Merge pull request #1123 from giuseppe/nix-cleanups

flouthoc · web-flow · commit fc40a9104dba · 2023-01-16T16:43:09.000+05:30
few cleanups for the nix builder
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -11,7 +11,7 @@ jobs:
       - uses: actions/cache@v3
         with:
           path: .cache
-          key: nix-v1-${{ hashFiles('nix/nixpkgs.json') }}
+          key: nix-v1-2.12.0-${{ hashFiles('nix/nixpkgs.json') }}
 
       - run: sudo apt-get update
 
@@ -21,7 +21,7 @@ jobs:
           set -ex
           sudo mkdir -p .cache
           sudo mv .cache /nix
-          if [[ -z $(ls -A /nix) ]]; then sudo docker run --rm --privileged -v /:/mnt nixos/nix:2.3.12 cp -rfT /nix /mnt/nix; fi
+          if [[ -z $(ls -A /nix) ]]; then sudo docker run --rm --privileged -v /:/mnt nixos/nix:2.12.0 cp -rfT /nix /mnt/nix; fi
           sudo RUNTIME=docker SKIP_CHECKS=1 SKIP_GPG=1 build-aux/release.sh
           sudo mv /nix .cache
           sudo chown -Rf $(whoami) .cache
@@ -32,6 +32,8 @@ jobs:
           sudo mv /tmp/artifact/crun-*-linux-amd64-disable-systemd /tmp/artifact/crun-linux-amd64-disable-systemd
           sudo mv /tmp/artifact/crun-*-linux-arm64 /tmp/artifact/crun-linux-arm64
           sudo mv /tmp/artifact/crun-*-linux-arm64-disable-systemd /tmp/artifact/crun-linux-arm64-disable-systemd
+          sudo mv /tmp/artifact/crun-*-linux-ppc64le /tmp/artifact/crun-linux-ppc64le
+          sudo mv /tmp/artifact/crun-*-linux-ppc64le-disable-systemd /tmp/artifact/crun-linux-ppc64le-disable-systemd
           sudo mv /tmp/artifact/*.tar.gz /tmp/artifact/crun.tar.gz
           sudo mv /tmp/artifact/*.tar.xz /tmp/artifact/crun.tar.xz
           (cd /tmp/artifact; sha256sum * | sudo tee CHECKSUMS)
@@ -57,6 +59,16 @@ jobs:
           path: /tmp/artifact/crun-linux-arm64-disable-systemd
 
       - uses: actions/upload-artifact@v3
+        with:
+          name: crun-linux-ppc64le
+          path: /tmp/artifact/crun-linux-ppc64le
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: crun-linux-ppc64le-disable-systemd
+          path: /tmp/artifact/crun-linux-ppc64le-disable-systemd
+
+      - uses: actions/upload-artifact@v2
         with:
           name: crun.tar.gz
           path: /tmp/artifact/crun.tar.gz
diff --git a/build-aux/release.sh b/build-aux/release.sh
@@ -5,6 +5,8 @@ set -xeuo pipefail
 SKIP_GPG=${SKIP_GPG:-}
 SKIP_CHECKS=${SKIP_CHECKS:-}
 
+NIX_IMAGE=${NIX_IMAGE:-nixos/nix:2.12.0}
+
 test -e Makefile && make distclean
 
 ./autogen.sh
@@ -41,30 +43,44 @@ RUNTIME_EXTRA_ARGS=${RUNTIME_EXTRA_ARGS:-}
 
 mkdir -p /nix
 
-$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix:2.3.12 \
-    nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
+NIX_ARGS="--extra-experimental-features nix-command --print-build-logs --option cores $(nproc) --option max-jobs $(nproc)"
+
+$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} ${NIX_IMAGE} \
+    nix $NIX_ARGS build --file nix/
 cp ./result/bin/crun $OUTDIR/crun-$VERSION-linux-amd64
 
 rm -rf result
 
-$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix:2.3.12 \
-    nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/ --arg enableSystemd false
+$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} ${NIX_IMAGE} \
+    nix $NIX_ARGS build --file nix/ --arg enableSystemd false
 cp ./result/bin/crun $OUTDIR/crun-$VERSION-linux-amd64-disable-systemd
 
 rm -rf result
 
-$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix:2.3.12 \
-    nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/default-arm64.nix
+$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} ${NIX_IMAGE} \
+    nix $NIX_ARGS build --file nix/default-arm64.nix
 cp ./result/bin/crun $OUTDIR/crun-$VERSION-linux-arm64
 
