colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

signal-desktop-from-src: clean up a bit

Browse Source 
still doesn't run, but the build process is cleaner
This commit is contained in:
Colin 2023-11-02 10:24:23 +00:00
parent 4150fab10b
commit 15cade99e7
1 changed files with 72 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
pkgs/additional/signal-desktop-from-src/default.nix
View File

@ -1,67 +1,50 @@
# arch package:
# - <https://gitlab.archlinux.org/archlinux/packaging/packages/signal-desktop/-/blob/main/PKGBUILD?ref_type=heads>
# - builds with `yarn generate; yarn build`
# alpine package:
# - <https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/testing/signal-desktop/APKBUILD?ref_type=heads>
# - more involved build process, apparently to reuse deps shared with other parts of the OS:
# - manually build signal's webrtc using ninja
# - manually build signal's ringrtc using yarn
# - manually build libsignal with yarn, cargo and cbindgen
# - yarn build:acknowledgments
# - yarn patch-package
# - npm rebuild esbuild # apparently esbuild is to be used later in the build process
# - yarn build:dev
# - yarn install
# - then it `mv`s and `patch`s a bunch of stuff
# - tasje pack
#
# signal uses typescript, javascript, and electron
# - no node, npm
#
# nix provides:
# - yarn2nix
# - mkYarnPackage
# - mkYarnModules, and then invoke the rest of the build manually
# - that's what i do in browserpass-extension
#
# comment about the "Couldn't find any versions ..." bug:
# - <https://discourse.nixos.org/t/mkyarnpackage-lockfile-has-incorrect-entry/21586/3>
# - "don't use mkYarnPackage"
#
# build failure: "Error: Could not detect abi for version 26.4.0 and runtime electron. Updating "node-abi" might help solve this issue if it is a new release of electron"
# - signal 6.36.0 pins node-abi to 2.21.0, which only goes up to electron 13!!
# - signal-desktop also uses node-abi 2.21.0...
# - this seems to actually be a recoverable error? i don't think it's the point at which it's bailing.
#
# build failure:
# Fusing electron at /build/source/dist/linux-unpacked/signal-desktop inspect-arguments=false
# EACCES: permission denied, open '/build/source/dist/linux-unpacked/signal-desktop' failedTask=build stackTrace=Error: EACCES: permission denied, open '/build/source/dist/linux-unpacked/signal-desktop'
# - this file DOES exist. it's executable (555).
# - segfaults when invoked:
# ```
# Thread 1 "signal-desktop" received signal SIGTRAP, Trace/breakpoint trap.
# 0x000055555c2f6eb0 in sandbox::SetuidSandboxHost::GetSandboxBinaryPath() ()
# (gdb) c
# Continuing.
#
# Thread 1 "signal-desktop" received signal SIGILL, Illegal instruction.
# 0x000055555c2f6eb0 in sandbox::SetuidSandboxHost::GetSandboxBinaryPath() ()
# (gdb) c
# Continuing.
# [Thread 0x7ffff39626c0 (LWP 1805441) exited]
#
# Program terminated with signal SIGILL, Illegal instruction.
# The program no longer exists.
# (gdb)
# ```
# - this file is created by the yarn build:electron invocation: it doesn't exist after build:esbuild:prod.
# - running this step a second time produces the identical error
# - running it a second time, with `chmod 777` in between produces identical error
# - /build/source/dist/linux-unpacked/ is simply a copy of /nix/store/2harqvx80ddx7p9y26m1zds2hk4br298-electron-25.9.1/libexec/electron/ but with `electron` renamed `signal-desktop`.
# - i think it's trying to do some edit-in-place thing
#
#
# about build failure:
# > Fusing electron at /build/source/release/linux-unpacked/signal-desktop inspect-arguments=false
# > EACCES: permission denied, open '/build/source/release/linux-unpacked/signal-desktop' failedTask=build stackTrace=Error: EACCES: permission denied, open '/build/source/release/linux-unpacked/signal-desktop'
