From 2a148c1543fad5545f2d3a5446665ef7e5cb0139 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 22 Mar 2023 21:21:00 +0000 Subject: [PATCH] sane-scripts: include the python scripts --- overlays/pkgs.nix | 1 + pkgs/feeds/default.nix | 18 +- pkgs/sane-scripts/default.nix | 205 ++++++++++-------- pkgs/sane-scripts/src/sane-date-math | 3 +- pkgs/sane-scripts/src/sane-reclaim-boot-space | 3 +- pkgs/static-nix-shell/default.nix | 30 +++ 6 files changed, 152 insertions(+), 108 deletions(-) create mode 100644 pkgs/static-nix-shell/default.nix diff --git a/overlays/pkgs.nix b/overlays/pkgs.nix index 354a52d8..0be1d39e 100644 --- a/overlays/pkgs.nix +++ b/overlays/pkgs.nix @@ -3,6 +3,7 @@ let sane = rec { #### my own, non-upstreamable packages: + static-nix-shell = callPackages ../pkgs/static-nix-shell { }; sane-scripts = callPackage ../pkgs/sane-scripts { }; feeds = recurseIntoAttrs (callPackage ../pkgs/feeds { }); tow-boot-pinephone = callPackage ../pkgs/tow-boot-pinephone { }; diff --git a/pkgs/feeds/default.nix b/pkgs/feeds/default.nix index 09004304..d3393453 100644 --- a/pkgs/feeds/default.nix +++ b/pkgs/feeds/default.nix @@ -1,7 +1,7 @@ { lib , callPackage , python3 -, stdenv +, static-nix-shell , writeShellScript }: @@ -21,21 +21,11 @@ let feed-pkgs; in rec { # TODO: make this a scope inherit feed-pkgs; - update = stdenv.mkDerivation { + update = static-nix-shell.mkPython3Bin { pname = "update"; - version = "0.1.0"; src = ./.; - patchPhase = - let - pyEnv = python3.withPackages (ps: [ ps.feedsearch-crawler ]); - in '' - substituteInPlace ./update.py \ - --replace "#!/usr/bin/env nix-shell" "#!${pyEnv.interpreter}" - ''; - installPhase = '' - mkdir -p $out/bin - mv update.py $out/bin/update.py - ''; + pyPkgs = [ "feedsearch-crawler" ]; + srcPath = "update.py"; }; init-feed = writeShellScript "init-feed" diff --git a/pkgs/sane-scripts/default.nix b/pkgs/sane-scripts/default.nix index b7178aea..2371f232 100644 --- a/pkgs/sane-scripts/default.nix +++ b/pkgs/sane-scripts/default.nix @@ -1,108 +1,129 @@ { lib , pkgs , resholve +, static-nix-shell +, symlinkJoin }: -# resholve documentation: -# - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md -# - generic: https://github.com/abathur/resholve -resholve.mkDerivation { - pname = "sane-scripts"; - version = "0.1.0"; +let + shell-scripts = resholve.mkDerivation { + # resholve documentation: + # - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md + # - generic: https://github.com/abathur/resholve + pname = "sane-scripts"; + version = "0.1.0"; - src = ./src; + src = ./src; - solutions = { - default = { - # note: `scripts` refers to the store path here - scripts = [ "bin/*" ]; - interpreter = "${pkgs.bash}/bin/bash"; - inputs = with pkgs; [ - # string is interpreted as relative path from @OUT@. - # this lets our scripts reference eachother. - # see: - "bin" - coreutils-full - curl - duplicity - file - findutils - git - gnugrep - gnused - gocryptfs - ifuse - inetutils - inotify-tools - iwd - jq - ncurses - oath-toolkit - openssh - openssl - rmlint - rsync - ssh-to-age - sops - sudo - systemd - util-linux - which - ]; - keep = { - "/run/secrets/duplicity_passphrase" = true; - # we write here: keep it - "/tmp/rmlint.sh" = true; - # intentionally escapes (into user code) - "$external_cmd" = true; - "$maybe_sudo" = true; - }; - fake = { - external = [ - # https://github.com/abathur/resholve/issues/29 - # "umount" - # "/run/wrappers/bin/sudo" - "sudo" + solutions = { + default = { + # note: `scripts` refers to the store path here + scripts = [ "bin/*" ]; + interpreter = "${pkgs.bash}/bin/bash"; + inputs = with pkgs; [ + # string is interpreted as relative path from @OUT@. + # this lets our scripts reference eachother. + # see: + "bin" + coreutils-full + curl + duplicity + file + findutils + git + gnugrep + gnused + gocryptfs + ifuse + inetutils + inotify-tools + iwd + jq + ncurses + oath-toolkit + openssh + openssl + rmlint + rsync + ssh-to-age + sops + sudo + systemd + util-linux + which + ]; + keep = { + "/run/secrets/duplicity_passphrase" = true; + # we write here: keep it + "/tmp/rmlint.sh" = true; + # intentionally escapes (into user code) + "$external_cmd" = true; + "$maybe_sudo" = true; + }; + fake = { + external = [ + # https://github.com/abathur/resholve/issues/29 + # "umount" + # "/run/wrappers/bin/sudo" + "sudo" + ]; + }; + fix = { + # this replaces umount