From e895aa5495ce0a1716eae3e1ecff11866179d32c Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Thu, 23 Nov 2023 17:24:54 +0100
Subject: [PATCH] nix: add derivations for C library dependencies

Cryptsetup and libvirt are new.
OpenSSL was moved with the rest.

The dynamic libaries cryptsetup and libvirt also ship a file called closure.tar,
that contains the transitive closure for all of their dependencies.
This tar file can be used as a container image layer or added to a bootable OS image
to provide the runtime dependencies required for dynamic linking.
Additionally, they ship a `rpath` file. This can be used together with patchelf to
fix the RPATH of binaries produced by Bazel.
---
 flake.nix             | 11 +++++++----
 nix/cc/cryptsetup.nix | 18 ++++++++++++++++++
 nix/cc/libvirt.nix    | 19 +++++++++++++++++++
 nix/cc/openssl.nix    |  8 ++++++++
 4 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 nix/cc/cryptsetup.nix
 create mode 100644 nix/cc/libvirt.nix
 create mode 100644 nix/cc/openssl.nix

diff --git a/flake.nix b/flake.nix
index 2a32da6ca..20d68570d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,6 +19,8 @@
     let
       pkgsUnstable = import nixpkgsUnstable { inherit system; };
 
+      callPackage = pkgsUnstable.callPackage;
+
       mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec {
         propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable;  [
           # package management
@@ -41,10 +43,11 @@
     {
       packages.mkosi = mkosiDev;
 
-      packages.openssl = pkgsUnstable.symlinkJoin {
-        name = "openssl";
-        paths = [ openssl-static.out openssl-static.dev ];
-      };
+      packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; };
+
+      packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; };
+
+      packages.libvirt = callPackage ./nix/cc/libvirt.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; };
 
       packages.awscli2 = pkgsUnstable.awscli2;
 
diff --git a/nix/cc/cryptsetup.nix b/nix/cc/cryptsetup.nix
new file mode 100644
index 000000000..9687e1019
--- /dev/null
+++ b/nix/cc/cryptsetup.nix
@@ -0,0 +1,18 @@
+{ pkgs, pkgsLinux, buildEnv, closureInfo }:
+let
+  lib = pkgs.lib;
+  cc = pkgsLinux.stdenv.cc;
+  packages = [ pkgsLinux.cryptsetup.out pkgsLinux.cryptsetup.dev ];
+  closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
+  rpath = pkgs.lib.makeLibraryPath [ pkgsLinux.cryptsetup pkgsLinux.glibc pkgsLinux.libgcc.lib ];
+in
+pkgs.symlinkJoin {
+  name = "cryptsetup";
+  paths = packages;
+  buildInputs = packages;
+  postBuild = ''
+    tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure}
+    echo "${rpath}" > $out/rpath
+    cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker
+  '';
+}
diff --git a/nix/cc/libvirt.nix b/nix/cc/libvirt.nix
new file mode 100644
index 000000000..47660a97f
--- /dev/null
+++ b/nix/cc/libvirt.nix
@@ -0,0 +1,19 @@
+{ pkgs, pkgsLinux, buildEnv, closureInfo }:
+let
+  lib = pkgs.lib;
+  cc = pkgsLinux.stdenv.cc;
+  packages = [ pkgsLinux.libvirt ];
+  closure = builtins.toString (lib.strings.splitString "\n" (builtins.readFile "${closureInfo {rootPaths = packages;}}/store-paths"));
+  rpath = pkgs.lib.makeLibraryPath [ pkgsLinux.libvirt pkgsLinux.glib pkgsLinux.libxml2 pkgsLinux.readline pkgsLinux.glibc pkgsLinux.libgcc.lib ];
+in
+pkgs.symlinkJoin {
+  name = "libvirt";
+  paths = packages;
+  buildInputs = packages;
+  postBuild = ''
+    tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure}
+    tar --transform 's+^./+bin/+' -cf $out/bin-linktree.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name -C $out/bin .
+    echo "${rpath}" > $out/rpath
+    cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker
+  '';
+}
diff --git a/nix/cc/openssl.nix b/nix/cc/openssl.nix
new file mode 100644
index 000000000..0651fea67
--- /dev/null
+++ b/nix/cc/openssl.nix
@@ -0,0 +1,8 @@
+{ pkgs }:
+let
+  openssl-static = pkgs.openssl.override { static = true; };
+in
+pkgs.symlinkJoin {
+  name = "openssl";
+  paths = [ openssl-static.out openssl-static.dev ];
+}