Commit 16fdfc62 authored by Jakub Jirutka's avatar Jakub Jirutka

testing/nix: new aport

https://nixos.org/nix/
The purely functional package manager
parent 3018d94d
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=nix
pkgver=2.1.3
pkgrel=0
pkgdesc="The purely functional package manager"
url="https://nixos.org/nix/"
arch="x86 x86_64 aarch64" # supported platforms
license="LGPL-2.1-or-later"
depends="ca-certificates"
depends_dev="boost-dev"
makedepends="
$depends_dev
bash
brotli-dev
bzip2-dev
curl-dev
gc-dev
libressl-dev
libseccomp-dev
libsodium-dev
sqlite-dev
xz
xz-dev
"
pkggroups="nix nixbld"
install="$pkgname.pre-install"
subpackages="$pkgname-dev $pkgname-openrc $pkgname-doc"
source="https://nixos.org/releases/nix/$pkgname-$pkgver/$pkgname-$pkgver.tar.xz
libboost_context-mt.patch
nix-daemon.initd
nix-profile.sh
"
builddir="$srcdir/$pkgname-$pkgver"
build() {
cd "$builddir"
# NOTE: /nix/var is recommended by upstream and we need /nix anyway.
bash ./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--localstatedir=/nix/var \
--enable-gc
make
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
cd "$pkgdir"
# Remove trash.
rm -R etc/init
rm -R usr/lib/systemd
rm etc/profile.d/*
mkdir -p usr/sbin
mv usr/bin/nix-daemon usr/sbin/
install -m 755 -D "$srcdir"/nix-profile.sh etc/profile.d/nix.sh
install -m 755 -D "$srcdir"/nix-daemon.initd etc/init.d/nix-daemon
# Setup build users.
# Note: max-jobs should equal number of created nixbld<n> users.
install -d -m 0555 etc/nix
cat > etc/nix/nix.conf <<-EOF
build-users-group = nixbld
max-jobs = 4
EOF
# This is based on https://github.com/NixOS/nix/blob/9617a04/scripts/install-multi-user.sh#L525
# NOTE: store dir must be /nix/store, otherwise pre-built binaries from
# the standard Nixpkgs channels would not work.
install -d -m 1775 -g nixbld \
nix/store
install -d -m 0755 \
nix/var/log/nix/drvs \
nix/var/nix/db \
nix/var/nix/gcroots \
nix/var/nix/manifests \
nix/var/nix/profiles/default \
nix/var/nix/temproots \
nix/var/nix/userpool
install -d -m 1777 \
nix/var/nix/profiles/per-user \
nix/var/nix/gcroots/per-user
# Allow only users in the nix group to perform Nix operations.
install -d -m 0770 -g nix \
nix/var/nix/daemon-socket
}
sha512sums="d22718d23d8960dac7d07739835caa8183f573b303d77613e77314d873c1fe6da1cb0ed78337fe3219a94675307b23132a62ae7d9aa5354707e58400f403524b nix-2.1.3.tar.xz
2d6d8441861abca66b28083c356618e2dc60acb9a5be675f32be90204743e780f60427b8375aa5ba234f6f604f6b2569922cb400a1a989a37d950580d2151a6f libboost_context-mt.patch
9e4568db987fbae5097f7bb086e8ad51742c2d229703104fb7e6f240ffb0ca72e57dc305fb238bcee4ec8002d780007af60f241b1f32b6aa413dd579d9c59e75 nix-daemon.initd
0fb5b9ff2f593dca22251b342494ea0b61380d8f905d85855282d259c112aa2a918d9785aa08f847c693a939ebae9fbefcd4e417ad93283a142e066105cc87b5 nix-profile.sh"
# Nix
NOTE: Only members of unix group "nix" are allowed to install Nix packages.
We don't have libboost_context.so, just libboost_context-mt.so (-mt stands
for multithreading).