 rm -rf result
 
-$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix:2.3.12 \
-    nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/default-arm64.nix --arg enableSystemd false
+$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} ${NIX_IMAGE} \
+    nix $NIX_ARGS build --file nix/default-arm64.nix --arg enableSystemd false
 cp ./result/bin/crun $OUTDIR/crun-$VERSION-linux-arm64-disable-systemd
 
 rm -rf result
 
+$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} ${NIX_IMAGE} \
+    nix $NIX_ARGS build --file nix/default-ppc64le.nix
+cp ./result/bin/crun $OUTDIR/crun-$VERSION-linux-ppc64le
+
+rm -rf result
+
+$RUNTIME run --rm $RUNTIME_EXTRA_ARGS --privileged -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} ${NIX_IMAGE} \
+    nix $NIX_ARGS build --file nix/default-ppc64le.nix --arg enableSystemd false
+cp ./result/bin/crun $OUTDIR/crun-$VERSION-linux-ppc64le-disable-systemd
+
+rm -rf result
+
 if test x$SKIP_GPG = x; then
     for i in $OUTDIR/*; do
         gpg2 -b --armour $i
diff --git a/nix/default-arm64.nix b/nix/default-arm64.nix
@@ -7,11 +7,11 @@ let
     };
     config = {
       packageOverrides = pkg: {
+        gcrypt = (static pkg.libgcrypt);
         gpgme = (static pkg.gpgme);
         libassuan = (static pkg.libassuan);
         libgpgerror = (static pkg.libgpgerror);
         libseccomp = (static pkg.libseccomp);
-        protobufc = (static pkg.protobufc);
         glib = (static pkg.glib).overrideAttrs (x: {
           outputs = [ "bin" "out" "dev" ];
           mesonFlags = [
@@ -72,11 +72,11 @@ let
       which
     ];
     buildInputs = [
+      gcrypt
       glibc
       glibc.static
       libcap
       libseccomp
-      protobufc
       systemd
       yajl
     ];
@@ -87,7 +87,7 @@ let
       export LDFLAGS='-s -w -static-libgcc -static'
       export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
       export CRUN_LDFLAGS='-all-static'
-      export LIBS='${glibc.static}/lib/libc.a ${glibc.static}/lib/libpthread.a ${glibc.static}/lib/librt.a ${lib.getLib libcap}/lib/libcap.a ${lib.getLib libseccomp}/lib/libseccomp.a ${protobufc}/lib/libprotobuf-c.a ${lib.getLib systemd}/lib/libsystemd.a ${yajl}/lib/libyajl_s.a'
+      export LIBS='${glibc.static}/lib/libc.a ${glibc.static}/lib/libpthread.a ${glibc.static}/lib/librt.a ${lib.getLib libcap}/lib/libcap.a ${lib.getLib libseccomp}/lib/libseccomp.a ${lib.getLib systemd}/lib/libsystemd.a ${yajl}/lib/libyajl_s.a ${gcrypt}/lib/libgcrypt.a'
     '';
     buildPhase = ''
       patchShebangs .
diff --git a/nix/default-ppc64le.nix b/nix/default-ppc64le.nix
@@ -0,0 +1,103 @@
+{ enableSystemd ? true }:
+let
+  static = import ./static.nix;
+  pkgs = (import ./nixpkgs.nix {
+    crossSystem = {
+      config = "powerpc64le-unknown-linux-gnu";
+    };
+    config = {
+      packageOverrides = pkg: {
+        gcrypt = (static pkg.libgcrypt);
+        gpgme = (static pkg.gpgme);
+        libassuan = (static pkg.libassuan);
+        libgpgerror = (static pkg.libgpgerror);
+        libseccomp = (static pkg.libseccomp);
+        glib = (static pkg.glib).overrideAttrs (x: {
+          outputs = [ "bin" "out" "dev" ];
+          mesonFlags = [
+            "-Ddefault_library=static"
+            "-Ddevbindir=${placeholder ''dev''}/bin"
+            "-Dgtk_doc=false"
+            "-Dnls=disabled"
+          ];
+          postInstall = ''
+            moveToOutput "share/glib-2.0" "$dev"
+            substituteInPlace "$dev/bin/gdbus-codegen" --replace "$out" "$dev"
+            sed -i "$dev/bin/glib-gettextize" -e "s|^gettext_dir=.*|gettext_dir=$dev/share/glib-2.0/gettext|"
+            sed '1i#line 1 "${x.pname}-${x.version}/include/glib-2.0/gobject/gobjectnotifyqueue.c"' \
+              -i "$dev"/include/glib-2.0/gobject/gobjectnotifyqueue.c
+          '';
+        });
