Cleanup nix derivation for static builds

Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>

.cirrus.yml

@@ -756,17 +756,25 @@ success_task:
 
     success_script: '/usr/local/bin/entrypoint.sh ./$SCRIPT_BASE/success.sh |& ${TIMESTAMP}'
 
+# Build the static binary
 static_build_task:
-    container:
-        image: quay.io/podman/nix-podman:1.0.0
-        cpu: 8
-        memory: 12
-    timeout_in: 20m
     depends_on:
         - "gating"
-    build_script:
+    gce_instance:
-        - nix build -f nix
+        image_name: "${FEDORA_CACHE_IMAGE_NAME}"
+        cpu: 8
+        memory: 12
+        disk: 200
+    script: |
+        set -ex
+        setenforce 0
+        growpart /dev/sda 1 || true
+        resize2fs /dev/sda1 || true
+        yum -y install podman
+        mkdir -p /nix
+        podman run --rm --privileged -ti -v /:/mnt nixos/nix cp -rfT /nix /mnt/nix
+        podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
     binaries_artifacts:
-        path: "result-bin/bin/podman"
+        path: "result/bin/podman"
     on_failure:
         failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh |& ${TIMESTAMP}'

.gitignore

@@ -31,4 +31,4 @@ release.txt
 /test/copyimg/copyimg
 /test/goecho/goecho
 .vscode*
-result-bin
+result

Containerfile-nix

@@ -1,10 +0,0 @@
-# vim: set syntax=dockerfile:
-FROM nixos/nix:latest
-
-RUN apk add --no-cache bash git
-
-COPY . /work
-WORKDIR work/nix
-RUN nix-build
-WORKDIR /
-RUN rm -rf work

Makefile

@@ -220,29 +220,18 @@ bin/podman.cross.%: .gopathok
 	GOARCH="$${TARGET##*.}" \
 	$(GO_BUILD) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags '$(BUILDTAGS_CROSS)' -o "$@" $(PROJECT)/cmd/podman
 
-# Update nix/nixpkgs.json its latest master commit
+# Update nix/nixpkgs.json its latest stable commit
 .PHONY: nixpkgs
 nixpkgs:
-	@nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \
+	@nix run -f channel:nixos-20.03 nix-prefetch-git -c nix-prefetch-git \
 		--no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json
 
-NIX_IMAGE ?= quay.io/podman/nix-podman:1.0.0
+# Build statically linked binary
-
+.PHONY: static
-# Build the nix image as base for static builds
+static:
-.PHONY: nix-image
+	@nix build -f nix/
-nix-image:
+	mkdir -p ./bin
-	$(CONTAINER_RUNTIME) build -t $(NIX_IMAGE) -f Containerfile-nix .
+	cp -rfp ./result/bin/* ./bin/
-
-# Build podman statically linked based on the default nix container image
-.PHONY: build-static
-build-static:
-	$(CONTAINER_RUNTIME) run \
-		--rm -it \
-		-v $(shell pwd):/work \
-		-w /work $(NIX_IMAGE) \
-		sh -c "nix build -f nix && \
-			   mkdir -p bin && \
-			   cp result-*bin/bin/podman bin/podman-static"
 
 .PHONY: run-docker-py-tests
 run-docker-py-tests:

nix/default.nix

@@ -1,53 +1,48 @@
+{ system ? builtins.currentSystem }:
 let
-  pkgs = import ./nixpkgs.nix {
+  pkgs = (import ./nixpkgs.nix {
     config = {
       packageOverrides = pkg: {
-        go_1_12 = pkg.go_1_14;
+        gpgme = (static pkg.gpgme);
-      };
+        libassuan = (static pkg.libassuan);
+        libgpgerror = (static pkg.libgpgerror);
+        libseccomp = (static pkg.libseccomp);
       };
     };
+  });
 
-  static = pkg: pkg.overrideAttrs(old: {
+  static = pkg: pkg.overrideAttrs(x: {
-    configureFlags = (old.configureFlags or []) ++
+    doCheck = false;
-      [ "--without-shared" "--disable-shared" ];
+    configureFlags = (x.configureFlags or []) ++ [
+      "--without-shared"
+      "--disable-shared"
+    ];
     dontDisableStatic = true;
     enableSharedExecutables = false;
     enableStatic = true;
   });
 
-  patchLvm2 = pkg: pkg.overrideAttrs(old: {
+  self = with pkgs; buildGoModule rec {
-    configureFlags = [
+    name = "podman";
-      "--disable-cmdlib" "--disable-readline" "--disable-udev_rules"
-      "--disable-udev_sync" "--enable-pkgconfig" "--enable-static_link"
-    ];
-    preConfigure = old.preConfigure + ''
-      substituteInPlace libdm/Makefile.in --replace \
-        SUBDIRS=dm-tools SUBDIRS=
-      substituteInPlace tools/Makefile.in --replace \
-        "TARGETS += lvm.static" ""
-      substituteInPlace tools/Makefile.in --replace \
-        "INSTALL_LVM_TARGETS += install_tools_static" ""
-    '';
-    postInstall = "";
-  });
-
-  self = {
-    podman-static = (pkgs.podman.overrideAttrs(old: {
-      name = "podman-static";
-      buildInputs = old.buildInputs ++ (with pkgs; [
-        (static pkgs.libassuan)
-        (static pkgs.libgpgerror)
-        git
-        glibc
-        glibc.static
-      ]);
     src = ./..;
-      EXTRA_LDFLAGS = ''-linkmode external -extldflags "-static -lm"'';
+    vendorSha256 = null;
-      BUILDTAGS = ''static netgo apparmor selinux seccomp systemd varlink containers_image_ostree_stub'';
+    doCheck = false;
-    })).override {
+    enableParallelBuilding = true;
-      gpgme = (static pkgs.gpgme);
+    outputs = [ "out" ];
-      libseccomp = (static pkgs.libseccomp);
+    nativeBuildInputs = [ bash git go-md2man installShellFiles makeWrapper pkg-config which ];
-      lvm2 = (patchLvm2 (static pkgs.lvm2));
+    buildInputs = [ glibc glibc.static gpgme libassuan libgpgerror libseccomp libapparmor libselinux ];
-    };
+    prePatch = ''
+      export CFLAGS='-static'
+      export LDFLAGS='-s -w -static-libgcc -static'
+      export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
+      export BUILDTAGS='static netgo exclude_graphdriver_btrfs exclude_graphdriver_devicemapper seccomp apparmor selinux'
+    '';
+    buildPhase = ''
+      patchShebangs .
+      make bin/podman
+    '';
+    installPhase = ''
+      install -Dm755 bin/podman $out/bin/podman
+    '';
   };
 in self

nix/nixpkgs.json

@@ -1,9 +1,7 @@
 {
   "url": "https://github.com/nixos/nixpkgs",
-  "rev": "a08d4f605bca62c282ce9955d5ddf7d824e89809",
+  "rev": "02591d02a910b3b92092153c5f3419a8d696aa1d",
-  "date": "2020-03-20T10:10:15+01:00",
+  "date": "2020-07-09T03:52:28+02:00",
-  "sha256": "1bniq08dlmrmrz4aga1cj0d7rqbaq9xapm5ar15wdv2c6431z2m8",
+  "sha256": "1pp9v4rqmgx1b298gxix8b79m8pvxy1rcf8l25rxxxxnkr5ls1ng",
-  "fetchSubmodules": false,
+  "fetchSubmodules": false
-  "deepClone": false,
-  "leaveDotGit": false
 }