4

A great 2016 blog post described building minimal Docker images with Nix. The below is a simple example taken from that blog post, modified to support Nix 2.0:

{ pkgs ? import <nixpkgs> {} }:

with pkgs;
dockerTools.buildImage {
  name = "redis";
  runAsRoot = ''
    #!${stdenv.shell}
    ${dockerTools.shadowSetup}
    groupadd -r redis
    useradd -r -g redis -d /data -M redis
    mkdir /data
    chown redis:redis /data
  '';

  config = {
    Cmd = [ "${gosu.bin}/bin/gosu" "redis" "${redis}/bin/redis-server" ];
    ExposedPorts = {
      "6379/tcp" = {};
    };
    WorkingDir = "/data";
    Volumes = {
      "/data" = {};
    };
  };
}

Using nix-linuxkit to have an x86_64-linux builder, this fails with an error about a bash executable which can't be run:

$ nix-build -j 1 --system x86_64-linux redis-small.nix
these derivations will be built:
  /nix/store/iixmgfhsczc71484vcwqwz2nzlg0rcv1-extra-commands.sh.drv
  /nix/store/jsydsrzs7h9pfnh8m6cxaysa9bafmp2z-redis-config.json.drv
  /nix/store/csfmyw6va3b8dabshliqjkrrdr6n090w-vm-run-stage2.drv
  /nix/store/l0p201r6zjfzsznfb6ykca1l8n09lyb9-vm-run.drv
  /nix/store/s64kqfyggqm60l5j9wy6s1nz39iwkxiw-run-as-root.sh.drv
  /nix/store/zidg0xphc7yjc4n0w3k7wnifz6rlqgzh-docker-layer-redis.drv
  /nix/store/12ahsincv8igv492gzjjvw9s8aaff65i-runtime-deps.drv
  /nix/store/pyx4q2wln2shlnjdp5ng43aqd6iba80d-docker-image-redis.tar.gz.drv
building '/nix/store/jsydsrzs7h9pfnh8m6cxaysa9bafmp2z-redis-config.json.drv'...
/nix/store/6v88ick1cxnn5g91m8qrrqww0lrlr27x-bash-4.4-p23/bin/bash: /nix/store/6v88ick1cxnn5g91m8qrrqww0lrlr27x-bash-4.4-p23/bin/bash: cannot execute binary file
builder for '/nix/store/jsydsrzs7h9pfnh8m6cxaysa9bafmp2z-redis-config.json.drv' failed with exit code 126
cannot build derivation '/nix/store/pyx4q2wln2shlnjdp5ng43aqd6iba80d-docker-image-redis.tar.gz.drv': 1 dependencies couldn't be built
error: build of '/nix/store/pyx4q2wln2shlnjdp5ng43aqd6iba80d-docker-image-redis.tar.gz.drv' failed

The key line here is /nix/store/6v88ick1cxnn5g91m8qrrqww0lrlr27x-bash-4.4-p23/bin/bash: cannot execute binary file. Using file to inspect that, it's genuinely a Linux ELF binary.

Incidentally, the same thing also happens with the following one-liner, taken from an answer to StackOverflow question How to build a Docker container with Nix?, also using dockerTools:

$ nix-build -j 1 --system x86_64-linux -E 'with import <nixpkgs> {}; pkgs.dockerTools.buildImage { name = "nix-htop"; contents = pkgs.htop; config = { Cmd = [ "/bin/htop" ]; }; }'

...fails similarly:

building path(s) ‘/nix/store/gz4lrsjcmxbcmdfpmazwz0wqnb5pbw8k-nix-htop-config.json’
/nix/store/nkq0n2m4shlbdvdq0qijib5zyzgmn0vq-bash-4.4-p12/bin/bash: /nix/store/nkq0n2m4shlbdvdq0qijib5zyzgmn0vq-bash-4.4-p12/bin/bash: cannot execute binary file
builder for ‘/nix/store/487mmw8kql56q7h6iq4c7hfzh4k0gv50-nix-htop-config.json.drv’ failed with exit code 126

Is dockerTools the common thread here?

Improve this question
2
  • I get the same error as you. Did you manage to get to the bottom of this Charles? Any workarounds? Commented Jun 1, 2019 at 5:59
  • My recollection is that I switched from dockerTools to using a different toolchain, something using xhyve directly with Nix tooling maintained upstream, but I'm not using it any longer today and don't remember what it was. Apologies about that -- if I'd remembered asking this question, I would presumably have answered it at the time, when the solution was fresh in my head. Commented Jun 1, 2019 at 14:52

1 Answer 1

Reset to default
1

This answer worked for me. Instead of using --system x86_64-linux, you can use --argstr system x86_64-linux with a nix expression like this

{ system ? "x86_64-linux", pkgs ? import <nixpkgs> { inherit system; } }:
...

For example

nix-build -j 1 --argstr system x86_64-linux -E '{ system ? "x86_64-linux", pkgs ? import <nixpkgs> { inherit system; } }: pkgs.dockerTools.buildImage { name = "nix-htop"; contents = pkgs.htop; config = { Cmd = [ "/bin/htop" ]; }; }'
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.