github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/nix/test-fixtures/image-nixos-jq-pkg-db/Dockerfile (about) 1 FROM --platform=linux/amd64 nixos/nix:2.28.2@sha256:4215204b5f65c7b756b26a6dd47a6af77f1d906e5edf62b184c95420a7dfa08f AS builder 2 3 # cross-platform builds cannot use bpf features 4 RUN mkdir -p /etc/nix && \ 5 echo 'filter-syscalls = false' > /etc/nix/nix.conf && \ 6 echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf 7 8 # pin Nixpkgs to a specific commit (2023.11.17) 9 RUN mkdir -p /root/nix && \ 10 echo 'import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/46688f8eb5.tar.gz") {}' > /root/nix/pinned-nixpkgs.nix 11 12 # install jq + sqlite using the pinned Nixpkgs 13 RUN nix-env -f /root/nix/pinned-nixpkgs.nix -iA jq sqlite 14 15 COPY clean_db.sql /tmp/clean_db.sql 16 17 RUN echo "path" > /tmp/required_paths.txt 18 RUN . /root/.nix-profile/etc/profile.d/nix.sh && \ 19 PAGER='' nix-store -q --requisites $(which jq) >> /tmp/required_paths.txt 20 RUN sqlite3 /nix/var/nix/db/db.sqlite "CREATE TEMP TABLE IF NOT EXISTS RequiredPaths (path TEXT PRIMARY KEY);" 21 RUN sqlite3 /nix/var/nix/db/db.sqlite ".mode list" ".import /tmp/required_paths.txt RequiredPaths" 22 RUN sqlite3 /nix/var/nix/db/db.sqlite < /tmp/clean_db.sql 23 24 # create a directory with only the required dependencies + any derivations 25 RUN mkdir -p /nix-minimal && \ 26 for dep in $(nix-store -q --requisites $(which jq)); do \ 27 mkdir -p /nix-minimal$(dirname $dep) && \ 28 cp -a $dep /nix-minimal$dep; \ 29 done 30 31 # now add all the drv files from the store 32 RUN for drv in $(find /nix/store -name "*.drv"); do \ 33 mkdir -p /nix-minimal$(dirname $drv) && \ 34 cp -a $drv /nix-minimal$drv; \ 35 done 36 37 FROM scratch 38 39 # get packages + relationships from here 40 COPY --from=builder /nix/var/nix/db/db.sqlite /nix/var/nix/db/db.sqlite 41 42 # get files owned by each package here 43 COPY --from=builder /nix-minimal/nix/store /nix/store