From 45b28a49ed8573878c936793ddfbc7c4ec9e5a74 Mon Sep 17 00:00:00 2001 From: Midlyx Hatrys Date: Fri, 17 Feb 2023 19:04:51 +0200 Subject: [PATCH] add a devshell for NixOS Bazel on NixOS is problematic -- it's packaged, but not patched to actually _work_ outside of FHS environments. Vere build system presents an additional accidental hurdle: it expects the musl-cross-make toolchain to be under /usr/local/ and uses sudo to install it there, as one does. Unfortunately NixOS nerfs sudo in user namespaces (which are used to implement FHS environments) for security reasons, making it impossible to install the toolchain the normal way. So in order to restore the ability to build Vere under NixOS without resorting to containers (which is unsporting), this commit adds a flake, which defines a devshell, which provides the toolchain and all the other needed tools. So one can "nix develop", go get coffee (first invocation may take 15 minutes or so, subsequent ones will be instant until next nix store GC), and then "bazel build :urbit" etc. --- flake.lock | 48 +++++++++++++++++++++ flake.nix | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000000..12ffaf6f77 --- /dev/null +++ b/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1677383253, + "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "parts": "parts" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000000..336f0f3ba2 --- /dev/null +++ b/flake.nix @@ -0,0 +1,123 @@ +{ + description = "Vere build devshell"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ self, nixpkgs, parts }: parts.lib.mkFlake { inherit inputs; } (let + # map systems to the musl-cross-make target names; only + # x86_64-linux is tested though + toolchainTargets = { + "x86_64-linux" = "x86_64-linux-musl"; + "aarch64-linux" = "aarch64-linux-musl"; + }; + # map dep urls to hashes + toolchainDeps = { + "https://ftpmirror.gnu.org/gnu/gcc/gcc-9.4.0/gcc-9.4.0.tar.xz" = "13l3p6g2krilaawbapmn9zmmrh3zdwc36mfr3msxfy038hps6pf9"; + "https://ftpmirror.gnu.org/gnu/binutils/binutils-2.33.1.tar.xz" = "1grcf8jaw3i0bk6f9xfzxw3qfgmn6fgkr108isdkbh1y3hnzqrmb"; + "https://musl.libc.org/releases/musl-1.2.3.tar.gz" = "196lrzw0qy5axiz9p5ay50q2mls8hbfckr4rw0klc7jjc9h0nnvx"; + "https://ftpmirror.gnu.org/gnu/gmp/gmp-6.1.2.tar.bz2" = "1clg7pbpk6qwxj5b2mw0pghzawp2qlm3jf9gdd8i6fl6yh2bnxaj"; + "https://ftpmirror.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz" = "0biwnhjm3rx3hc0rfpvyniky4lpzsvdcwhmcn7f0h4iw2hwcb1b9"; + "https://ftpmirror.gnu.org/gnu/mpfr/mpfr-4.0.2.tar.bz2" = "1k1s4p56272bggvyrxfn3zdycr4wy7h5ipac70cr03lys013ypn0"; + "http://ftp.barfooze.de/pub/sabotage/tarballs//linux-headers-4.19.88-1.tar.xz" = "04r8k4ckqbklx9sfm07cr7vfw5ra4cic0rzanm9dfh0crxncfnwr"; + "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=3d5db9ebe860" = "75d5d255a2a273b6e651f82eecfabf6cbcd8eaeae70e86b417384c8f4a58d8d3"; + }; + in { + systems = builtins.attrNames toolchainTargets; + + flake = {}; + + perSystem = { pkgs, system, ... }: let + target = toolchainTargets.${system}; + + # in order to make the toolchain derivation pure, spoof `wget` + # to use FODs for the dependencies that would otherwise be + # downloaded + pseudoWget = let + c = pkgs.coreutils; + in pkgs.writeScriptBin "wget" '' + #!${pkgs.stdenv.shell} + + declare -A targets + ${builtins.concatStringsSep "\n" + (builtins.map (url: + "targets[${nixpkgs.lib.escapeShellArg url}]=" + (nixpkgs.lib.escapeShellArg (pkgs.fetchurl { + inherit url; + sha256 = builtins.getAttr url toolchainDeps; + }))) + (builtins.attrNames toolchainDeps))} + + # -c -O target url + target="$3" + url="$4" + preFetched=${"$" + "{targets[$url]}"} + if [[ -z "$preFetched" ]]; then + ${c}/bin/echo 1>&2 "$target ($url) is new or changed, nix-prefetch-url it and add or update the url and hash in toolchainDeps in flake.nix" + exit 1 + fi + ${c}/bin/cp --reflink=auto "$preFetched" "$target" + ''; + + toolchain = let + # keep in sync with `_musl_cross_make_version` in + # bazel/toolchain/BUILD.bazel + version = "fe915821b652a7fa37b34a596f47d8e20bc72338"; + + # `-g -O2` are the defaults (there's no way to add cflags via + # config.mak), `-Wno-format-security` is the interesting + # addition (without which gcc build fails in several places + # due to `-Werror=format-security` being on for some reason) + commonCFLAGS = "-g -O2 -Wno-format-security"; + in pkgs.stdenv.mkDerivation { + name = "musl-cross-make"; + inherit system version; + src = pkgs.fetchFromGitHub { + owner = "richfelker"; + repo = "musl-cross-make"; + rev = version; + sha256 = "sha256-FthfhZ+qGf2nWLICvjaO8fiP5+PYU7PqFCbPwXmJFes="; + }; + + nativeBuildInputs = [ + pseudoWget + ]; + + enableParallelBuilding = true; + configurePhase = '' + cat > config.mak <