Merge #2380

2380: [nix] Add nix derivation for static builds r=rhatdan a=hswong3i #### What type of PR is this?  > /kind feature #### What this PR does / why we need it: Similar PR goes for crun/conmon/libpod/cri-o/etc, too. Also see: - ~~containers/crun#372 - ~~containers/conmon#161 - containers/skopeo#932 - #2380 - containers/podman#6402 - cri-o/cri-o#3804 Static binaries: - [crun-0.13-linux-amd64](https://github.com/alvistack/crun/releases/download/0.13/crun-0.13-linux-amd64) - [conmon-v2.0.17-linux-amd64](https://github.com/alvistack/conmon/releases/download/v2.0.17/conmon-v2.0.17-linux-amd64) - [skopeo-v1.0.0-linux-amd64](https://github.com/alvistack/skopeo/releases/download/v1.0.0/skopeo-v1.0.0-linux-amd64) - [buildah-v1.14.9-linux-amd64](https://github.com/alvistack/buildah/releases/download/v1.14.9/buildah-v1.14.9-linux-amd64) - [podman-v1.9.3-linux-amd64](https://github.com/alvistack/libpod/releases/download/v1.9.3/podman-v1.9.3-linux-amd64) - [cri-o-v1.17.4-linux-amd64.tar.gz](https://github.com/alvistack/cri-o/releases/download/v1.17.4/cri-o-v1.17.4-linux-amd64.tar.gz) - [cri-o-v1.18.1-linux-amd64.tar.gz](https://github.com/alvistack/cri-o/releases/download/v1.18.1/cri-o-v1.18.1-linux-amd64.tar.gz) Ansible Roles: - https://github.com/alvistack/ansible-role-crun - https://github.com/alvistack/ansible-role-conmon - https://github.com/alvistack/ansible-role-skopeo - https://github.com/alvistack/ansible-role-buildah - https://github.com/alvistack/ansible-role-podman - https://github.com/alvistack/ansible-role-cri_o #### How to verify it ``` nix build -f nix/ ``` #### Which issue(s) this PR fixes:   #### Special notes for your reviewer: Here I skip the btrfs and lvm2 support for static binary, because: 1. btrfs will not support in CentOS 8 2. With skopeo experience both btrfs and lvm2 are not easy for compile as static binary Also see: - containers/podman#6402 (comment) #### Does this PR introduce a user-facing change?  ```release-note ``` Co-authored-by: Wong Hoi Sing Edison <[email protected]>
containers · Jun 18, 2020 · e591d4e · e591d4e
2 parents e5f71bf + 3a122aa
commit e591d4e
Show file tree

Hide file tree

Showing 10 changed files with 98 additions and 24 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -157,7 +157,7 @@ gce_instance:
 
     env:
         matrix:
-            CROSS_TARGET: darwin
+            CROSS_TARGET: bin/buildah.darwin
 
     setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}'
     build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}'

diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@ tests/tools/build
 Dockerfile*
 !/tests/bud/*/Dockerfile*
 *.swp
+result
diff --git a/Makefile b/Makefile
@@ -33,33 +33,36 @@ CNI_COMMIT := $(shell sed -n 's;\tgithub.com/containernetworking/cni \([^ \n]*\)
 RUNC_COMMIT := v1.0.0-rc8
 LIBSECCOMP_COMMIT := release-2.3
 
-EXTRALDFLAGS :=
-LDFLAGS := -ldflags '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT)' $(EXTRALDFLAGS)
+EXTRA_LDFLAGS ?=
+LDFLAGS := -ldflags '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)'
 SOURCES=*.go imagebuildah/*.go bind/*.go chroot/*.go cmd/buildah/*.go docker/*.go pkg/blobcache/*.go pkg/cli/*.go pkg/parse/*.go util/*.go
 
