summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-07-18 08:29:16 -0400
committerGitHub <noreply@github.com>2020-07-18 08:29:16 -0400
commitd087adeb8716b7214ee925df749a34c8b3b01f4e (patch)
treecf129e24ec938424740c275226b7d3b2d60de9da
parentdeff289a9fea26815983318b0a120ab652295eb8 (diff)
parentf53812a11ebfcb7ccb46df998147048e8f2a27a3 (diff)
downloadpodman-d087adeb8716b7214ee925df749a34c8b3b01f4e.tar.gz
podman-d087adeb8716b7214ee925df749a34c8b3b01f4e.tar.bz2
podman-d087adeb8716b7214ee925df749a34c8b3b01f4e.zip
Merge pull request #6402 from alvistack/master-linux-amd64
[nix] Cleanup nix derivation for static builds
-rw-r--r--.cirrus.yml24
-rw-r--r--.gitignore2
-rw-r--r--Containerfile-nix10
-rw-r--r--Makefile27
-rw-r--r--nix/default.nix73
-rw-r--r--nix/nixpkgs.json10
6 files changed, 63 insertions, 83 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 1d6d041ff..ccc78717e 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -756,17 +756,25 @@ success_task:
success_script: '/usr/local/bin/entrypoint.sh ./$SCRIPT_BASE/success.sh |& ${TIMESTAMP}'
+# Build the static binary
static_build_task:
- container:
- image: quay.io/podman/nix-podman:1.0.0
- cpu: 8
- memory: 12
- timeout_in: 20m
depends_on:
- "gating"
- build_script:
- - nix build -f nix
+ gce_instance:
+ image_name: "${FEDORA_CACHE_IMAGE_NAME}"
+ cpu: 8
+ memory: 12
+ disk: 200
+ script: |
+ set -ex
+ setenforce 0
+ growpart /dev/sda 1 || true
+ resize2fs /dev/sda1 || true
+ yum -y install podman
+ mkdir -p /nix
+ podman run --rm --privileged -ti -v /:/mnt nixos/nix cp -rfT /nix /mnt/nix
+ podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
binaries_artifacts:
- path: "result-bin/bin/podman"
+ path: "result/bin/podman"
on_failure:
failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh |& ${TIMESTAMP}'
diff --git a/.gitignore b/.gitignore
index 9af705caa..f0fdf4dc8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,4 +31,4 @@ release.txt
/test/copyimg/copyimg
/test/goecho/goecho
.vscode*
-result-bin
+result
diff --git a/Containerfile-nix b/Containerfile-nix
deleted file mode 100644
index 5eea71af6..000000000
--- a/Containerfile-nix
+++ /dev/null
@@ -1,10 +0,0 @@
-# vim: set syntax=dockerfile:
-FROM nixos/nix:latest
-
-RUN apk add --no-cache bash git
-
-COPY . /work
-WORKDIR work/nix
-RUN nix-build
-WORKDIR /
-RUN rm -rf work
diff --git a/Makefile b/Makefile
index 3f626d359..1df9bf5f1 100644
--- a/Makefile
+++ b/Makefile
@@ -220,29 +220,18 @@ bin/podman.cross.%: .gopathok
GOARCH="$${TARGET##*.}" \
$(GO_BUILD) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags '$(BUILDTAGS_CROSS)' -o "$@" $(PROJECT)/cmd/podman
-# Update nix/nixpkgs.json its latest master commit
+# Update nix/nixpkgs.json its latest stable commit
.PHONY: nixpkgs
nixpkgs:
- @nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \
+ @nix run -f channel:nixos-20.03 nix-prefetch-git -c nix-prefetch-git \
--no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json
-NIX_IMAGE ?= quay.io/podman/nix-podman:1.0.0
-
-# Build the nix image as base for static builds
-.PHONY: nix-image
-nix-image:
- $(CONTAINER_RUNTIME) build -t $(NIX_IMAGE) -f Containerfile-nix .
