opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup nix derivation for static builds

Browse Source 
Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>
This commit is contained in:
Wong Hoi Sing Edison
2020-05-27 14:30:40 +08:00
parent 10c5f24123
commit f53812a11e
6 changed files with 63 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.cirrus.yml
View File

@ -756,17 +756,25 @@ success_task:
success_script: '/usr/local/bin/entrypoint.sh ./$SCRIPT_BASE/success.sh |& ${TIMESTAMP}'
# Build the static binary
static_build_task:
container:
image: quay.io/podman/nix-podman:1.0.0
cpu: 8
memory: 12
timeout_in: 20m
depends_on:
- "gating"
build_script:
- nix build -f nix
gce_instance:
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
cpu: 8
memory: 12
disk: 200
script: |
set -ex
setenforce 0
growpart /dev/sda 1 || true
resize2fs /dev/sda1 || true
yum -y install podman
mkdir -p /nix
podman run --rm --privileged -ti -v /:/mnt nixos/nix cp -rfT /nix /mnt/nix
podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
binaries_artifacts:
path: "result-bin/bin/podman"
path: "result/bin/podman"
on_failure:
failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh |& ${TIMESTAMP}'

2
.gitignore vendored
View File

@ -31,4 +31,4 @@ release.txt
/test/copyimg/copyimg
/test/goecho/goecho
.vscode*
result-bin
result

10
Containerfile-nix
View File

@ -1,10 +0,0 @@
# vim: set syntax=dockerfile:
FROM nixos/nix:latest
RUN apk add --no-cache bash git
COPY . /work
WORKDIR work/nix
RUN nix-build
WORKDIR /
RUN rm -rf work

27
Makefile
View File

@ -220,29 +220,18 @@ bin/podman.cross.%: .gopathok
GOARCH="$${TARGET##*.}" \
$(GO_BUILD) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags '$(BUILDTAGS_CROSS)' -o "$@" $(PROJECT)/cmd/podman
# Update nix/nixpkgs.json its latest master commit
# Update nix/nixpkgs.json its latest stable commit
.PHONY: nixpkgs
nixpkgs:
@nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \
@nix run -f channel:nixos-20.03 nix-prefetch-git -c nix-prefetch-git \
--no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json
NIX_IMAGE ?= quay.io/podman/nix-podman:1.0.0
# Build the nix image as base for static builds
.PHONY: nix-image
nix-image:
$(CONTAINER_RUNTIME) build -t $(NIX_IMAGE) -f Containerfile-nix .
# Build podman statically linked based on the default nix container image
.PHONY: build-static
build-static:
$(CONTAINER_RUNTIME) run \
--rm -it \
-v $(shell pwd):/work \
-w /work $(NIX_IMAGE) \
sh -c "nix build -f nix && \
mkdir -p bin && \
cp result-*bin/bin/podman bin/podman-static"
# Build statically linked binary
.PHONY: static
static:
@nix build -f nix/
mkdir -p ./bin
cp -rfp ./result/bin/* ./bin/
.PHONY: run-docker-py-tests
run-docker-py-tests:

73
nix/default.nix
View File

@ -1,53 +1,48 @@
{ system ? builtins.currentSystem }:
let
pkgs = import ./nixpkgs.nix {
pkgs = (import ./nixpkgs.nix {
config = {
packageOverrides = pkg: {
go_1_12 = pkg.go_1_14;
gpgme = (static pkg.gpgme);
libassuan = (static pkg.libassuan);
libgpgerror = (static pkg.libgpgerror);
libseccomp = (static pkg.libseccomp);
};
};
};
});
static = pkg: pkg.overrideAttrs(old: {
configureFlags = (old.configureFlags or []) ++
[ "--without-shared" "--disable-shared" ];
static = pkg: pkg.overrideAttrs(x: {
doCheck = false;
configureFlags = (x.configureFlags or []) ++ [
"--without-shared"
"--disable-shared"
];
dontDisableStatic = true;
enableSharedExecutables = false;
enableStatic = true;
});
patchLvm2 = pkg: pkg.overrideAttrs(old: {
configureFlags = [
"--disable-cmdlib" "--disable-readline" "--disable-udev_rules"
"--disable-udev_sync" "--enable-pkgconfig" "--enable-static_link"
];
preConfigure = old.preConfigure + ''
substituteInPlace libdm/Makefile.in --replace \
SUBDIRS=dm-tools SUBDIRS=
substituteInPlace tools/Makefile.in --replace \
"TARGETS += lvm.static" ""
substituteInPlace tools/Makefile.in --replace \
"INSTALL_LVM_TARGETS += install_tools_static" ""
self = with pkgs; buildGoModule rec {
name = "podman";
src = ./..;
vendorSha256 = null;
doCheck = false;
enableParallelBuilding = true;
outputs = [ "out" ];
nativeBuildInputs = [ bash git go-md2man installShellFiles makeWrapper pkg-config which ];
buildInputs = [ glibc glibc.static gpgme libassuan libgpgerror libseccomp libapparmor libselinux ];
prePatch = ''
export CFLAGS='-static'
export LDFLAGS='-s -w -static-libgcc -static'
export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
export BUILDTAGS='static netgo exclude_graphdriver_btrfs exclude_graphdriver_devicemapper seccomp apparmor selinux'
'';
buildPhase = ''
patchShebangs .
make bin/podman
'';
installPhase = ''
install -Dm755 bin/podman $out/bin/podman
'';
postInstall = "";
});
self = {
podman-static = (pkgs.podman.overrideAttrs(old: {
name = "podman-static";
buildInputs = old.buildInputs ++ (with pkgs; [
(static pkgs.libassuan)
(static pkgs.libgpgerror)
git
glibc
glibc.static
]);
src = ./..;
EXTRA_LDFLAGS = ''-linkmode external -extldflags "-static -lm"'';
BUILDTAGS = ''static netgo apparmor selinux seccomp systemd varlink containers_image_ostree_stub'';
})).override {
gpgme = (static pkgs.gpgme);
libseccomp = (static pkgs.libseccomp);
lvm2 = (patchLvm2 (static pkgs.lvm2));
};
};
in self

10
nix/nixpkgs.json
View File

@ -1,9 +1,7 @@
{
"url": "https://github.com/nixos/nixpkgs",
"rev": "a08d4f605bca62c282ce9955d5ddf7d824e89809",
"date": "2020-03-20T10:10:15+01:00",
"sha256": "1bniq08dlmrmrz4aga1cj0d7rqbaq9xapm5ar15wdv2c6431z2m8",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
"rev": "02591d02a910b3b92092153c5f3419a8d696aa1d",
"date": "2020-07-09T03:52:28+02:00",
"sha256": "1pp9v4rqmgx1b298gxix8b79m8pvxy1rcf8l25rxxxxnkr5ls1ng",
"fetchSubmodules": false
}