 LINTFLAGS ?=
 
-all: buildah imgtype docs
+all: bin/buildah bin/imgtype docs
 
-.PHONY: static
-static: $(SOURCES)
-	$(MAKE) SECURITYTAGS="$(SECURITYTAGS)" STORAGETAGS=$(STATIC_STORAGETAGS) EXTRALDFLAGS='-ldflags "-extldflags '-static'"' BUILDAH=buildah.static binary
+nixpkgs:
+	@nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \
+		--no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json
 
-.PHONY: binary
-binary:  $(SOURCES)
-	$(GO_BUILD) $(LDFLAGS) -o $(BUILDAH) $(BUILDFLAGS) ./cmd/buildah
+.PHONY: bin/buildah
+bin/buildah:  $(SOURCES)
+	$(GO_BUILD) $(LDFLAGS) -o $@ $(BUILDFLAGS) ./cmd/buildah
 
-buildah: binary
+.PHONY: buildah
+buildah: bin/buildah
 
-darwin:
-	GOOS=darwin $(GO_BUILD) $(LDFLAGS) -o buildah.darwin -tags "containers_image_openpgp" ./cmd/buildah
+.PHONY: bin/buildah.darwin
+bin/buildah.darwin:
+	GOOS=darwin $(GO_BUILD) $(LDFLAGS) -o $@ -tags "containers_image_openpgp" ./cmd/buildah
 
-imgtype: *.go docker/*.go util/*.go tests/imgtype/imgtype.go
-	$(GO_BUILD) $(LDFLAGS) -o imgtype $(BUILDFLAGS) ./tests/imgtype/imgtype.go
+.PHONY: bin/imgtype
+bin/imgtype: *.go docker/*.go util/*.go tests/imgtype/imgtype.go
+	$(GO_BUILD) $(LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/imgtype/imgtype.go
 
 .PHONY: clean
 clean:
-	$(RM) -r buildah imgtype build buildah.static buildah.darwin tests/testreport/testreport
+	$(RM) -r bin tests/testreport/testreport
 	$(MAKE) -C docs clean
 
 .PHONY: docs
@@ -105,7 +108,7 @@ install.cni.sudo: gopath
 
 .PHONY: install
 install:
-	install -D -m0755 buildah $(DESTDIR)/$(BINDIR)/buildah
+	install -D -m0755 bin/buildah $(DESTDIR)/$(BINDIR)/buildah
 	$(MAKE) -C docs install
 
 .PHONY: uninstall

diff --git a/contrib/cirrus/build.sh b/contrib/cirrus/build.sh
@@ -20,10 +20,9 @@ else
     mkdir -p bin
     if [[ -z "$CROSS_TARGET" ]]
     then
-        ln -v buildah bin/buildah
         showrun make install PREFIX=/usr
         showrun ./bin/buildah info
     else
-        ln -v buildah.${CROSS_TARGET} bin/buildah
+        ln -v ${CROSS_TARGET} bin/buildah
     fi
 fi
diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh
@@ -17,8 +17,8 @@ case $1 in
     df) showrun df -lhTx tmpfs ;;
     journal) showrun journalctl -b ;;
     podman) showrun podman system info ;;
-    buildah_version) showrun $GOSRC/buildah version;;
-    buildah_info) showrun $GOSRC/buildah info;;
+    buildah_version) showrun $GOSRC/bin/buildah version;;
+    buildah_info) showrun $GOSRC/bin/buildah info;;
     packages)
         # These names are common to Fedora and Ubuntu
         PKG_NAMES=(\

