dockerTools: use makeOverridable for buildImage family of functions

[risicle]

Description of changes

This may be a bit naive as I haven't really dug into the internals of dockerTools before - but to me we're missing a trick by not making the resulting images overridable. Using makeOverridable allows dockerTools-based images to be customized at the nix-level, which has numerous advantages over using image inheritance via fromImage, e.g.

• the duplicated-nix-store-paths issues can be avoided
• config can actually be extended rather than wholesale-replaced

buildImage has passthru.buildArgs but it is unique in this and is a bit more awkward to use than .override.

Have built dockerTools.examples on x86_64 linux and verified this causes no rebuilds.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.05 Release Notes (or backporting 22.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[nlewo]

I'm not really familiar with the override mecanism, but this looks legit to me.

I think we should do it on all buildImage* functions: it's missing for the buildImageWithNixDB.

[risicle]

I didn't do it on buildImageWithNixDB et al because it just passes the call straight through to buildImage which will have its own .override which is probably more useful.

[risicle]

@ofborg test docker-tools
@ofborg test docker-tools-cross
@ofborg test docker-tools-overlay

[risicle]

@ofborg test docker-tools

Regretting enabling the redis tests way back when.

[risicle]

Oh nixosTests.docker-tools appear to be broken at the moment anyway.

[risicle]

nixosTests.docker-tools-cross pass for me on nixos x86_64.

[teto]

Something I would have been happy to use in my code recently so +1

[considerate]

Oh nixosTests.docker-tools appear to be broken at the moment anyway.

How are the tests broken?

[risicle]

docker # [  382.861639] dockerd[895]: time="2023-09-12T21:47:41.600272616Z" level=info msg="Layer sha256:e4452b4eeb643615eed8321271a15ea843c23c3fa3c426241095961022cd4869 cleaned up"
docker # Error processing tar file(exit status 1): write /nix/store/vnwdak3n1w2jjil119j65k8mw1z23p84-glibc-2.35-224/lib/gconv/IBM1390.so: no space left on device

Appears to work though if I give the test machine more disk space.

[deliciouslytyped]

This may or may not cause some sort of (caching?) breakage in Arion, per hercules-ci/arion#217

[risicle]

That's interesting. If you look at the definition of makeOverridable it appears to go to special effort to make this work (as long as you use lib.functionArgs rather than builtins.functionArgs) but I agree, I can't get it to work like that either:

nix-repl> let lib = (import ./. {}).lib; in lib.functionArgs (lib.makeOverridable ({foo, bar ? "ahoy"}: { abc = "${foo}+${bar}";} ))
{ }

[roberth]

Possible fix:

• lib.makeOverridable: fix functionArgs on returned function #260535

Haven't tested the integration with arion, but I'd expect that to work.

[risicle]

Awesome love it when someone's 10 minutes ahead of me. Will review.