--- a/src/libutil/local.mk
+++ b/src/libutil/local.mk
@@ -6,7 +6,7 @@
libutil_SOURCES := $(wildcard $(d)/*.cc)
-libutil_LDFLAGS = $(LIBLZMA_LIBS) -lbz2 -pthread $(OPENSSL_LIBS) $(LIBBROTLI_LIBS) -lboost_context
+libutil_LDFLAGS = $(LIBLZMA_LIBS) -lbz2 -pthread $(OPENSSL_LIBS) $(LIBBROTLI_LIBS) -lboost_context-mt
libutil_LIBS = libformat
#!/sbin/openrc-run
description="Nix multi-user support daemon"
command="/usr/sbin/nix-daemon"
command_background="yes"
pidfile="/run/$RC_SVCNAME.pid"
# Profile for Nix package manager
# This script is based on https://github.com/NixOS/nix/blob/master/scripts/nix-profile.sh.in.
# Sanity check
[ "$HOME" ] && [ "$USER" ] || return 0
_nix_setup_user() {
local nix_profile="$HOME/.nix-profile"
local nix_defexpr="$HOME/.nix-defexpr"
local profiles_dir="/nix/var/nix/profiles"
local user_profile_dir="$profiles_dir/per-user/$USER"
local user_gcroots_dir="/nix/var/nix/gcroots/per-user/$USER"
mkdir -m 0755 -p "$user_profile_dir"
[ -O "$user_profile_dir" ] \
|| echo "Nix: WARNING: bad ownership on $user_profile_dir, should be $(id -u)" >&2
[ -w "$HOME" ] || return 0
# Create ~/.nix-profile if needed.
if ! [ -L "$nix_profile" ]; then
echo "Nix: creating $nix_profile" >&2
if [ "$USER" = root ]; then
# Root installs in the system-wide profile by default.
ln -s "$profiles_dir/default" "$nix_profile" \
|| echo "Nix: WARNING: could not create $nix_profile -> $profiles_dir/default" >&2
else
ln -s "$user_profile_dir/profile" "$nix_profile" \
|| echo "Nix: WARNING: could not create $nix_profile -> $user_profile_dir/profile" >&2
fi
fi
# Subscribe the user to the unstable Nixpkgs channel by default.
if ! [ -e "$HOME/.nix-channels" ]; then
echo 'https://nixos.org/channels/nixpkgs-unstable nixpkgs' > "$HOME/.nix-channels"
fi
# Create the per-user garbage collector roots directory.
mkdir -m 0755 -p "$user_gcroots_dir"
[ -O "$user_gcroots_dir" ] \
|| echo "Nix: WARNING: bad ownership on $user_gcroots_dir, should be $(id -u)" >&2
# Set up a default Nix expression from which to install stuff.
if [ ! -e "$nix_defexpr" -o -L "$nix_defexpr" ]; then
rm -f "$nix_defexpr"
mkdir -p "$nix_defexpr"
if [ "$USER" != root ]; then
ln -s "$profiles_dir"/per-user/root/channels "$nix_defexpr"/channels_root
fi
fi
export NIX_PROFILES="$NIX_PROFILES $nix_profile"
# Append ~/.nix-defexpr/channels/nixpkgs to $NIX_PATH so that <nixpkgs>
# paths work when the user has fetched the Nixpkgs channel.
export NIX_PATH="${NIX_PATH:+$NIX_PATH:}nixpkgs=$nix_defexpr/channels/nixpkgs"
# Set up secure multi-user builds; non-root users build through the Nix daemon.
[ "$USER" = root ] || export NIX_REMOTE='daemon'
}
# Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work.
export NIX_SSL_CERT_FILE='/etc/ssl/certs/ca-certificates.crt'
# The default profile for all users.
export NIX_PROFILES='/nix/var/nix/profiles/default'
# Set up environment for users that are allowed to build and install Nix
# packages: root and members of nix or wheel group.
if [ "$USER" = root ] || id -nG | grep -Eq '\b(nix|wheel)\b'; then
_nix_setup_user
fi
# Set up PATH and MANPATH.
for _i in $NIX_PROFILES; do
export PATH="$_i/bin:$PATH"
[ "$MANPATH" ] && export MANPATH="$_i/share/man:$MANPATH"
done
unset _i
unset -f _nix_setup_user
#!/bin/sh
addgroup -S nix 2>/dev/null
addgroup -S nixbld 2>/dev/null
for n in $(seq 0 3); do
adduser -S -D -H -h /var/empty -s /sbin/nologin -G nixbld \
-g "Nix build user $n" nixbld$n 2>/dev/null
done
exit 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment