sane-scripts: include the python scripts

2023-03-22 21:21:00 +00:00 · 2023-03-22 21:21:00 +00:00 · 2a148c1543
commit 2a148c1543
parent adf72fc9d4
6 changed files with 152 additions and 108 deletions
--- a/overlays/pkgs.nix
+++ b/overlays/pkgs.nix
@ -3,6 +3,7 @@
  let
    sane = rec {
      #### my own, non-upstreamable packages:
+      static-nix-shell = callPackages ../pkgs/static-nix-shell { };
      sane-scripts = callPackage ../pkgs/sane-scripts { };
      feeds = recurseIntoAttrs (callPackage ../pkgs/feeds { });
      tow-boot-pinephone = callPackage ../pkgs/tow-boot-pinephone { };
--- a/pkgs/feeds/default.nix
+++ b/pkgs/feeds/default.nix
@ -1,7 +1,7 @@
 { lib
 , callPackage
 , python3
-, stdenv
+, static-nix-shell
 , writeShellScript
 }:

@ -21,21 +21,11 @@ let
    feed-pkgs;
 in rec {  # TODO: make this a scope
  inherit feed-pkgs;
-  update = stdenv.mkDerivation {
+  update = static-nix-shell.mkPython3Bin {
    pname = "update";
-    version = "0.1.0";
    src = ./.;
-    patchPhase =
-      let
-        pyEnv = python3.withPackages (ps: [ ps.feedsearch-crawler ]);
-      in ''
-      substituteInPlace ./update.py \
-        --replace "#!/usr/bin/env nix-shell" "#!${pyEnv.interpreter}"
-    '';
-    installPhase = ''
-      mkdir -p $out/bin
-      mv update.py $out/bin/update.py
-    '';
+    pyPkgs = [ "feedsearch-crawler" ];
+    srcPath = "update.py";
  };
  init-feed = writeShellScript
    "init-feed"
--- a/pkgs/sane-scripts/default.nix
+++ b/pkgs/sane-scripts/default.nix
@ -1,108 +1,129 @@
 { lib
 , pkgs
 , resholve
+, static-nix-shell
+, symlinkJoin
 }:

-# resholve documentation:
-# - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
-# - generic: https://github.com/abathur/resholve
-resholve.mkDerivation {
-  pname = "sane-scripts";
-  version = "0.1.0";
+let
+  shell-scripts = resholve.mkDerivation {
+    # resholve documentation:
+    # - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
+    # - generic: https://github.com/abathur/resholve
+    pname = "sane-scripts";
+    version = "0.1.0";

-  src = ./src;
+    src = ./src;

-  solutions = {
-    default = {
-      # note: `scripts` refers to the store path here
-      scripts = [ "bin/*" ];
-      interpreter = "${pkgs.bash}/bin/bash";
-      inputs = with pkgs; [
-        # string is interpreted as relative path from @OUT@.
-        # this lets our scripts reference eachother.
-        # see: <https://github.com/abathur/resholve/issues/26>
-        "bin"
-        coreutils-full
-        curl
-        duplicity
-        file
-        findutils
-        git
-        gnugrep
-        gnused
-        gocryptfs
-        ifuse
-        inetutils
-        inotify-tools
-        iwd
-        jq
-        ncurses
-        oath-toolkit
-        openssh
-        openssl
-        rmlint
-        rsync
-        ssh-to-age
-        sops
-        sudo
-        systemd
-        util-linux
-        which
-      ];
-      keep = {
-        "/run/secrets/duplicity_passphrase" = true;
-        # we write here: keep it
-        "/tmp/rmlint.sh" = true;
-        # intentionally escapes (into user code)
-        "$external_cmd" = true;
-        "$maybe_sudo" = true;
-      };
-      fake = {
-        external = [
-          # https://github.com/abathur/resholve/issues/29
-          # "umount"
-          # "/run/wrappers/bin/sudo"
-          "sudo"
+    solutions = {
+      default = {
+        # note: `scripts` refers to the store path here
+        scripts = [ "bin/*" ];
+        interpreter = "${pkgs.bash}/bin/bash";
+        inputs = with pkgs; [
+          # string is interpreted as relative path from @OUT@.
+          # this lets our scripts reference eachother.
+          # see: <https://github.com/abathur/resholve/issues/26>
+          "bin"
+          coreutils-full
+          curl
+          duplicity
+          file
+          findutils
+          git
+          gnugrep
+          gnused
+          gocryptfs
+          ifuse
+          inetutils
+          inotify-tools
+          iwd
+          jq
+          ncurses
+          oath-toolkit
+          openssh
+          openssl
+          rmlint
+          rsync
+          ssh-to-age
+          sops
+          sudo
+          systemd
+          util-linux
+          which
+        ];
+        keep = {
+          "/run/secrets/duplicity_passphrase" = true;
+          # we write here: keep it
+          "/tmp/rmlint.sh" = true;
+          # intentionally escapes (into user code)
+          "$external_cmd" = true;
+          "$maybe_sudo" = true;
+        };
+        fake = {
+          external = [
+            # https://github.com/abathur/resholve/issues/29
+            # "umount"
+            # "/run/wrappers/bin/sudo"
+            "sudo"
+          ];
+        };
+        fix = {
+          # this replaces umount with the non-setuid-wrapper umount.
+          # not sure if/where that lack of suid causes problems.
+          umount = true;
+        };
+        prologue = "bin/sane-resholve-prologue";
+
+        # list of programs which *can* or *cannot* exec their arguments
+        execer = with pkgs; [
+          "cannot:${duplicity}/bin/duplicity"
+          "cannot:${git}/bin/git"
+          "cannot:${gocryptfs}/bin/gocryptfs"
+          "cannot:${ifuse}/bin/ifuse"
+          "cannot:${iwd}/bin/iwctl"
+          "cannot:${oath-toolkit}/bin/oathtool"
+          "cannot:${openssh}/bin/ssh-keygen"
+          "cannot:${rmlint}/bin/rmlint"
+          "cannot:${rsync}/bin/rsync"
+          "cannot:${sops}/bin/sops"
+          "cannot:${ssh-to-age}/bin/ssh-to-age"
+          "cannot:${systemd}/bin/systemctl"
        ];
      };
-      fix = {
-        # this replaces umount with the non-setuid-wrapper umount.
-        # not sure if/where that lack of suid causes problems.
-        umount = true;
-      };
-      prologue = "bin/sane-resholve-prologue";
-
-      # list of programs which *can* or *cannot* exec their arguments
-      execer = with pkgs; [
-        "cannot:${duplicity}/bin/duplicity"
-        "cannot:${git}/bin/git"
-        "cannot:${gocryptfs}/bin/gocryptfs"
-        "cannot:${ifuse}/bin/ifuse"
-        "cannot:${iwd}/bin/iwctl"
-        "cannot:${oath-toolkit}/bin/oathtool"
-        "cannot:${openssh}/bin/ssh-keygen"
-        "cannot:${rmlint}/bin/rmlint"
-        "cannot:${rsync}/bin/rsync"
-        "cannot:${sops}/bin/sops"
-        "cannot:${ssh-to-age}/bin/ssh-to-age"
-        "cannot:${systemd}/bin/systemctl"
-      ];
    };
+
+    patchPhase = ''
+      # remove python scripts  (we package them further below)
+      rm sane-bt-search
+      rm sane-date-math
+      rm sane-reclaim-boot-space
+    '';
+
+    installPhase = ''
+      mkdir -p $out/bin
+      cp -R * $out/bin/
+    '';
  };

