forked from velentr/buildroot.nix
-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.nix
126 lines (111 loc) · 3.2 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# SPDX-FileCopyrightText: 2024 Brian Kubisiak <[email protected]>
#
# SPDX-License-Identifier: MIT
{
name,
pkgs ? import <nixpkgs> {},
src,
defconfig,
lockfile,
nativeBuildInputs ? [],
}: let
inherit (pkgs) stdenv;
# There are too many places that hardcode /bin or /usr/bin to patch them all
# (some of them are in unpacked tarballs and aren't revealed until individual
# packages are enabled). Instead, just build everything in a FHS
# environment. This has the added bonus of making it less likely for build
# artifacts to hardcode a path to the nix store.
makeFHSEnv = pkgs.buildFHSEnv {
name = "make-with-fhs-env";
targetPkgs = pkgs:
with pkgs;
[
bc
cpio
file
libxcrypt
perl
rsync
unzip
util-linux
wget # Not actually used, but still needs to be installed
which
]
++ nativeBuildInputs;
runScript = "make";
};
buildrootBase = {
src = src;
patchPhase = ''
sed -i 's%--disable-makeinstall-chown%--disable-makeinstall-chown --disable-makeinstall-setuid%' \
package/util-linux/util-linux.mk
'';
configurePhase = ''
${makeFHSEnv}/bin/make-with-fhs-env ${defconfig}
'';
hardeningDisable = ["format"];
};
lockedPackageInputs = let
lockedInputs = builtins.fromJSON (builtins.readFile lockfile);
symlinkCommands = builtins.map (
file: let
lockedAttrs = lockedInputs.${file};
input = pkgs.fetchurl {
name = file;
urls = lockedInputs.${file}.uris;
hash = "${lockedAttrs.algo}:${lockedAttrs.checksum}";
};
in "ln -s ${input} $out/'${file}'"
) (builtins.attrNames lockedInputs);
in
stdenv.mkDerivation {
name = "${name}-sources";
dontUnpack = true;
dontConfigure = true;
buildPhase = "mkdir $out";
installPhase = pkgs.lib.strings.concatStringsSep "\n" symlinkCommands;
};
in rec {
packageInfo = stdenv.mkDerivation (buildrootBase
// {
name = "${name}-packageinfo.json";
buildPhase = ''
${makeFHSEnv}/bin/make-with-fhs-env show-info > packageinfo.json
'';
installPhase = ''
cp packageinfo.json $out
'';
});
packageLockFile = stdenv.mkDerivation {
name = "${name}-packages.lock";
src = src;
buildInputs = with pkgs; [python3];
dontConfigure = true;
buildPhase = ''
python3 ${./make-package-lock.py} --input ${packageInfo} --output $out
'';
dontInstall = true;
};
packageInputs = lockedPackageInputs;
buildroot = stdenv.mkDerivation (buildrootBase
// {
name = name;
outputs = ["out" "sdk"];
buildPhase = ''
export BR2_DL_DIR=/build/source/downloads
mkdir -p $BR2_DL_DIR
for lockedInput in ${lockedPackageInputs}/*; do
ln -s $lockedInput "$BR2_DL_DIR/$(basename $lockedInput)"
done
${makeFHSEnv}/bin/make-with-fhs-env
${makeFHSEnv}/bin/make-with-fhs-env sdk
'';
installPhase = ''
mkdir $out $sdk
cp -r output/images $out/
cp -r output/host/* $sdk
sh $sdk/relocate-sdk.sh
'';
dontFixup = true;
});
}