diff --git a/nix/docker/heptapod/default.nix b/nix/docker/heptapod/default.nix index 299bebfc6c..c7aa9a680a 100644 --- a/nix/docker/heptapod/default.nix +++ b/nix/docker/heptapod/default.nix @@ -6,10 +6,10 @@ let origImageArgs = { imageName = "octobus/heptapod"; - imageDigest = "sha256:a658aa09e28e1fe1fd9c29ac56b50f83d7723a7edce6577b448066f6c54ba831"; - sha256 = "sha256:1jm0r6pcsx094ya33jal30sv0rv2fqk3azvwigrlzvmczrak07sc"; + imageDigest = "sha256:5731200e0e14cf38fdf555a815e8192ada9cbaf82b296edd39c70579247ef00d"; + sha256 = "sha256:00xr9pdwpkpdqi8lv77lkq1vj7j2gr00xndajh42hv8532by0n2k"; finalImageName = "octobus/heptapod"; - finalImageTag = "0.22.3"; + finalImageTag = "0.23.2"; }; origImage = pkgs.dockerTools.pullImage origImageArgs; diff --git a/third_party/nixpkgs/patches/pr134071.patch b/third_party/nixpkgs/patches/pr134071.patch new file mode 100644 index 0000000000..48686fdbca --- /dev/null +++ b/third_party/nixpkgs/patches/pr134071.patch @@ -0,0 +1,34 @@ +From dbe9bf9848d7789b8d89fd2b0a43e3ca91f51357 Mon Sep 17 00:00:00 2001 +From: Luke Granger-Brown +Date: Sat, 14 Aug 2021 21:21:26 +0000 +Subject: [PATCH] dockerTools.pullImage: fix for skopeo 1.4.x + +skopeo 1.4.x doesn't accept --src-tls-verify as a flag to the *program*, +only as a flag to copy; we must pass it after the "copy" verb, or it +will fail with: + +> FATA[0000] unknown flag: --src-tls-verify +--- + pkgs/build-support/docker/default.nix | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix +index 091984585459f3..d76efac55b1a58 100644 +--- a/pkgs/build-support/docker/default.nix ++++ b/pkgs/build-support/docker/default.nix +@@ -111,12 +111,13 @@ rec { + destNameTag = "${finalImageName}:${finalImageTag}"; + } '' + skopeo \ +- --src-tls-verify=${lib.boolToString tlsVerify} \ + --insecure-policy \ + --tmpdir=$TMPDIR \ + --override-os ${os} \ + --override-arch ${arch} \ +- copy "$sourceURL" "docker-archive://$out:$destNameTag" \ ++ copy \ ++ --src-tls-verify=${lib.boolToString tlsVerify} \ ++ "$sourceURL" "docker-archive://$out:$destNameTag" \ + | cat # pipe through cat to force-disable progress bar + ''; + diff --git a/third_party/nixpkgs/patches/series b/third_party/nixpkgs/patches/series index 324117f1f0..fb89953b7e 100644 --- a/third_party/nixpkgs/patches/series +++ b/third_party/nixpkgs/patches/series @@ -1,2 +1,3 @@ patch-cherrypy.patch pomerium-fix.patch +pr134071.patch diff --git a/third_party/nixpkgs/pkgs/build-support/docker/default.nix b/third_party/nixpkgs/pkgs/build-support/docker/default.nix index 0919845854..d76efac55b 100644 --- a/third_party/nixpkgs/pkgs/build-support/docker/default.nix +++ b/third_party/nixpkgs/pkgs/build-support/docker/default.nix @@ -111,12 +111,13 @@ rec { destNameTag = "${finalImageName}:${finalImageTag}"; } '' skopeo \ - --src-tls-verify=${lib.boolToString tlsVerify} \ --insecure-policy \ --tmpdir=$TMPDIR \ --override-os ${os} \ --override-arch ${arch} \ - copy "$sourceURL" "docker-archive://$out:$destNameTag" \ + copy \ + --src-tls-verify=${lib.boolToString tlsVerify} \ + "$sourceURL" "docker-archive://$out:$destNameTag" \ | cat # pipe through cat to force-disable progress bar '';