-  patchPhase = ''
-    # remove python scripts
-    # TODO: figure out how to make resholve process only shell scripts
-    rm sane-bt-search
-    rm sane-date-math
-    rm sane-reclaim-boot-space
-  '';
-
-  installPhase = ''
-    mkdir -p $out/bin
-    cp -R * $out/bin/
-  '';
+  bt-search = static-nix-shell.mkPython3Bin {
+    pname = "sane-bt-search";
+    src = ./src;
+    pyPkgs = [ "natsort" "requests" ];
+  };
+  date-math = static-nix-shell.mkPython3Bin {
+    pname = "sane-date-math";
+    src = ./src;
+  };
+  reclaim-boot-space = static-nix-shell.mkPython3Bin {
+    pname = "sane-reclaim-boot-space";
+    src = ./src;
+  };

+in
+symlinkJoin {
+  name = "sane-scripts";
+  paths = [ shell-scripts bt-search date-math reclaim-boot-space ];
  meta = {
    description = "collection of scripts associated with uninsane systems";
    homepage = "https://git.uninsane.org";
--- a/pkgs/sane-scripts/src/sane-date-math
+++ b/pkgs/sane-scripts/src/sane-date-math
@ -1,4 +1,5 @@
-#!/usr/bin/env python3
+#!/usr/bin/env nix-shell
+#!nix-shell -i python3 -p "python3.withPackages (ps: [  ])"

 # i just went overboard playing around with parsers, is all.
 # use this like `./sane-date-math 'today - 5d'`
--- a/pkgs/sane-scripts/src/sane-reclaim-boot-space
+++ b/pkgs/sane-scripts/src/sane-reclaim-boot-space
@ -1,4 +1,5 @@
-#!/usr/bin/env python3
+#!/usr/bin/env nix-shell
+#!nix-shell -i python3 -p "python3.withPackages (ps: [  ])"

 import os
 import os.path
--- a/pkgs/static-nix-shell/default.nix
+++ b/pkgs/static-nix-shell/default.nix
@ -0,0 +1,30 @@
+{ stdenv
+, python3
+}:
+
+{
+  # transform a file which uses `#!/usr/bin/env nix-shell` shebang with a `python3` interpreter
+  # into a derivation that can be built statically
+  mkPython3Bin = { pname, pyPkgs ? [], srcPath ? pname, ... }@attrs: stdenv.mkDerivation (
+    let
+      evalPyPkgs = ps: builtins.map (name: ps."${name}") pyPkgs;
+      pyEnv = python3.withPackages evalPyPkgs;
+      pyPkgsStr = builtins.concatStringsSep " " (builtins.map (p: "ps.${p}") pyPkgs);
+    in {
+      version = "0.1.0";  # default version
+      patchPhase = ''
+        substituteInPlace ${srcPath} \
+          --replace '#!/usr/bin/env nix-shell' '#!${pyEnv.interpreter}' \
+          --replace \
+            '#!nix-shell -i python3 -p "python3.withPackages (ps: [ ${pyPkgsStr} ])"' \
+            '# nix deps evaluated statically'
+      '';
+      installPhase = ''
+        mkdir -p $out/bin
+        mv ${srcPath} $out/bin/${srcPath}
+        # ensure that all nix-shell references were substituted
+        ! grep nix-shell $out/bin/${srcPath}
+      '';
+    } // attrs
+  );
+}