[M7] flake: distribution bundles + non-NixOS wrapper

This commit is contained in:
2026-05-17 12:29:30 +00:00
parent 1f63984b60
commit fdf97861a4
3 changed files with 311 additions and 4 deletions

View File

@@ -398,3 +398,40 @@ All notable changes to cargoxx will be documented in this file.
- Fix: `-Wparentheses` warning in `looks_like_missing_attribute` - Fix: `-Wparentheses` warning in `looks_like_missing_attribute`
(`src/resolver/nixpkgs_probe.cpp:34`) — explicitly parenthesize the (`src/resolver/nixpkgs_probe.cpp:34`) — explicitly parenthesize the
`&&` clause inside `||`. `&&` clause inside `||`.
- M7 `cargoxx-bin` wraps the binary with `makeWrapper` to lock its
runtime CLI dependencies — `nix`, `cmake`, `ninja`, `curl`, `git`
— onto `PATH`. Previously cargoxx silently relied on the user's
ambient PATH, so it broke whenever invoked outside a `nix develop`
shell. The wrapped binary works under `env -i` with a minimal PATH.
- M7 the wrapper also `--set-default`s `NIX_CONFIG` to
`experimental-features = nix-command flakes` and
`build-users-group =`. Without this, the bundled `pkgs.nix`
defaults to the multi-user daemon model and fails on non-NixOS
hosts (`error: the group 'nixbld' specified in 'build-users-group'
does not exist`). `--set-default` lets a user with a properly-
configured nix daemon override by exporting `NIX_CONFIG=...`
before invoking cargoxx. Verified end-to-end in `archlinux:latest`
via `docker run`: install the `.pkg.tar.zst`, `cargoxx new demo &&
cargoxx add fmt` runs the resolver chain through verify-link
cmake/ninja and writes the dep without error.
- M7 packaging functions exposed as a stable `to*` library and as
ready-to-build flake packages, mirroring the
`github:NixOS/bundlers` naming. Available as both
`packages.<format>` (for `nix build .#<format>`) and
`lib.to<Format>` (for downstream flakes to package their own
derivations):
- `toAppImage` / `packages.appimage` — Linux AppImage (~207 MB)
- `toDockerImage` / `packages.dockerImage``docker load`-able
tar.gz (~213 MB)
- `toDEB` / `packages.deb` — Debian `.deb` (~211 MB)
- `toRPM` / `packages.rpm` — Red Hat `.rpm` (~212 MB)
- `toArchPkg` / `packages.archpkg` — Arch `.pkg.tar.zst`
(~196 MB), implemented locally because no NixOS bundler exists.
Builds a closure via `pkgs.closureInfo`, lays it under
`/nix/store`, drops a `/usr/bin/<mainProgram>` symlink, writes
`.PKGINFO` from `drv.pname`/`drv.version`/`drv.meta`, and packs
with `bsdtar --zstd`. Generic — works for any derivation with
a `bin/<mainProgram>` and the usual `pname`/`version` attrs.
Added `inputs.bundlers.url = "github:NixOS/bundlers"` (with
`inputs.nixpkgs.follows = "nixpkgs"`) to keep the closure aligned
with the project's pinned nixpkgs.

204
flake.lock generated
View File

@@ -1,5 +1,44 @@
{ {
"nodes": { "nodes": {
"bundlers": {
"inputs": {
"nix-appimage": "nix-appimage",
"nix-bundle": "nix-bundle",
"nix-utils": "nix-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777842037,
"narHash": "sha256-E6kwkFsKnU5k/QAX1aNOPfh69G6Im8/EwdRcZR4J0QE=",
"owner": "NixOS",
"repo": "bundlers",
"rev": "7bb70086c2dad3eecae4805f4d758c80e3cba960",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "bundlers",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@@ -18,7 +57,119 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-appimage": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"bundlers",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757920913,
"narHash": "sha256-jd0QwCVz4O1sHHkeaZILD/7D6oyalceEJ4EFnWCgm0k=",
"owner": "ralismark",
"repo": "nix-appimage",
"rev": "7946addbc0d97e358a6d7aefe5e82310f0fe6b18",
"type": "github"
},
"original": {
"owner": "ralismark",
"repo": "nix-appimage",
"type": "github"
}
},
"nix-bundle": {
"inputs": {
"nixpkgs": [
"bundlers",
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1756736056,
"narHash": "sha256-8YFhvulVX3iS4TYnKisA9zSImJeFN21G75HOUUFjzuE=",
"owner": "nix-community",
"repo": "nix-bundle",
"rev": "eff01593f62794d458ec714090091419194ab64d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-bundle",
"type": "github"
}
},
"nix-utils": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1744222205,
"narHash": "sha256-di1eNHQdpvvyXv6i7Z+S79KF7cQyhTs7AdFHp7q1e3Q=",
"owner": "juliosueiras-nix",
"repo": "nix-utils",
"rev": "53282197ad090c8cf47c96e99bf6c6c3b2cdc7c0",
"type": "github"
},
"original": {
"owner": "juliosueiras-nix",
"repo": "nix-utils",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1629252929,
"narHash": "sha256-Aj20gmGBs8TG7pyaQqgbsqAQ6cB+TVuL18Pk3DPBxcQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3788c68def67ca7949e0864c27638d484389363d",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1777954456, "lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
@@ -36,8 +187,9 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "bundlers": "bundlers",
"nixpkgs": "nixpkgs" "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
} }
}, },
"systems": { "systems": {
@@ -54,6 +206,54 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View File