-
-# Build podman statically linked based on the default nix container image
-.PHONY: build-static
-build-static:
- $(CONTAINER_RUNTIME) run \
- --rm -it \
- -v $(shell pwd):/work \
- -w /work $(NIX_IMAGE) \
- sh -c "nix build -f nix && \
- mkdir -p bin && \
- cp result-*bin/bin/podman bin/podman-static"
+# Build statically linked binary
+.PHONY: static
+static:
+ @nix build -f nix/
+ mkdir -p ./bin
+ cp -rfp ./result/bin/* ./bin/
.PHONY: run-docker-py-tests
run-docker-py-tests:
diff --git a/nix/default.nix b/nix/default.nix
index cf607c0ad..4fe818b39 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -1,53 +1,48 @@
+{ system ? builtins.currentSystem }:
let
- pkgs = import ./nixpkgs.nix {
+ pkgs = (import ./nixpkgs.nix {
config = {
packageOverrides = pkg: {
- go_1_12 = pkg.go_1_14;
+ gpgme = (static pkg.gpgme);
+ libassuan = (static pkg.libassuan);
+ libgpgerror = (static pkg.libgpgerror);
+ libseccomp = (static pkg.libseccomp);
};
};
- };
+ });
- static = pkg: pkg.overrideAttrs(old: {
- configureFlags = (old.configureFlags or []) ++
- [ "--without-shared" "--disable-shared" ];
+ static = pkg: pkg.overrideAttrs(x: {
+ doCheck = false;
+ configureFlags = (x.configureFlags or []) ++ [
+ "--without-shared"
+ "--disable-shared"
+ ];
dontDisableStatic = true;
enableSharedExecutables = false;
enableStatic = true;
});
- patchLvm2 = pkg: pkg.overrideAttrs(old: {
- configureFlags = [
- "--disable-cmdlib" "--disable-readline" "--disable-udev_rules"
- "--disable-udev_sync" "--enable-pkgconfig" "--enable-static_link"
- ];
- preConfigure = old.preConfigure + ''
- substituteInPlace libdm/Makefile.in --replace \
- SUBDIRS=dm-tools SUBDIRS=
- substituteInPlace tools/Makefile.in --replace \
- "TARGETS += lvm.static" ""
- substituteInPlace tools/Makefile.in --replace \
- "INSTALL_LVM_TARGETS += install_tools_static" ""
+ self = with pkgs; buildGoModule rec {
+ name = "podman";
+ src = ./..;
+ vendorSha256 = null;
+ doCheck = false;
+ enableParallelBuilding = true;
+ outputs = [ "out" ];
+ nativeBuildInputs = [ bash git go-md2man installShellFiles makeWrapper pkg-config which ];
+ buildInputs = [ glibc glibc.static gpgme libassuan libgpgerror libseccomp libapparmor libselinux ];
+ prePatch = ''
+ export CFLAGS='-static'
+ export LDFLAGS='-s -w -static-libgcc -static'
+ export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
+ export BUILDTAGS='static netgo exclude_graphdriver_btrfs exclude_graphdriver_devicemapper seccomp apparmor selinux'
+ '';
+ buildPhase = ''
+ patchShebangs .
+ make bin/podman
+ '';
+ installPhase = ''
+ install -Dm755 bin/podman $out/bin/podman
'';
- postInstall = "";
- });
-
- self = {
- podman-static = (pkgs.podman.overrideAttrs(old: {
- name = "podman-static";
- buildInputs = old.buildInputs ++ (with pkgs; [
- (static pkgs.libassuan)
- (static pkgs.libgpgerror)
- git
- glibc
- glibc.static
- ]);
- src = ./..;
- EXTRA_LDFLAGS = ''-linkmode external -extldflags "-static -lm"'';
- BUILDTAGS = ''static netgo apparmor selinux seccomp systemd varlink containers_image_ostree_stub'';
- })).override {
- gpgme = (static pkgs.gpgme);
- libseccomp = (static pkgs.libseccomp);
- lvm2 = (patchLvm2 (static pkgs.lvm2));
- };
};
in self
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
index fbc774373..98ed710a4 100644
--- a/nix/nixpkgs.json
+++ b/nix/nixpkgs.json
@@ -1,9 +1,7 @@
{
"url": "https://github.com/nixos/nixpkgs",
- "rev": "a08d4f605bca62c282ce9955d5ddf7d824e89809",
- "date": "2020-03-20T10:10:15+01:00",
- "sha256": "1bniq08dlmrmrz4aga1cj0d7rqbaq9xapm5ar15wdv2c6431z2m8",
- "fetchSubmodules": false,
- "deepClone": false,
- "leaveDotGit": false
+ "rev": "02591d02a910b3b92092153c5f3419a8d696aa1d",
+ "date": "2020-07-09T03:52:28+02:00",
+ "sha256": "1pp9v4rqmgx1b298gxix8b79m8pvxy1rcf8l25rxxxxnkr5ls1ng",
+ "fetchSubmodules": false
}