with the non-setuid-wrapper umount. + # not sure if/where that lack of suid causes problems. + umount = true; + }; + prologue = "bin/sane-resholve-prologue"; + + # list of programs which *can* or *cannot* exec their arguments + execer = with pkgs; [ + "cannot:${duplicity}/bin/duplicity" + "cannot:${git}/bin/git" + "cannot:${gocryptfs}/bin/gocryptfs" + "cannot:${ifuse}/bin/ifuse" + "cannot:${iwd}/bin/iwctl" + "cannot:${oath-toolkit}/bin/oathtool" + "cannot:${openssh}/bin/ssh-keygen" + "cannot:${rmlint}/bin/rmlint" + "cannot:${rsync}/bin/rsync" + "cannot:${sops}/bin/sops" + "cannot:${ssh-to-age}/bin/ssh-to-age" + "cannot:${systemd}/bin/systemctl" ]; }; - fix = { - # this replaces umount with the non-setuid-wrapper umount. - # not sure if/where that lack of suid causes problems. - umount = true; - }; - prologue = "bin/sane-resholve-prologue"; - - # list of programs which *can* or *cannot* exec their arguments - execer = with pkgs; [ - "cannot:${duplicity}/bin/duplicity" - "cannot:${git}/bin/git" - "cannot:${gocryptfs}/bin/gocryptfs" - "cannot:${ifuse}/bin/ifuse" - "cannot:${iwd}/bin/iwctl" - "cannot:${oath-toolkit}/bin/oathtool" - "cannot:${openssh}/bin/ssh-keygen" - "cannot:${rmlint}/bin/rmlint" - "cannot:${rsync}/bin/rsync" - "cannot:${sops}/bin/sops" - "cannot:${ssh-to-age}/bin/ssh-to-age" - "cannot:${systemd}/bin/systemctl" - ]; }; + + patchPhase = '' + # remove python scripts (we package them further below) + rm sane-bt-search + rm sane-date-math + rm sane-reclaim-boot-space + ''; + + installPhase = '' + mkdir -p $out/bin + cp -R * $out/bin/ + ''; }; - patchPhase = '' - # remove python scripts - # TODO: figure out how to make resholve process only shell scripts - rm sane-bt-search - rm sane-date-math - rm sane-reclaim-boot-space - ''; - - installPhase = '' - mkdir -p $out/bin - cp -R * $out/bin/ - ''; + bt-search = static-nix-shell.mkPython3Bin { + pname = "sane-bt-search"; + src = ./src; + pyPkgs = [ "natsort" "requests" ]; + }; + date-math = static-nix-shell.mkPython3Bin { + pname = "sane-date-math"; + src = ./src; + }; + reclaim-boot-space = static-nix-shell.mkPython3Bin { + pname = "sane-reclaim-boot-space"; + src = ./src; + }; +in +symlinkJoin { + name = "sane-scripts"; + paths = [ shell-scripts bt-search date-math reclaim-boot-space ]; meta = { description = "collection of scripts associated with uninsane systems"; homepage = "https://git.uninsane.org"; diff --git a/pkgs/sane-scripts/src/sane-date-math b/pkgs/sane-scripts/src/sane-date-math index 95ed81cb..7e928ff5 100755 --- a/pkgs/sane-scripts/src/sane-date-math +++ b/pkgs/sane-scripts/src/sane-date-math @@ -1,4 +1,5 @@ -#!/usr/bin/env python3 +#!/usr/bin/env nix-shell +#!nix-shell -i python3 -p "python3.withPackages (ps: [ ])" # i just went overboard playing around with parsers, is all. # use this like `./sane-date-math 'today - 5d'` diff --git a/pkgs/sane-scripts/src/sane-reclaim-boot-space b/pkgs/sane-scripts/src/sane-reclaim-boot-space index 0eed1712..d10fafbc 100755 --- a/pkgs/sane-scripts/src/sane-reclaim-boot-space +++ b/pkgs/sane-scripts/src/sane-reclaim-boot-space @@ -1,4 +1,5 @@ -#!/usr/bin/env python3 +#!/usr/bin/env nix-shell +#!nix-shell -i python3 -p "python3.withPackages (ps: [ ])" import os import os.path diff --git a/pkgs/static-nix-shell/default.nix b/pkgs/static-nix-shell/default.nix new file mode 100644 index 00000000..cab27780 --- /dev/null +++ b/pkgs/static-nix-shell/default.nix @@ -0,0 +1,30 @@ +{ stdenv +, python3 +}: + +{ + # transform a file which uses `#!/usr/bin/env nix-shell` shebang with a `python3` interpreter + # into a derivation that can be built statically + mkPython3Bin = { pname, pyPkgs ? [], srcPath ? pname, ... }@attrs: stdenv.mkDerivation ( + let + evalPyPkgs = ps: builtins.map (name: ps."${name}") pyPkgs; + pyEnv = python3.withPackages evalPyPkgs; + pyPkgsStr = builtins.concatStringsSep " " (builtins.map (p: "ps.${p}") pyPkgs); + in { + version = "0.1.0"; # default version + patchPhase = '' + substituteInPlace ${srcPath} \ + --replace '#!/usr/bin/env nix-shell' '#!${pyEnv.interpreter}' \ + --replace \ + '#!nix-shell -i python3 -p "python3.withPackages (ps: [ ${pyPkgsStr} ])"' \ + '# nix deps evaluated statically' + ''; + installPhase = '' + mkdir -p $out/bin + mv ${srcPath} $out/bin/${srcPath} + # ensure that all nix-shell references were substituted + ! grep nix-shell $out/bin/${srcPath} + ''; + } // attrs + ); +}