From f53812a11ebfcb7ccb46df998147048e8f2a27a3 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Wed, 27 May 2020 14:30:40 +0800 Subject: [PATCH] Cleanup nix derivation for static builds Signed-off-by: Wong Hoi Sing Edison --- .cirrus.yml | 24 ++++++++++------ .gitignore | 2 +- Containerfile-nix | 10 ------- Makefile | 27 ++++++------------ nix/default.nix | 73 ++++++++++++++++++++++------------------------- nix/nixpkgs.json | 10 +++---- 6 files changed, 63 insertions(+), 83 deletions(-) delete mode 100644 Containerfile-nix diff --git a/.cirrus.yml b/.cirrus.yml index 1d6d041ffd..ccc78717e9 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -756,17 +756,25 @@ success_task: success_script: '/usr/local/bin/entrypoint.sh ./$SCRIPT_BASE/success.sh |& ${TIMESTAMP}' +# Build the static binary static_build_task: - container: - image: quay.io/podman/nix-podman:1.0.0 - cpu: 8 - memory: 12 - timeout_in: 20m depends_on: - "gating" - build_script: - - nix build -f nix + gce_instance: + image_name: "${FEDORA_CACHE_IMAGE_NAME}" + cpu: 8 + memory: 12 + disk: 200 + script: | + set -ex + setenforce 0 + growpart /dev/sda 1 || true + resize2fs /dev/sda1 || true + yum -y install podman + mkdir -p /nix + podman run --rm --privileged -ti -v /:/mnt nixos/nix cp -rfT /nix /mnt/nix + podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/ binaries_artifacts: - path: "result-bin/bin/podman" + path: "result/bin/podman" on_failure: failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh |& ${TIMESTAMP}' diff --git a/.gitignore b/.gitignore index 9af705caae..f0fdf4dc8e 100644 --- a/.gitignore +++ b/.gitignore @@ -31,4 +31,4 @@ release.txt /test/copyimg/copyimg /test/goecho/goecho .vscode* -result-bin +result diff --git a/Containerfile-nix b/Containerfile-nix deleted file mode 100644 index 5eea71af65..0000000000 --- a/Containerfile-nix +++ /dev/null @@ -1,10 +0,0 @@ -# vim: set syntax=dockerfile: -FROM nixos/nix:latest - -RUN apk add --no-cache bash git - -COPY . /work -WORKDIR work/nix -RUN nix-build -WORKDIR / -RUN rm -rf work diff --git a/Makefile b/Makefile index 3f626d359e..1df9bf5f1a 100644 --- a/Makefile +++ b/Makefile @@ -220,29 +220,18 @@ bin/podman.cross.%: .gopathok GOARCH="$${TARGET##*.}" \ $(GO_BUILD) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags '$(BUILDTAGS_CROSS)' -o "$@" $(PROJECT)/cmd/podman -# Update nix/nixpkgs.json its latest master commit +# Update nix/nixpkgs.json its latest stable commit .PHONY: nixpkgs nixpkgs: - @nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \ + @nix run -f channel:nixos-20.03 nix-prefetch-git -c nix-prefetch-git \ --no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json -NIX_IMAGE ?= quay.io/podman/nix-podman:1.0.0 - -# Build the nix image as base for static builds -.PHONY: nix-image -nix-image: - $(CONTAINER_RUNTIME) build -t $(NIX_IMAGE) -f Containerfile-nix . - -# Build podman statically linked based on the default nix container image -.PHONY: build-static -build-static: - $(CONTAINER_RUNTIME) run \ - --rm -it \ - -v $(shell pwd):/work \ - -w /work $(NIX_IMAGE) \ - sh -c "nix build -f nix && \ - mkdir -p bin && \ - cp result-*bin/bin/podman bin/podman-static" +# Build statically linked binary +.PHONY: static +static: + @nix build -f nix/ + mkdir -p ./bin + cp -rfp ./result/bin/* ./bin/ .PHONY: run-docker-py-tests