A faster dockerTools.buildImage prototype

submited by
Style Pass
2022-01-14 10:00:02

dockerTools.buildImage is the nixpkgs function to create OCI images. From a Nix expression, it creates a OCI image archive (which is basically a tar of layers, where each layer is a tar’ed file tree). Once this OCI image archive has been written to the Nix store, it can then be loaded it in the Docker deamon or pushed it to a Docker registry. Writing container images with the dockerTools.buildImage function is pretty convenient, but it has still several performance issues:

the dockerTools.buildImage build result is a tar containing all layers: even it the image is composed by several layers, a change in a layer leads to a full new OCI archive in the Nix store. Writing a new OCI archive takes time and consume Nix store disk space.

And another dockerTools.buildImage drawback is it’s implementation: more than 500 lines of a unmaintanable Bash magic :/

Instead of building layers as tarballs, the idea is to build an artifact which describes a container layer with a list of Nix store paths. So, Nix would build a JSON file referencing store paths (with some metadatas). At runtime, instead of pushing the layers to a container registry, we would have to create a tar based on this JSON file and push this tar stream to the registry.

Leave a Comment