From 629351163dd20ecc40e4b69366c283f8da9b2972 Mon Sep 17 00:00:00 2001 From: Qyriad Date: Fri, 12 Apr 2024 06:35:54 -0600 Subject: [PATCH 1/2] flake: factor out binary tarball into its own file Bit-for-bit identical, and this one is callPackage-able Change-Id: Ic635687b0054e107271a9c24ae69101f5e0fba9e --- flake.nix | 29 +---------------------------- nix-support/binary-tarball.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 28 deletions(-) create mode 100644 nix-support/binary-tarball.nix diff --git a/flake.nix b/flake.nix index 8eb5582b0..716b9c0cd 100644 --- a/flake.nix +++ b/flake.nix @@ -116,34 +116,7 @@ ); binaryTarball = - nix: pkgs: - let - inherit (pkgs) buildPackages; - installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix ]; }; - in - - buildPackages.runCommand "nix-binary-tarball-${version}" - { - #nativeBuildInputs = lib.optional (system != "aarch64-linux") shellcheck; - meta.description = "Distribution-independent Nix bootstrap binaries for ${pkgs.system}"; - } - '' - cp ${installerClosureInfo}/registration $TMPDIR/reginfo - - dir=nix-${version}-${pkgs.system} - fn=$out/$dir.tar.xz - mkdir -p $out/nix-support - echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products - tar cvfJ $fn \ - --owner=0 --group=0 --mode=u+rw,uga+r \ - --mtime='1970-01-01' \ - --absolute-names \ - --hard-dereference \ - --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \ - --transform "s,$NIX_STORE,$dir/store,S" \ - $TMPDIR/reginfo \ - $(cat ${installerClosureInfo}/store-paths) - ''; + nix: pkgs: pkgs.callPackage ./nix-support/binary-tarball.nix { inherit nix version; }; overlayFor = getStdenv: final: prev: diff --git a/nix-support/binary-tarball.nix b/nix-support/binary-tarball.nix new file mode 100644 index 000000000..88c556c33 --- /dev/null +++ b/nix-support/binary-tarball.nix @@ -0,0 +1,28 @@ +{ + buildPackages, + nix, + system, + version, +}: +let + installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix ]; }; + + meta.description = "Distribution-independent Nix bootstrap binaries for ${system}"; +in +buildPackages.runCommand "nix-binary-tarball-${version}" { inherit meta; } '' + cp ${installerClosureInfo}/registration $TMPDIR/reginfo + + dir=nix-${version}-${system} + fn=$out/$dir.tar.xz + mkdir -p $out/nix-support + echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products + tar cvfJ $fn \ + --owner=0 --group=0 --mode=u+rw,uga+r \ + --mtime='1970-01-01' \ + --absolute-names \ + --hard-dereference \ + --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \ + --transform "s,$NIX_STORE,$dir/store,S" \ + $TMPDIR/reginfo \ + $(cat ${installerClosureInfo}/store-paths) +'' From a3be742bda0ca81dc9f340b29c522f97834f2155 Mon Sep 17 00:00:00 2001 From: Qyriad Date: Fri, 12 Apr 2024 06:45:51 -0600 Subject: [PATCH 2/2] binary tarball: include cacert in root paths 93cc06334 removed nss-cacert from the binary tarball, but they're necessary for global compatibility (and for our installer). This is what results in cacerts being in the default profile, so e.g. the daemon has TLS certs without having to use the system ones. There's a fallback behavior in the daemon script in case these wind up missing from the profile, but we don't want to have to rely on that, since the fallback fails if it doesn't recognize one of a handful of distros. Change-Id: I60d8e6f734469548e80d5f38113ef168f67cbf7d --- nix-support/binary-tarball.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nix-support/binary-tarball.nix b/nix-support/binary-tarball.nix index 88c556c33..b73e59043 100644 --- a/nix-support/binary-tarball.nix +++ b/nix-support/binary-tarball.nix @@ -1,11 +1,17 @@ { buildPackages, + cacert, nix, system, version, }: let - installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix ]; }; + installerClosureInfo = buildPackages.closureInfo { + rootPaths = [ + nix + cacert + ]; + }; meta.description = "Distribution-independent Nix bootstrap binaries for ${system}"; in