From 8ba608197d07544062d825394b0e42af01e701f5 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sun, 21 Jul 2024 16:55:31 +0200 Subject: [PATCH] Initial import --- .gitignore | 7 ++ flake.lock | 27 +++++++ flake.nix | 67 +++++++++++++++++ module.nix | 34 +++++++++ nixos.nix | 18 +++++ overlay.nix | 92 +++++++++++++++++++++++ patches/libxcrypt-4.4.36-symbol-map.patch | 19 +++++ platforms.nix | 23 ++++++ stdenv.nix | 46 ++++++++++++ 9 files changed, 333 insertions(+) create mode 100644 .gitignore create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 module.nix create mode 100644 nixos.nix create mode 100644 overlay.nix create mode 100644 patches/libxcrypt-4.4.36-symbol-map.patch create mode 100644 platforms.nix create mode 100644 stdenv.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a3d6222 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# Hidden files +.* +!.git* + +# Nix +/result +/result-* diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..896f476 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1721924956, + "narHash": "sha256-Sb1jlyRO+N8jBXEX9Pg9Z1Qb8Bw9QyOgLDNMEpmjZ2M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5ad6a14c6bf098e98800b091668718c336effc95", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..75f9376 --- /dev/null +++ b/flake.nix @@ -0,0 +1,67 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + }; + + nixConfig = { + extra-substituters = [ "https://cache.kyouma.net" ]; + extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ]; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + inherit (builtins) mapAttrs; + inherit (nixpkgs) lib; + + platforms = mapAttrs + (name: platform: lib.systems.elaborate platform) + (import ./platforms.nix); + in { + lib = { + inherit platforms; + replaceConfig = { + replaceStdenv = + { pkgs }: pkgs.idiosyn pkgs.stdenv; + replaceCrossStdenv = + { buildPackages, baseStdenv }: buildPackages.idiosyn baseStdenv; + }; + }; + overlays.default = import ./overlay.nix inputs; + + nixosModules.default = { ... }: { + nixpkgs = { + overlays = [ self.overlays.default ]; + config = self.lib.replaceConfig // { + allowUnsupportedSystem = true; + }; + }; + + imports = [ ./module.nix ]; + }; + + legacyPackages = mapAttrs (system: platform: + import nixpkgs { + localSystem = system; + crossSystem = platform; + overlays = [ self.overlays.default ]; + config = self.lib.replaceConfig // { + allowUnsupportedSystem = true; + }; + }) platforms; + + nixosConfigurations = mapAttrs (system: platform: lib.nixosSystem { + modules = [ + self.nixosModules.default + ./nixos.nix { + nixpkgs.buildPlatform = system; + nixpkgs.hostPlatform = platform; + } + ]; + }) platforms; + + hydraJobs = { + stdenv = mapAttrs (name: host: host.pkgs.stdenv) self.nixosConfigurations; + nixos = mapAttrs (name: host: host.config.system.build.toplevel) self.nixosConfigurations; + }; + }; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..28495a7 --- /dev/null +++ b/module.