run-docker-py-tests: diff --git a/nix/default.nix b/nix/default.nix index cf607c0ad7..4fe818b398 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,53 +1,48 @@ +{ system ? builtins.currentSystem }: let - pkgs = import ./nixpkgs.nix { + pkgs = (import ./nixpkgs.nix { config = { packageOverrides = pkg: { - go_1_12 = pkg.go_1_14; + gpgme = (static pkg.gpgme); + libassuan = (static pkg.libassuan); + libgpgerror = (static pkg.libgpgerror); + libseccomp = (static pkg.libseccomp); }; }; - }; + }); - static = pkg: pkg.overrideAttrs(old: { - configureFlags = (old.configureFlags or []) ++ - [ "--without-shared" "--disable-shared" ]; + static = pkg: pkg.overrideAttrs(x: { + doCheck = false; + configureFlags = (x.configureFlags or []) ++ [ + "--without-shared" + "--disable-shared" + ]; dontDisableStatic = true; enableSharedExecutables = false; enableStatic = true; }); - patchLvm2 = pkg: pkg.overrideAttrs(old: { - configureFlags = [ - "--disable-cmdlib" "--disable-readline" "--disable-udev_rules" - "--disable-udev_sync" "--enable-pkgconfig" "--enable-static_link" - ]; - preConfigure = old.preConfigure + '' - substituteInPlace libdm/Makefile.in --replace \ - SUBDIRS=dm-tools SUBDIRS= - substituteInPlace tools/Makefile.in --replace \ - "TARGETS += lvm.static" "" - substituteInPlace tools/Makefile.in --replace \ - "INSTALL_LVM_TARGETS += install_tools_static" "" + self = with pkgs; buildGoModule rec { + name = "podman"; + src = ./..; + vendorSha256 = null; + doCheck = false; + enableParallelBuilding = true; + outputs = [ "out" ]; + nativeBuildInputs = [ bash git go-md2man installShellFiles makeWrapper pkg-config which ]; + buildInputs = [ glibc glibc.static gpgme libassuan libgpgerror libseccomp libapparmor libselinux ]; + prePatch = '' + export CFLAGS='-static' + export LDFLAGS='-s -w -static-libgcc -static' + export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"' + export BUILDTAGS='static netgo exclude_graphdriver_btrfs exclude_graphdriver_devicemapper seccomp apparmor selinux' + ''; + buildPhase = '' + patchShebangs . + make bin/podman + ''; + installPhase = '' + install -Dm755 bin/podman $out/bin/podman ''; - postInstall = ""; - }); - - self = { - podman-static = (pkgs.podman.overrideAttrs(old: { - name = "podman-static"; - buildInputs = old.buildInputs ++ (with pkgs; [ - (static pkgs.libassuan) - (static pkgs.libgpgerror) - git - glibc - glibc.static - ]); - src = ./..; - EXTRA_LDFLAGS = ''-linkmode external -extldflags "-static -lm"''; - BUILDTAGS = ''static netgo apparmor selinux seccomp systemd varlink containers_image_ostree_stub''; - })).override { - gpgme = (static pkgs.gpgme); - libseccomp = (static pkgs.libseccomp); - lvm2 = (patchLvm2 (static pkgs.lvm2)); - }; }; in self diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json index fbc7743731..98ed710a46 100644 --- a/nix/nixpkgs.json +++ b/nix/nixpkgs.json @@ -1,9 +1,7 @@ { "url": "https://github.com/nixos/nixpkgs", - "rev": "a08d4f605bca62c282ce9955d5ddf7d824e89809", - "date": "2020-03-20T10:10:15+01:00", - "sha256": "1bniq08dlmrmrz4aga1cj0d7rqbaq9xapm5ar15wdv2c6431z2m8", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false + "rev": "02591d02a910b3b92092153c5f3419a8d696aa1d", + "date": "2020-07-09T03:52:28+02:00", + "sha256": "1pp9v4rqmgx1b298gxix8b79m8pvxy1rcf8l25rxxxxnkr5ls1ng", + "fetchSubmodules": false }