From 9f86685cc76991e983bf126a37e3f7f319247ba8 Mon Sep 17 00:00:00 2001
From: Johan Thomsen <jth@dbc.dk>
Date: Thu, 30 Jul 2020 16:20:50 +0200
Subject: [PATCH] dockerTools: fix permissions on /nix/store

---
 pkgs/build-support/docker/stream_layered_image.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkgs/build-support/docker/stream_layered_image.py b/pkgs/build-support/docker/stream_layered_image.py
index 8ffd336fce498..ffb6ba0ade4b2 100644
--- a/pkgs/build-support/docker/stream_layered_image.py
+++ b/pkgs/build-support/docker/stream_layered_image.py
@@ -74,6 +74,10 @@ def apply_filters(ti):
         ti.gname = "root"
         return filter(ti)
 
+    def nix_root(ti):
+        ti.mode = 0o0555  # r-xr-xr-x
+        return ti
+
     def dir(path):
         ti = tarfile.TarInfo(path)
         ti.type = tarfile.DIRTYPE
@@ -84,8 +88,8 @@ def dir(path):
         # these directories first when building layer tarballs. But
         # we don't need them on the customisation layer.
         if add_nix:
-            tar.addfile(apply_filters(dir("/nix")))
-            tar.addfile(apply_filters(dir("/nix/store")))
+            tar.addfile(apply_filters(nix_root(dir("/nix"))))
+            tar.addfile(apply_filters(nix_root(dir("/nix/store"))))
 
         for path in paths:
             path = pathlib.Path(path)