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, modulesPath, ... }: +let + inherit (pkgs.stdenv) hostPlatform; + locale-archive-stub = + pkgs.stdenvNoCC.mkDerivation { + pname = "locale-archive-stub"; + version = "0"; + + buildCommand = '' + mkdir -p "$out/lib/locale" + touch "$out/lib/locale/locale-archive" + ''; + }; +in { + disabledModules = [ + (modulesPath + "/config/ldso.nix") + (modulesPath + "/config/stub-ld.nix") + (modulesPath + "/programs/nix-ld.nix") + ]; + + config = lib.mkMerge [ + (lib.mkIf hostPlatform.isMusl { + i18n.glibcLocales = lib.mkDefault locale-archive-stub; + i18n.supportedLocales = lib.mkDefault [ ]; + + programs.command-not-found.enable = lib.mkDefault false; + programs.less.lessopen = lib.mkDefault null; + + security.pam.services.login.updateWtmp = lib.mkForce false; + services.nscd.enable = lib.mkForce false; + system.nssModules = lib.mkForce [ ]; + }) + ]; +} diff --git a/nixos.nix b/nixos.nix new file mode 100644 index 0000000..1cfb7e6 --- /dev/null +++ b/nixos.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/".label = "nixos"; + + security.sudo.wheelNeedsPassword = false; + services.getty.autologinUser = "nixos"; + + users.users.nixos = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + system.stateVersion = "24.11"; + + virtualisation.vmVariant.virtualisation.diskImage = null; +} diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..200e4a4 --- /dev/null +++ b/overlay.nix @@ -0,0 +1,92 @@ +{ nixpkgs, ... }: final: prev: +let + inherit (final) + lib + hostPlatform + callPackage + addAttrsToDerivation; + + inherit (lib) + optionalAttrs + toList; + + pkgs = import nixpkgs { + localSystem = final.buildPlatform; + crossSystem = final.hostPlatform; + config = removeAttrs final.config [ + "replaceStdenv" + "replaceCrossStdenv" + ]; + }; + + idiosyn = import ./stdenv.nix pkgs; + + attrs = pkg: fun: pkg.overrideAttrs (base: builtins.trace "overrideAttrs applied to ${pkg.pname}" + optionalAttrs (!base ? idiosynApplied) (fun base // { + idiosynApplied = null; + })); + + patch = pkg: patches: attrs pkg (base: { + patches = base.patches or [ ] + ++ patches; + }); + + gentoo-patches = final.fetchgit { + url = "https://anongit.gentoo.org/git/repo/gentoo.git"; + rev = "fa77d52a7ff39464c50707ca024725deab08b534"; + sparseCheckout = [ "*.patch" ]; + nonConeMode = true; + hash = "sha256-ZTrPeo8TjKSDAUyeJyWq1C8O9EXd9uhClHlphPsFXCA="; + }; +in builtins.trace "overlay applied" { + inherit idiosyn; + + buildPackages = prev.buildPackages // { + stdenv = final.stdenv; + }; + + busybox = prev.busybox.override { + stdenv = final.gccStdenv; + }; + + efivar = attrs prev.efivar (base: { + buildFlags = base.buildFlags or [ ] + ++ [ "CC=$(CC)" ]; + }); + + icu = attrs prev.icu (base: { + configureFlags = base.configureFlags or [ ] + ++ [ "ac_cv_c_bigendian=${if hostPlatform.isBigEndian then "yes" else "no"}" ]; + }); + + keyutils = attrs prev.keyutils (base: { + LDFLAGS = base.LDFLAGS or [ ] + ++ [ "-Wl,--undefined-version" ]; + }); + + kexec-tools = prev.kexec-tools.override { + stdenv = final.gccStdenv; + }; + + libgcrypt = attrs prev.libgcrypt (base: { + configureFlags = base.configureFlags or [ ] + ++ [ "--disable-jent-support" ]; + }); + + libxcrypt = patch prev.libxcrypt + [ ./patches/libxcrypt-4.4.36-symbol-map.patch ]; + + mbrola = prev.mbrola.override { + stdenv = addAttrsToDerivation (base: { + env = base.env or { } // { + NIX_CFLAGS_COMPILE = toString (toList base.env.NIX_CFLAGS_COMPILE or [ ] + ++ [ "-Wno-error=implicit-function-declaration" ]); + }; + }) final.stdenv; + }; + + musl = attrs prev.musl (base: { + LDFLAGS = base.LDFLAGS or [ ] + ++ [ "-Wl,-u,__dls2" ]; + }); +} diff --git a/patches/libxcrypt-4.4.36-symbol-map.patch b/patches/libxcrypt-4.4.36-symbol-map.patch new file mode 100644 index 0000000..137093d --- /dev/null +++ b/patches/libxcrypt-4.4.36-symbol-map.patch @@ -0,0 +1,19 @@ +diff --git a/lib/libcrypt.map.in b/lib/libcrypt.map.in +index 88ea911..e99feab 100644 +--- a/lib/libcrypt.map.in ++++ b/lib/libcrypt.map.in +@@ -20,14 +20,6 @@ crypt_gensalt_ra XCRYPT_2.0 GLIBC_2.0:owl:suse GLIBC_2.2.2:alt OW_CRYPT_1.0: + crypt_checksalt XCRYPT_4.3 + crypt_preferred_method XCRYPT_4.4 + +-# Interfaces for code compatibility with libxcrypt v3.1.1 and earlier. +-# No longer available to new binaries. +-crypt_gensalt_r - XCRYPT_2.0 +-xcrypt - XCRYPT_2.0 +-xcrypt_r - XCRYPT_2.0 +-xcrypt_gensalt - XCRYPT_2.0 +-xcrypt_gensalt_r - XCRYPT_2.0 +- + # Deprecated interfaces, POSIX and otherwise; also present in GNU libc + # since 2.0 + encrypt - GLIBC_2.0 diff --git a/platforms.nix b/platforms.nix new file mode 100644 index 0000000..4617846 --- /dev/null +++ b/platforms.nix @@ -0,0 +1,23 @@ +{ + "x86_64-linux" = { + system = "x86_64-linux"; + config = "x86_64-unknown-linux-musl"; + gcc.arch = "x86-64-v3"; + useLLVM = true; + linker = "lld"; + }; + "aarch64-linux" = { + system = "aarch64-linux"; + config = "aarch64-unknown-linux-musl"; + gcc.arch = "armv8.2-a"; + useLLVM = true; + linker = "lld"; + }; + "riscv64-linux" = { + system = "aarch64-linux"; + config = "riscv64-unknown-linux-musl"; + gcc.arch = "rv64imafdc_zicsr_zba_zbb"; + useLLVM = true; + linker = "lld"; + }; +} diff --git a/stdenv.nix b/stdenv.nix new file mode 100644 index 0000000..893faa9 --- /dev/null +++ b/stdenv.nix @@ -0,0 +1,46 @@ +pkgs: stdenv: +let + inherit (pkgs) addAttrsToDerivation mimalloc overrideCC; + inherit (pkgs.lib) getLib optionalAttrs optionals toList; + inherit (pkgs.llvmPackages_latest) clangUseLLVM bintools; + inherit (stdenv) targetPlatform; + + cflags = [ + "-pipe" # Prefer pipes over temporary files between stages + "-O2" # Safe compiler optimisations + "-flto=thin" + ]; + + ldflags = [ + "-O2" # Enable tail merging of strings + "--hash-style=gnu" # Produce only DT_GNU_HASH + "--icf=safe" # Fold identical code where safe + "--lto-O2" + + "-L${getLib mimalloc}/lib" "-lmimalloc" + ]; + + rustflags = [ + "-C opt-level=2" + "-C linker-flavor=lld" + "-C lto=thin" + "-C linker-plugin-lto" + ] ++ optionals (targetPlatform.isx86_64 && targetPlatform ? gcc.arch) [ + "-C target-cpu=${targetPlatform.gcc.arch}" + ] ++ map (flag: "-C link-arg=${flag}") ldflags; + +in addAttrsToDerivation (base: { + env = (base.env or { }) // optionalAttrs (!base ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = + toString (toList base.env.NIX_CFLAGS_COMPILE or [ ] ++ cflags); + } // optionalAttrs (base ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = + toString (toList base.env.NIX_LDFLAGS or [ ] ++ ldflags); + }; + + NIX_RUSTFLAGS = toList base.NIX_RUSTFLAGS or [ ] ++ rustflags; +} // optionalAttrs (base ? env.NIX_CFLAGS) { + NIX_CFLAGS_COMPILE = toList base.NIX_CFLAGS_COMPILE or [ ] ++ cflags; +} // optionalAttrs (!base ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = toList base.NIX_LDFLAGS or [ ] ++ ldflags; +}) (overrideCC stdenv (clangUseLLVM.override { inherit bintools; }))