From 3a122aa3c84ae6aaa644560a9f2666d3c27d02c4 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison <hswong3i@gmail.com>
Date: Thu, 28 May 2020 12:10:04 +0800
Subject: [PATCH] Add nix derivation for static builds

Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>
---
 .cirrus.yml                     |  2 +-
 .gitignore                      |  1 +
 Makefile                        | 35 ++++++++++++----------
 contrib/cirrus/build.sh         |  3 +-
 contrib/cirrus/logcollector.sh  |  4 +--
 nix/default.nix                 | 53 +++++++++++++++++++++++++++++++++
 nix/nixpkgs.json                | 10 +++++++
 nix/nixpkgs.nix                 |  8 +++++
 tests/e2e/buildah_suite_test.go |  2 +-
 tests/helpers.bash              |  4 +--
 10 files changed, 98 insertions(+), 24 deletions(-)
 create mode 100644 nix/default.nix
 create mode 100644 nix/nixpkgs.json
 create mode 100644 nix/nixpkgs.nix

diff --git a/.cirrus.yml b/.cirrus.yml
index cb16fa89c..dfaa1b643 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -157,7 +157,7 @@ gce_instance:
 
     env:
         matrix:
-            CROSS_TARGET: darwin
+            CROSS_TARGET: bin/buildah.darwin
 
     setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}'
     build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}'
diff --git a/.gitignore b/.gitignore
index fe45e198a..569886e09 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ tests/tools/build
 Dockerfile*
 !/tests/bud/*/Dockerfile*
 *.swp
+result
diff --git a/Makefile b/Makefile
index ced48a95a..892c25810 100644
--- a/Makefile
+++ b/Makefile
@@ -33,33 +33,36 @@ CNI_COMMIT := $(shell sed -n 's;\tgithub.com/containernetworking/cni \([^ \n]*\)
 RUNC_COMMIT := v1.0.0-rc8
 LIBSECCOMP_COMMIT := release-2.3
 
-EXTRALDFLAGS :=
-LDFLAGS := -ldflags '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT)' $(EXTRALDFLAGS)
+EXTRA_LDFLAGS ?=
+LDFLAGS := -ldflags '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)'
 SOURCES=*.go imagebuildah/*.go bind/*.go chroot/*.go cmd/buildah/*.go docker/*.go pkg/blobcache/*.go pkg/cli/*.go pkg/parse/*.go util/*.go
 
 LINTFLAGS ?=
 
-all: buildah imgtype docs
+all: bin/buildah bin/imgtype docs
 
-.PHONY: static
-static: $(SOURCES)
-	$(MAKE) SECURITYTAGS="$(SECURITYTAGS)" STORAGETAGS=$(STATIC_STORAGETAGS) EXTRALDFLAGS='-ldflags "-extldflags '-static'"' BUILDAH=buildah.static binary
+nixpkgs:
+	@nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \
+		--no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json
 
-.PHONY: binary
-binary:  $(SOURCES)
-	$(GO_BUILD) $(LDFLAGS) -o $(BUILDAH) $(BUILDFLAGS) ./cmd/buildah
+.PHONY: bin/buildah
+bin/buildah:  $(SOURCES)
+	$(GO_BUILD) $(LDFLAGS) -o $@ $(BUILDFLAGS) ./cmd/buildah
 
-buildah: binary
+.PHONY: buildah
+buildah: bin/buildah
 
-darwin:
-	GOOS=darwin $(GO_BUILD) $(LDFLAGS) -o buildah.darwin -tags "containers_image_openpgp" ./cmd/buildah
+.PHONY: bin/buildah.darwin
+bin/buildah.darwin:
+	GOOS=darwin $(GO_BUILD) $(LDFLAGS) -o $@ -tags "containers_image_openpgp" ./cmd/buildah
 
-imgtype: *.go docker/*.go util/*.go tests/imgtype/imgtype.go
-	$(GO_BUILD) $(LDFLAGS) -o imgtype $(BUILDFLAGS) ./tests/imgtype/imgtype.go
+.PHONY: bin/imgtype
+bin/imgtype: *.go docker/*.go util/*.go tests/imgtype/imgtype.go
+	$(GO_BUILD) $(LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/imgtype/imgtype.go
 
 .PHONY: clean
 clean:
-	$(RM) -r buildah imgtype build buildah.static buildah.darwin tests/testreport/testreport
+	$(RM) -r bin tests/testreport/testreport
 	$(MAKE) -C docs clean
 
 .PHONY: docs
@@ -105,7 +108,7 @@ install.cni.sudo: gopath
 
 .PHONY: install
 install:
-	install -D -m0755 buildah $(DESTDIR)/$(BINDIR)/buildah
+	install -D -m0755 bin/buildah $(DESTDIR)/$(BINDIR)/buildah
 	$(MAKE) -C docs install
 