# - "Fusing electron" message comes from within signal-desktop repo: <ts/scripts/fuse-electron.ts>
# - error exists for electron_25 and electron 27 (26 untested)
# - probably happens because the file referenced is rx, not rwx
# - call chain is (probably):
# - package.json["afterPack"]
# - ts/scripts/after-pack.ts:afterPack
# - pruneMacOSRelease (succeeds)
# - ts/scripts/fuse-electron.ts:afterPack
# - flipFuses (from within electron library)
# ^ EACCES
# - copyPacks (never runs)
# - so we lose the "fusing" (electron environment configurations), and the language packs, and that's *probably* all.
# - but can't REALLY be sure, what steps would normally follow electron-builder?
{ lib
# , fetchYarnDeps
# , mkYarnPackage
# , mkYarnModules
, callPackage
# , electron_26
, electron_25
# , electron
, fetchFromGitHub
# , fetchYarnDeps
, fixup_yarn_lock
, makeWrapper
, nodejs
, python3
, srcOnly
, stdenv
, yarn
}:
@ -72,46 +55,7 @@ let
# alpine builds signal-desktop using its default electron version, i.e. 27.0.2
# electron = electron_26;
electron = electron_25;
# nodeSources = srcOnly nodejs;
in
# mkYarnPackage rec {
# pname = "signal-desktop-from-src";
# version = "6.36.0";
# src = fetchFromGitHub {
# owner = "signalapp";
# repo = "Signal-Desktop";
# rev = "v${version}";
# hash = "sha256-86x6OeQAMN5vhLaAphnAfSWeRgUh0wAeZFzxue8otDQ=";
# };
#
# # to update:
# # - `cp ~/ref/repos/signalapp/Signal-Desktop/{package.json,yarn.lock} .`
# # - `nix run '.#yarn2nix' > yarn.nix`
# packageJSON = ./package.json;
# yarnLock = ./yarn.lock;
# # yarnLock = "${src}/yarn.lock";
# yarnNix = ./yarn.nix;
# offlineCache = fetchYarnDeps {
# yarnLock = "${src}/yarn.lock";
# hash = "sha256-AXT6p5lgF0M9ckoxiAvT1HaJhUWVtwEOadY4otdeB0Q=";
# };
#
# # buildPhase = ''
# # runHook preBuild
# # yarn --offline build
# # runHook postBuild
# # '';
#
# # doDist = false;
# }
# mkYarnModules rec {
# version = "6.36.0";
# pname = "signal-desktop-from-src-modules";
# packageJSON = ./package.json;
# yarnLock = ./yarn.lock;
# yarnNix = ./yarn.nix;
# }
stdenv.mkDerivation rec {
pname = "signal-desktop-from-src";
version = "6.36.0";
@ -125,19 +69,40 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
fixup_yarn_lock
makeWrapper
nodejs
nodejs # possibly i could instead use nodejs-slim
python3
yarn
# nodejs-slim
];
buildInputs = [
electron
];
# to update:
# - `cp ~/ref/repos/signalapp/Signal-Desktop/{package.json,yarn.lock} .`
# - `nix run '.#yarn2nix' > yarn.nix`
env.yarnOfflineCache = (callPackage ./yarn.nix {}).offline_cache;
# alternative method, which bypasses yarn2nix
# env.yarnOfflineCache = fetchYarnDeps {
# # this might be IFD: if `nix run '.#check.nur'` fails then inline the lock: `yarnLock = ./yarn.lock`
# yarnLock = "${src}/yarn.lock";
# hash = "sha256-AXT6p5lgF0M9ckoxiAvT1HaJhUWVtwEOadY4otdeB0Q=";
# };
env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
postPatch = ''
# fixes build failure:
# > Fusing electron at /build/source/release/linux-unpacked/signal-desktop inspect-arguments=false
# > EACCES: permission denied, open '/build/source/release/linux-unpacked/signal-desktop' failedTask=build stackTrace=Error: EACCES: permission denied, open '/build/source/release/linux-unpacked/signal-desktop'
# electron "fusing" (electron.flipFuses) seems to be configuring which functionality electron will support at runtime.
# notably: ELECTRON_RUN_AS_NODE, cookie encryption, NODE_OPTIONS env var, --inspect-* CLI args, app.asar validation
# skipping the fuse process seems relatively inconsequential
substituteInPlace ts/scripts/after-pack.ts \
--replace 'await fuseElectron' '//await fuseElectron'
'';
configurePhase = ''
runHook preConfigure
export HOME=$NIX_BUILD_TOP
yarn config --offline set yarn-offline-mirror $yarnOfflineCache
fixup_yarn_lock yarn.lock
@ -145,6 +110,8 @@ stdenv.mkDerivation rec {
# yarn install creates the node_modules/ directory
yarn install --offline --frozen-lockfile --ignore-scripts --ignore-engines
patchShebangs node_modules/
runHook postConfigure
'';
