opts *BuildkitdOpts) (*Buildkitd, error) { if os.Getuid() == 0 { cmd = exec.Command("buildkitd", buildkitdFlags...) } else { - cmd = exec.Command("rootlesskit", append([]string{"buildkitd"}, buildkitdFlags...)...) + cmd = exec.Command("rootlesskit", append([]string{"buildkitd", "--rootless"}, buildkitdFlags...)...) } // kill buildkitd on exit diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..bb696b2 --- /dev/null +++ b/flake.lock @@ -0,0 +1,60 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1649676176, + "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1651682870, + "narHash": "sha256-yPbotZmOQh2RkoFqAaeYhXlrlKhW8iku9Q/4miuw4iw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a9aa0fe64c25af0db5ce69e128c57e1ac6098eaa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d42eda9 --- /dev/null +++ b/flake.nix @@ -0,0 +1,39 @@ +# If using a flake-enabled version of Nix (minimum 2.4, with experimental +# features enabled), ''nix develop'' will spawn an environment in which +# ''./scripts/test'' will work as intended. + +# For older versions of Nix, ''nix-shell'' will invoke this same code via the +# shell.nix compatibility layer. + +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/release-21.11"; + flake-compat.url = "github:edolstra/flake-compat"; + flake-compat.flake = false; + flake-utils.url = "github:numtide/flake-utils"; + }; + outputs = { self, nixpkgs, flake-utils, ... }: + flake-utils.lib.eachDefaultSystem (system: + let pkgs = import nixpkgs { inherit system; }; + in rec { + devShell = pkgs.mkShell { + buildInputs = with pkgs; [ + buildkit + go + rootlesskit + runc + ]; + shellHook = '' + if ! type newuidmap >/dev/null 2>&1; then { + echo "WARNING: newuidmap and newgid map are required but not found" + echo " Because these tools require a setuid bit to operate," + echo " they cannot be installed in a local Nix shell." + echo + } >&2; fi + PS1='[oci-build-task devshell] '"$PS1" + ''; + }; + }); +} + + diff --git a/scripts/test b/scripts/test index 3482294..e5ad7a9 100755 --- a/scripts/test +++ b/scripts/test @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e -u diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..6234bb4 --- /dev/null +++ b/shell.nix @@ -0,0 +1,10 @@ +(import + ( + let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ./.; } +).shellNix