@@ -4,18 +4,39 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
bundlers.url = "github:NixOS/bundlers";
bundlers.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, flake-utils }: outputs = { self, nixpkgs, flake-utils, bundlers }:
flake-utils.lib.eachDefaultSystem (system: flake-utils.lib.eachDefaultSystem (system:
let let
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
# exec::run shells out to these at runtime; wrap the binary so
# they're reachable even outside a nix develop shell.
cargoxxRuntimePath = pkgs.lib.makeBinPath [
pkgs.nix
pkgs.cmake
pkgs.ninja
pkgs.curl
pkgs.git
];
# Defaults applied to the bundled `nix` so it works on hosts
# that don't already have nix set up (Arch/Debian/Fedora users
# who install our .pkg.tar.zst / .deb / .rpm). Multi-user mode
# would expect a `nixbld` group and a running daemon
cargoxxNixConfig = ''
experimental-features = nix-command flakes
build-users-group =
'';
cargoxx-bin = pkgs.gcc15Stdenv.mkDerivation { cargoxx-bin = pkgs.gcc15Stdenv.mkDerivation {
pname = "cargoxx"; pname = "cargoxx";
version = "0.1.0"; version = "0.1.0";
src = ./.; src = ./.;
nativeBuildInputs = [ pkgs.cmake pkgs.ninja ]; nativeBuildInputs = [ pkgs.cmake pkgs.ninja pkgs.makeWrapper ];
buildInputs = [ pkgs.sqlite pkgs.reproc pkgs.catch2_3 ]; buildInputs = [ pkgs.sqlite pkgs.reproc pkgs.catch2_3 ];
configurePhase = '' configurePhase = ''
cmake -S build -B build/release -G Ninja \ cmake -S build -B build/release -G Ninja \
@@ -27,6 +48,9 @@
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp build/release/cargoxx $out/bin/ cp build/release/cargoxx $out/bin/
wrapProgram $out/bin/cargoxx \
--prefix PATH : ${cargoxxRuntimePath} \
--set-default NIX_CONFIG ${pkgs.lib.escapeShellArg cargoxxNixConfig}
''; '';
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
}; };
@@ -103,8 +127,54 @@
''; '';
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
}; };
bundlers-sys = bundlers.bundlers.${system};
# Arch's pacman expects a tar.zst archive containing a
# `.PKGINFO` metadata file plus the file tree rooted at /.
# We ship the entire closure under /nix/store; /usr/bin/cargoxx
# is a symlink to the in-store wrapper.
toArchPkg = drv:
let
pname = drv.pname or drv.name;
version = drv.version or "0";
mainProgram = drv.meta.mainProgram or pname;
in pkgs.runCommand "${pname}-${version}-1-x86_64.pkg.tar.zst" {
nativeBuildInputs = [ pkgs.libarchive pkgs.coreutils ];
closureInfo = pkgs.closureInfo { rootPaths = [ drv ]; };
} ''
stage=$(mktemp -d)
mkdir -p $stage/nix/store $stage/usr/bin
for p in $(cat $closureInfo/store-paths); do
cp -a "$p" $stage/nix/store/
done
ln -s ${drv}/bin/${mainProgram} $stage/usr/bin/${mainProgram}
installed_size=$(du -sk $stage | cut -f1)
cat > $stage/.PKGINFO <<EOF
pkgname = ${pname}
pkgver = ${version}-1
pkgdesc = ${drv.meta.description or pname}
builddate = 0
packager = nix-build
size = $installed_size
arch = x86_64
EOF
( cd $stage && bsdtar --zstd -cf $out .PKGINFO nix usr )
'';
in { in {
packages.default = cargoxx-bin; packages.default = cargoxx-bin;
packages.appimage = bundlers-sys.toAppImage cargoxx-bin;
packages.dockerImage = bundlers-sys.toDockerImage cargoxx-bin;
packages.deb = bundlers-sys.toDEB cargoxx-bin;
packages.rpm = bundlers-sys.toRPM cargoxx-bin;
packages.archpkg = toArchPkg cargoxx-bin;
# Reusable packaging functions, all of the shape `drv -> drv`.
# Mirror the `to*` naming used by github:NixOS/bundlers.
lib.toAppImage = bundlers-sys.toAppImage;
lib.toDockerImage = bundlers-sys.toDockerImage;
lib.toDEB = bundlers-sys.toDEB;
lib.toRPM = bundlers-sys.toRPM;
lib.toArchPkg = toArchPkg;
lib.buildCppPackage = buildCppPackage; lib.buildCppPackage = buildCppPackage;
devShells.default = pkgs.gcc15Stdenv.mkDerivation { devShells.default = pkgs.gcc15Stdenv.mkDerivation {
name = "cargoxx-dev"; name = "cargoxx-dev";