# excerpts from package.json:
@ -162,22 +129,8 @@ stdenv.mkDerivation rec {
#
# - "build:dev": "run-s --print-label generate build:esbuild:prod"
#
# arch just calls `yarn generate; yarn build`.
#
# alpine is much more involved, to reuse their dependencies instead of duplicating stuff.
# - manually build signal's webrtc using ninja
# - manually build signal's ringrtc using yarn
# - manually build libsignal with yarn, cargo and cbindgen
# - yarn build:acknowledgments
# - yarn patch-package
# - npm rebuild esbuild # apparently esbuild is to be used later in the build process
# - yarn build:dev
# - yarn install
# - then it `mv`s and `patch`s a bunch of stuff
# - tasje pack
#
# for the electron parts, it calls npm with --nodedir=/usr/lib/electron/node_headers
# - yarn electron-builder doesn't understand --nodedir
# i can't call toplevel `yarn build` because it doesn't properly forward the `--offline` flags where they need to go.
# instead i call each step individually.
buildPhase = ''
runHook preBuild
@ -188,7 +141,6 @@ stdenv.mkDerivation rec {
ln -sfv "${nodejs}/include" "$HOME/.node-gyp/${nodejs.version}"
export npm_config_nodedir=${nodejs}
# yarn build --offline --frozen-lockfile --ignore-scripts --ignore-engines
# yarn generate:
yarn build-module-protobuf --offline --frozen-lockfile --ignore-scripts --ignore-engines
yarn build:esbuild --offline --frozen-lockfile --ignore-scripts --ignore-engines
@ -197,34 +149,26 @@ stdenv.mkDerivation rec {
yarn copy-components
yarn build:esbuild:prod --offline --frozen-lockfile --ignore-scripts --ignore-engines
# yarn build:release --offline --frozen-lockfile --ignore-scripts --ignore-engines
# yarn build:release
echo "build:electron: invocation 1"
SIGNAL_ENV=production yarn build:electron \
--dir \
yarn build:release \
${if stdenv.isDarwin then "--macos" else "--linux"} ${if stdenv.hostPlatform.isAarch64 then "--arm64" else "--x64"} \
-c.electronDist=${electron}/libexec/electron \
-c.electronVersion=${electron.version} || true
-c.electronVersion=${electron.version} \
--dir
# chmod 777 /build/source/dist/linux-unpacked/signal-desktop
# echo "build:electron: invocation 2"
# SIGNAL_ENV=production yarn build:electron \
# --dir
# SIGNAL_ENV=production yarn --offline electron-builder -- \
# ${if stdenv.isDarwin then "--macos" else "--linux"} ${if stdenv.hostPlatform.isAarch64 then "--arm64" else "--x64"} \
# -c.electronDist=${electron}/libexec/electron \
# -c.electronVersion=${electron.version}
# SIGNAL_ENV=production yarn --offline --frozen-lockfile --ignore-scripts --ignore-engines electron-builder \
# --dir ${if stdenv.isDarwin then "--macos" else "--linux"} ${if stdenv.hostPlatform.isAarch64 then "--arm64" else "--x64"} \
# -c.electronVersion=${electron.version} \
# --dir \
# --config.directories.output=release \
# --config.extraMetadata.environment=production \
# --config.extraMetadata.environment=production
# SIGNAL_ENV=production ./node_modules/.bin/electron-builder \
# -c.electronDist=${electron}/libexec/electron \
# -c.electronVersion=${electron.version}
# SIGNAL_ENV=production electron-builder \
# --dir ${if stdenv.isDarwin then "--macos" else "--linux"} ${if stdenv.hostPlatform.isAarch64 then "--arm64" else "--x64"} \
# -c.electronVersion=${electron.version} \
# --dir \
# --config.directories.output=release \
# --config.extraMetadata.environment=production \
# -c.electronDist=${electron}/libexec/electron \
# -c.electronVersion=${electron.version}
# --config.extraMetadata.environment=production
runHook postBuild
'';
@ -234,8 +178,8 @@ stdenv.mkDerivation rec {
# directory structure follows the original `signal-desktop` nix package
mkdir -p $out/lib/Signal
cp -R dist/linux-unpacked/resources $out/lib/Signal/resources
cp -R dist/linux-unpacked/locales $out/lib/Signal/locales
cp -R release/linux-unpacked/resources $out/lib/Signal/resources
cp -R release/linux-unpacked/locales $out/lib/Signal/locales
makeWrapper ${electron}/bin/electron $out/bin/signal-desktop \
--add-flags $out/lib/Signal/resources/app.asar \