+        libcap = (static pkg.libcap).overrideAttrs (x: {
+          postInstall = ''
+            mkdir -p "$doc/share/doc/${x.pname}-${x.version}"
+            cp License "$doc/share/doc/${x.pname}-${x.version}/"
+            mkdir -p "$pam/lib/security"
+            mv "$lib"/lib/security "$pam/lib"
+          '';
+        });
+        systemd = (static pkg.systemd).overrideAttrs (x: {
+          outputs = [ "out" "dev" ];
+          mesonFlags = x.mesonFlags ++ [
+            "-Dglib=false"
+            "-Dbpf-compiler=gcc"
+            "-Dbpf-framework=false"
+            "-Dstatic-libsystemd=true"
+          ];
+        });
+        yajl = (static pkg.yajl).overrideAttrs (x: {
+          preConfigure = ''
+            export CMAKE_STATIC_LINKER_FLAGS="-static"
+          '';
+        });
+        zstd = pkg.zstd.overrideAttrs (x: {
+          cmakeFlags = x.cmakeFlags ++ [ "-DZSTD_BUILD_CONTRIB:BOOL=OFF" ];
+          preInstall = "";
+        });
+      };
+    };
+  });
+
+  self = with pkgs; stdenv.mkDerivation rec {
+    name = "crun";
+    src = ./..;
+    vendorSha256 = null;
+    doCheck = false;
+    enableParallelBuilding = true;
+    outputs = [ "out" ];
+    nativeBuildInputs = with buildPackages; [
+      autoreconfHook
+      bash
+      gitMinimal
+      pkg-config
+      python3
+      which
+    ];
+    buildInputs = [
+      gcrypt
+      glibc
+      glibc.static
+      libcap
+      libseccomp
+      systemd
+      yajl
+    ];
+    configureFlags = [ "--enable-static" ]
+      ++ lib.optional (!enableSystemd) [ "--disable-systemd" ];
+    prePatch = ''
+      export CFLAGS='-static -pthread'
+      export LDFLAGS='-s -w -static-libgcc -static'
+      export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
+      export CRUN_LDFLAGS='-all-static'
+      export LIBS='${glibc.static}/lib/libc.a ${glibc.static}/lib/libpthread.a ${glibc.static}/lib/librt.a ${lib.getLib libcap}/lib/libcap.a ${lib.getLib libseccomp}/lib/libseccomp.a ${lib.getLib systemd}/lib/libsystemd.a ${yajl}/lib/libyajl_s.a ${gcrypt}/lib/libgcrypt.a'
+    '';
+    buildPhase = ''
+      patchShebangs .
+      make
+    '';
+    installPhase = ''
+      install -Dm755 crun $out/bin/crun
+    '';
+  };
+in
+self
diff --git a/nix/default.nix b/nix/default.nix
@@ -4,12 +4,12 @@ let
   pkgs = (import ./nixpkgs.nix {
     config = {
       packageOverrides = pkg: {
+        gcrypt = (static pkg.libgcrypt);
         criu = (static pkg.criu);
         gpgme = (static pkg.gpgme);
         libassuan = (static pkg.libassuan);
         libgpgerror = (static pkg.libgpgerror);
         libseccomp = (static pkg.libseccomp);
-        protobufc = (static pkg.protobufc);
         glib = (static pkg.glib).overrideAttrs (x: {
           outputs = [ "bin" "out" "dev" ];
           mesonFlags = [
@@ -59,12 +59,12 @@ let
       which
     ];
     buildInputs = [
+      gcrypt
       criu
       glibc
       glibc.static
       libcap
       libseccomp
-      protobufc
       systemd
       yajl
     ];
@@ -75,7 +75,7 @@ let
       export LDFLAGS='-s -w -static-libgcc -static'
       export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
       export CRUN_LDFLAGS='-all-static'
-      export LIBS='${criu}/lib/libcriu.a ${glibc.static}/lib/libc.a ${glibc.static}/lib/libpthread.a ${glibc.static}/lib/librt.a ${lib.getLib libcap}/lib/libcap.a ${lib.getLib libseccomp}/lib/libseccomp.a ${protobufc}/lib/libprotobuf-c.a ${lib.getLib systemd}/lib/libsystemd.a ${yajl}/lib/libyajl_s.a'
+      export LIBS='${criu}/lib/libcriu.a ${glibc.static}/lib/libc.a ${glibc.static}/lib/libpthread.a ${glibc.static}/lib/librt.a ${lib.getLib libcap}/lib/libcap.a ${lib.getLib libseccomp}/lib/libseccomp.a ${lib.getLib systemd}/lib/libsystemd.a ${yajl}/lib/libyajl_s.a ${gcrypt}/lib/libgcrypt.a'
     '';
     buildPhase = ''
       patchShebangs .
