link manpages into all linkIntoOwnPackage users

hosts/common/programs/ausyscall.nix

@@ -2,7 +2,7 @@
 { pkgs, ... }:
 {
   sane.programs.ausyscall = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.audit "bin/ausyscall";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.audit "ausyscall";
 
     sandbox.method = "landlock";
   };

hosts/common/programs/bitcoin-cli.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.bitcoin-cli = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.bitcoind "bin/bitcoin-cli";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.bitcoind "bitcoin-cli";
     sandbox.method = "bwrap";
     sandbox.autodetectCliPaths = "existing";  #< for `bitcoin-cli -datadir=/var/lib/...`
     sandbox.extraHomePaths = [

hosts/common/programs/errno.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.errno = {
-    # packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.moreutils "bin/errno";
+    # packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.moreutils "errno";
     # actually, don't build all of moreutils because not all of it builds for cross targets.
     packageUnwrapped = pkgs.moreutils.overrideAttrs (base: {
       makeFlags = (base.makeFlags or []) ++ [

hosts/common/programs/free.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.free = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/free";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "free";
     sandbox.method = "bwrap";
     sandbox.isolatePids = false;
   };

hosts/common/programs/gdbus.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.gdbus = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.glib "bin/gdbus";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.glib "gdbus";
 
     sandbox.method = "bwrap";
     sandbox.whitelistDbus = [ "user" ];  #< XXX: maybe future users will also want system access

hosts/common/programs/gst-device-monitor.nix

@@ -5,10 +5,9 @@
 { pkgs, ... }:
 {
   sane.programs.gst-device-monitor = {
-    packageUnwrapped = (pkgs.linkIntoOwnPackage pkgs.gst_all_1.gst-plugins-base [
-      "bin/gst-device-monitor-1.0"
-      "share/man/man1/gst-device-monitor-1.0.1.gz"
-    ]).overrideAttrs (base: {
+    packageUnwrapped = (
+      pkgs.linkBinIntoOwnPackage pkgs.gst_all_1.gst-plugins-base "gst-device-monitor-1.0"
+    ).overrideAttrs (base: {
       # XXX the binaries need `GST_PLUGIN_SYSTEM_PATH_1_0` set to function,
       # but nixpkgs doesn't set those (TODO: upstream this!)
       nativeBuildInputs = (base.nativeBuildInputs or []) ++ [

hosts/common/programs/mimetype.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.mimetype = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.perlPackages.FileMimeInfo "bin/mimetype";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.perlPackages.FileMimeInfo "mimetype";
     sandbox.method = "bwrap";
     sandbox.autodetectCliPaths = "existing";
   };

hosts/common/programs/objdump.nix

@@ -3,7 +3,7 @@
   sane.programs.objdump = {
     # binutils-unwrapped is like 80 MiB, just for this one binary;
     # dynamic linking means copying the binary doesn't reduce the closure much at all compared to just symlinking it.
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.binutils-unwrapped "bin/objdump";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.binutils-unwrapped "objdump";
     sandbox.method = "bwrap";
     sandbox.autodetectCliPaths = "existingFile";
   };

hosts/common/programs/pactl.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.pactl = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.pulseaudio "bin/pactl";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.pulseaudio "pactl";
     sandbox.method = "bwrap";
     sandbox.whitelistAudio = true;
   };

hosts/common/programs/pidof.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.pidof = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/pidof";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "pidof";
     sandbox.method = "bwrap";
     sandbox.isolatePids = false;
   };

hosts/common/programs/pkill.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.pkill = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/pkill";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "pkill";
     sandbox.method = "bwrap";
     sandbox.isolatePids = false;
   };

hosts/common/programs/ps.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   sane.programs.ps = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/ps";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "ps";
     sandbox.method = "bwrap";
     sandbox.isolatePids = false;
   };

hosts/common/programs/strings.nix

@@ -3,7 +3,7 @@
   sane.programs.strings = {
     # binutils-unwrapped is like 80 MiB, just for this one binary;
     # dynamic linking means copying the binary doesn't reduce the closure much at all compared to just symlinking it.
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.binutils-unwrapped "bin/strings";
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.binutils-unwrapped "strings";
 
     sandbox.method = "landlock";
     sandbox.wrapperType = "inplace";  # trivial package; cheaper to wrap in place

hosts/common/programs/where-am-i.nix

@@ -4,7 +4,7 @@
     # packageUnwrapped = pkgs.linkIntoOwnPackage config.sane.programs.geoclue2.packageUnwrapped "libexec/geoclue-2.0/demos/where-am-i";
     packageUnwrapped = pkgs.linkFarm "where-am-i" [{
       # bring the `where-am-i` tool into a `bin/` directory so it can be invokable via PATH
-      name = "bin/where-am-i";
+      name = "where-am-i";
       path = "${config.sane.programs.geoclue2.packageUnwrapped}/libexec/geoclue-2.0/demos/where-am-i";
     }];
 

hosts/common/programs/zfs-tools.nix

@@ -1,17 +1,17 @@
 { pkgs, ... }:
 {
   sane.programs.zfs-tools = {
-    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.zfs [
-      "bin/arc_summary"
-      "bin/arcstat"
-      # "bin/dbufstat"
-      "bin/zdb"
-      "bin/zfs"
-      "bin/zfs_ids_to_path"
-      "bin/zilstat"
-      "bin/zpool"
-      "bin/zstream"
-      "bin/zstreamdump"
+    packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.zfs [
+      "arc_summary"
+      "arcstat"
+      # "dbufstat"
+      "zdb"
+      "zfs"
+      "zfs_ids_to_path"
+      "zilstat"
+      "zpool"
+      "zstream"
+      "zstreamdump"
     ];
 
     sandbox.method = "landlock";  #< bwrap doesn't work

modules/services/clightning.nix

@@ -235,7 +235,7 @@ in
     };
 
     sane.programs.lightning-cli = {
-      packageUnwrapped = pkgs.linkIntoOwnPackage cfg.package "bin/lightning-cli";
+      packageUnwrapped = pkgs.linkBinIntoOwnPackage cfg.package "lightning-cli";
     };
 
   };

pkgs/additional/trivial-builders/default.nix

@@ -1,5 +1,6 @@
 { lib
 , deepLinkIntoOwnPackage
+, linkIntoOwnPackage
 , rmDbusServicesInPlace
 , runCommandLocalOverridable
 , stdenv
@@ -65,6 +66,19 @@
       done
     '';
 
+  # `linkBinIntoOwnPackage myPkg "binary-name"`
+  # `linkBinIntoOwnPackage myPkg [ "cli-tool1" "cli-tool2" ]`
+  # `linkBinIntoOwnPackage myPkg [ ]`  -> link *all* of bin/
+  #
+  # in addition, all manpages/docs are linked into the output
+  linkBinIntoOwnPackage = pkg: path: let
+    path' = if path == [] then "" else path;  #< if handed an empty list, then link all of `bin`
+    paths = if lib.isList path' then path else [ path' ];  #< coerce to list
+    paths' = (lib.map (p: "bin/${p}") paths) ++ [ "share/doc" "share/man" ];
+  in
+    linkIntoOwnPackage pkg paths'
+  ;
+
   deepLinkIntoOwnPackage = pkg: symlinkJoin {
     name = pkg.pname or pkg.name;
     paths = [ pkg ];

pkgs/default.nix

@@ -118,6 +118,7 @@ let
     inherit (trivial-builders)
       copyIntoOwnPackage
       deepLinkIntoOwnPackage
+      linkBinIntoOwnPackage
       linkIntoOwnPackage
       rmDbusServices
       rmDbusServicesInPlace