 .PHONY: uninstall
diff --git a/contrib/cirrus/build.sh b/contrib/cirrus/build.sh
index 69841191d..b7655bbc8 100755
--- a/contrib/cirrus/build.sh
+++ b/contrib/cirrus/build.sh
@@ -20,10 +20,9 @@ else
     mkdir -p bin
     if [[ -z "$CROSS_TARGET" ]]
     then
-        ln -v buildah bin/buildah
         showrun make install PREFIX=/usr
         showrun ./bin/buildah info
     else
-        ln -v buildah.${CROSS_TARGET} bin/buildah
+        ln -v ${CROSS_TARGET} bin/buildah
     fi
 fi
diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh
index afd67efca..e63d4c6ca 100755
--- a/contrib/cirrus/logcollector.sh
+++ b/contrib/cirrus/logcollector.sh
@@ -17,8 +17,8 @@ case $1 in
     df) showrun df -lhTx tmpfs ;;
     journal) showrun journalctl -b ;;
     podman) showrun podman system info ;;
-    buildah_version) showrun $GOSRC/buildah version;;
-    buildah_info) showrun $GOSRC/buildah info;;
+    buildah_version) showrun $GOSRC/bin/buildah version;;
+    buildah_info) showrun $GOSRC/bin/buildah info;;
     packages)
         # These names are common to Fedora and Ubuntu
         PKG_NAMES=(\
diff --git a/nix/default.nix b/nix/default.nix
new file mode 100644
index 000000000..3160b2fbb
--- /dev/null
+++ b/nix/default.nix
@@ -0,0 +1,53 @@
+{ system ? builtins.currentSystem }:
+let
+  pkgs = (import ./nixpkgs.nix {
+    config = {
+      packageOverrides = pkg: {
+        gpgme = (static pkg.gpgme);
+        libassuan = (static pkg.libassuan);
+        libgpgerror = (static pkg.libgpgerror);
+        libseccomp = (static pkg.libseccomp);
+        glib = pkg.glib.overrideAttrs(x: {
+          outputs = [ "bin" "out" "dev" ];
+          mesonFlags = [
+            "-Ddefault_library=static"
+            "-Ddevbindir=${placeholder ''dev''}/bin"
+            "-Dgtk_doc=false"
+            "-Dnls=disabled"
+          ];
+        });
+      };
+    };
+  });
+
+  static = pkg: pkg.overrideAttrs(x: {
+    configureFlags = (x.configureFlags or []) ++
+      [ "--without-shared" "--disable-shared" ];
+    dontDisableStatic = true;
+    enableSharedExecutables = false;
+    enableStatic = true;
+  });
+
+  self = with pkgs; buildGoPackage rec {
+    name = "buildah";
+    src = ./..;
+    goPackagePath = "github.com/containers/buildah";
+    doCheck = false;
+    enableParallelBuilding = true;
+    nativeBuildInputs = [ git installShellFiles pkg-config ];
+    buildInputs = [ glib glibc glibc.static gpgme libapparmor libassuan libgpgerror libseccomp libselinux ];
+    prePatch = ''
+      export LDFLAGS='-s -w -static-libgcc -static'
+      export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
+      export BUILDTAGS='static netgo apparmor selinux seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'
+    '';
+    buildPhase = ''
+      pushd go/src/${goPackagePath}
+      patchShebangs .
+      make bin/buildah
+    '';
+    installPhase = ''
+      install -Dm755 bin/buildah $out/bin/buildah
+    '';
+  };
+in self
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
new file mode 100644
index 000000000..2876970d4
--- /dev/null
+++ b/nix/nixpkgs.json
@@ -0,0 +1,10 @@
+{
+  "url": "https://github.com/nixos/nixpkgs",
+  "rev": "78e324d2726127828a15f87a75b4d3199a8955ec",
+  "date": "2020-06-16T18:23:14-07:00",
+  "path": "/nix/store/bwhp0061k3fk00j8fskpfak261jdcjl6-nixpkgs",
+  "sha256": "1j58aa9ngdmvbnds4x4a497nynj390dzqyb5yrvmhjc7k9anq6jm",
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
+}
diff --git a/nix/nixpkgs.nix b/nix/nixpkgs.nix
new file mode 100644
index 000000000..21e7f17a2
--- /dev/null
+++ b/nix/nixpkgs.nix
@@ -0,0 +1,8 @@
+let
+  json = builtins.fromJSON (builtins.readFile ./nixpkgs.json);
+  nixpkgs = import (builtins.fetchTarball {
+    name = "nixos-unstable";
+    url = "${json.url}/archive/${json.rev}.tar.gz";
+    inherit (json) sha256;
+  });
+in nixpkgs
diff --git a/tests/e2e/buildah_suite_test.go b/tests/e2e/buildah_suite_test.go
index 24ad90a42..3f5516278 100644
--- a/tests/e2e/buildah_suite_test.go
+++ b/tests/e2e/buildah_suite_test.go
@@ -95,7 +95,7 @@ func CreateTempDirInTempDir() (string, error) {
 func BuildahCreate(tempDir string) BuildAhTest {
 	cwd, _ := os.Getwd()
 
-	buildAhBinary := filepath.Join(cwd, "../../buildah")
+	buildAhBinary := filepath.Join(cwd, "../../bin/buildah")
 	if os.Getenv("BUILDAH_BINARY") != "" {
 		buildAhBinary = os.Getenv("BUILDAH_BINARY")
 	}
diff --git a/tests/helpers.bash b/tests/helpers.bash
index c2f7cb87f..238e56fcc 100644
--- a/tests/helpers.bash
+++ b/tests/helpers.bash
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
-BUILDAH_BINARY=${BUILDAH_BINARY:-$(dirname ${BASH_SOURCE})/../buildah}
-IMGTYPE_BINARY=${IMGTYPE_BINARY:-$(dirname ${BASH_SOURCE})/../imgtype}
+BUILDAH_BINARY=${BUILDAH_BINARY:-$(dirname ${BASH_SOURCE})/../bin/buildah}
+IMGTYPE_BINARY=${IMGTYPE_BINARY:-$(dirname ${BASH_SOURCE})/../bin/imgtype}
 TESTSDIR=${TESTSDIR:-$(dirname ${BASH_SOURCE})}
 STORAGE_DRIVER=${STORAGE_DRIVER:-vfs}
 PATH=$(dirname ${BASH_SOURCE})/..:${PATH}