diff --git a/nix/default.nix b/nix/default.nix
@@ -0,0 +1,53 @@
+{ system ? builtins.currentSystem }:
+let
+  pkgs = (import ./nixpkgs.nix {
+    config = {
+      packageOverrides = pkg: {
+        gpgme = (static pkg.gpgme);
+        libassuan = (static pkg.libassuan);
+        libgpgerror = (static pkg.libgpgerror);
+        libseccomp = (static pkg.libseccomp);
+        glib = pkg.glib.overrideAttrs(x: {
+          outputs = [ "bin" "out" "dev" ];
+          mesonFlags = [
+            "-Ddefault_library=static"
+            "-Ddevbindir=${placeholder ''dev''}/bin"
+            "-Dgtk_doc=false"
+            "-Dnls=disabled"
+          ];
+        });
+      };
+    };
+  });
+
+  static = pkg: pkg.overrideAttrs(x: {
+    configureFlags = (x.configureFlags or []) ++
+      [ "--without-shared" "--disable-shared" ];
+    dontDisableStatic = true;
+    enableSharedExecutables = false;
+    enableStatic = true;
+  });
+
+  self = with pkgs; buildGoPackage rec {
+    name = "buildah";
+    src = ./..;
+    goPackagePath = "github.com/containers/buildah";
+    doCheck = false;
+    enableParallelBuilding = true;
+    nativeBuildInputs = [ git installShellFiles pkg-config ];
+    buildInputs = [ glib glibc glibc.static gpgme libapparmor libassuan libgpgerror libseccomp libselinux ];
+    prePatch = ''
+      export LDFLAGS='-s -w -static-libgcc -static'
+      export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
+      export BUILDTAGS='static netgo apparmor selinux seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'
+    '';
+    buildPhase = ''
+      pushd go/src/${goPackagePath}
+      patchShebangs .
+      make bin/buildah
+    '';
+    installPhase = ''
+      install -Dm755 bin/buildah $out/bin/buildah
+    '';
+  };
+in self
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
@@ -0,0 +1,10 @@
+{
+  "url": "https://github.com/nixos/nixpkgs",
+  "rev": "78e324d2726127828a15f87a75b4d3199a8955ec",
+  "date": "2020-06-16T18:23:14-07:00",
+  "path": "/nix/store/bwhp0061k3fk00j8fskpfak261jdcjl6-nixpkgs",
+  "sha256": "1j58aa9ngdmvbnds4x4a497nynj390dzqyb5yrvmhjc7k9anq6jm",
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
+}
diff --git a/nix/nixpkgs.nix b/nix/nixpkgs.nix
@@ -0,0 +1,8 @@
+let
+  json = builtins.fromJSON (builtins.readFile ./nixpkgs.json);
+  nixpkgs = import (builtins.fetchTarball {
+    name = "nixos-unstable";
+    url = "${json.url}/archive/${json.rev}.tar.gz";
+    inherit (json) sha256;
+  });
+in nixpkgs
diff --git a/tests/e2e/buildah_suite_test.go b/tests/e2e/buildah_suite_test.go
@@ -95,7 +95,7 @@ func CreateTempDirInTempDir() (string, error) {
 func BuildahCreate(tempDir string) BuildAhTest {
 	cwd, _ := os.Getwd()
 
-	buildAhBinary := filepath.Join(cwd, "../../buildah")
+	buildAhBinary := filepath.Join(cwd, "../../bin/buildah")
 	if os.Getenv("BUILDAH_BINARY") != "" {
 		buildAhBinary = os.Getenv("BUILDAH_BINARY")
 	}

diff --git a/tests/helpers.bash b/tests/helpers.bash
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
-BUILDAH_BINARY=${BUILDAH_BINARY:-$(dirname ${BASH_SOURCE})/../buildah}
-IMGTYPE_BINARY=${IMGTYPE_BINARY:-$(dirname ${BASH_SOURCE})/../imgtype}
+BUILDAH_BINARY=${BUILDAH_BINARY:-$(dirname ${BASH_SOURCE})/../bin/buildah}
+IMGTYPE_BINARY=${IMGTYPE_BINARY:-$(dirname ${BASH_SOURCE})/../bin/imgtype}
 TESTSDIR=${TESTSDIR:-$(dirname ${BASH_SOURCE})}
 STORAGE_DRIVER=${STORAGE_DRIVER:-vfs}
 PATH=$(dirname ${BASH_SOURCE})/..:${PATH}
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,3 +6,4 @@ tests/tools/build @@
     Dockerfile*
     !/tests/bud/*/Dockerfile*
     *.swp
+    result