nix: add derivations for C library dependencies

Cryptsetup and libvirt are new.
OpenSSL was moved with the rest.

The dynamic libaries cryptsetup and libvirt also ship a file called closure.tar,
that contains the transitive closure for all of their dependencies.
This tar file can be used as a container image layer or added to a bootable OS image
to provide the runtime dependencies required for dynamic linking.
Additionally, they ship a `rpath` file. This can be used together with patchelf to
fix the RPATH of binaries produced by Bazel.
This commit is contained in:
Malte Poll 2023-11-23 17:24:54 +01:00
parent 5009cbabac
commit 15c7f99f95
4 changed files with 52 additions and 4 deletions

View File

@ -19,6 +19,8 @@
let let
pkgsUnstable = import nixpkgsUnstable { inherit system; }; pkgsUnstable = import nixpkgsUnstable { inherit system; };
callPackage = pkgsUnstable.callPackage;
mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec { mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec {
propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable; [ propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable; [
# package management # package management
@ -41,10 +43,11 @@
{ {
packages.mkosi = mkosiDev; packages.mkosi = mkosiDev;
packages.openssl = pkgsUnstable.symlinkJoin { packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; };
name = "openssl";
paths = [ openssl-static.out openssl-static.dev ]; packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; };
};
packages.libvirt = callPackage ./nix/cc/libvirt.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; };
packages.awscli2 = pkgsUnstable.awscli2; packages.awscli2 = pkgsUnstable.awscli2;

18
nix/cc/cryptsetup.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, pkgsLinux, buildEnv, closureInfo }:
let
lib = pkgs.lib;
cc = pkgsLinux.stdenv.cc;
packages = [ pkgsLinux.cryptsetup.out pkgsLinux.cryptsetup.dev ];
closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
rpath = pkgs.lib.makeLibraryPath [ pkgsLinux.cryptsetup pkgsLinux.glibc pkgsLinux.libgcc.lib ];
in
pkgs.symlinkJoin {
name = "cryptsetup";
paths = packages;
buildInputs = packages;
postBuild = ''
tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure}
echo "${rpath}" > $out/rpath
cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker
'';
}

19
nix/cc/libvirt.nix Normal file
View File

@ -0,0 +1,19 @@
{ pkgs, pkgsLinux, buildEnv, closureInfo }:
let
lib = pkgs.lib;
cc = pkgsLinux.stdenv.cc;
packages = [ pkgsLinux.libvirt ];
closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
rpath = pkgs.lib.makeLibraryPath [ pkgsLinux.libvirt pkgsLinux.glib pkgsLinux.libxml2 pkgsLinux.readline pkgsLinux.glibc pkgsLinux.libgcc.lib ];
in
pkgs.symlinkJoin {
name = "libvirt";
paths = packages;
buildInputs = packages;
postBuild = ''
tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure}
tar --transform 's+^./+bin/+' -cf $out/bin-linktree.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name -C $out/bin .
echo "${rpath}" > $out/rpath
cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker
'';
}

8
nix/cc/openssl.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs }:
let
openssl-static = pkgs.openssl.override { static = true; };
in
pkgs.symlinkJoin {
name = "openssl";
paths = [ openssl-static.out openssl-static.dev ];
}