nix: add derivations for C library dependencies

Cryptsetup and libvirt are new. OpenSSL was moved with the rest. The dynamic libaries cryptsetup and libvirt also ship a file called closure.tar, that contains the transitive closure for all of their dependencies. This tar file can be used as a container image layer or added to a bootable OS image to provide the runtime dependencies required for dynamic linking. Additionally, they ship a `rpath` file. This can be used together with patchelf to fix the RPATH of binaries produced by Bazel.
2024-10-01 01:36:09 -04:00 · 2023-11-23 17:24:54 +01:00 · 2023-11-23 17:24:54 +01:00 · e895aa5495
commit e895aa5495
parent e174c4dfe1
4 changed files with 52 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -19,6 +19,8 @@
    let
      pkgsUnstable = import nixpkgsUnstable { inherit system; };

+      callPackage = pkgsUnstable.callPackage;
+
      mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec {
        propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable;  [
          # package management
@ -41,10 +43,11 @@
    {
      packages.mkosi = mkosiDev;

-      packages.openssl = pkgsUnstable.symlinkJoin {
-        name = "openssl";
-        paths = [ openssl-static.out openssl-static.dev ];
-      };
+      packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; };
+
+      packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; };
+
+      packages.libvirt = callPackage ./nix/cc/libvirt.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; };

      packages.awscli2 = pkgsUnstable.awscli2;

--- a/nix/cc/cryptsetup.nix
+++ b/nix/cc/cryptsetup.nix
@ -0,0 +1,18 @@
+{ pkgs, pkgsLinux, buildEnv, closureInfo }:
+let
+  lib = pkgs.lib;
+  cc = pkgsLinux.stdenv.cc;
+  packages = [ pkgsLinux.cryptsetup.out pkgsLinux.cryptsetup.dev ];
+  closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
+  rpath = pkgs.lib.makeLibraryPath [ pkgsLinux.cryptsetup pkgsLinux.glibc pkgsLinux.libgcc.lib ];
+in
+pkgs.symlinkJoin {
+  name = "cryptsetup";
+  paths = packages;
+  buildInputs = packages;
+  postBuild = ''
+    tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure}
+    echo "${rpath}" > $out/rpath
+    cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker
+  '';
+}
--- a/nix/cc/libvirt.nix
+++ b/nix/cc/libvirt.nix
@ -0,0 +1,19 @@
+{ pkgs, pkgsLinux, buildEnv, closureInfo }:
+let
+  lib = pkgs.lib;
+  cc = pkgsLinux.stdenv.cc;
+  packages = [ pkgsLinux.libvirt ];
+  closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
+  rpath = pkgs.lib.makeLibraryPath [ pkgsLinux.libvirt pkgsLinux.glib pkgsLinux.libxml2 pkgsLinux.readline pkgsLinux.glibc pkgsLinux.libgcc.lib ];
+in
+pkgs.symlinkJoin {
+  name = "libvirt";
+  paths = packages;
+  buildInputs = packages;
+  postBuild = ''
+    tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure}
+    tar --transform 's+^./+bin/+' -cf $out/bin-linktree.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name -C $out/bin .
+    echo "${rpath}" > $out/rpath
+    cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker
+  '';
+}
--- a/nix/cc/openssl.nix
+++ b/nix/cc/openssl.nix
@ -0,0 +1,8 @@
+{ pkgs }:
+let
+  openssl-static = pkgs.openssl.override { static = true; };
+in
+pkgs.symlinkJoin {
+  name = "openssl";
+  paths = [ openssl-static.out openssl-static.dev ];
+}