From 30e3e45f9fa2b8950cc508a7363be54011998b70 Mon Sep 17 00:00:00 2001 From: strawberry Date: Thu, 24 Oct 2024 21:29:17 -0400 Subject: [PATCH] misc CI improvements, build macOS binaries, flake improvements/fixes Signed-off-by: strawberry --- .github/workflows/ci.yml | 110 +++++++++++++++++++++--- .github/workflows/documentation.yml | 10 ++- .github/workflows/trivy.yml | 4 +- .gitlab-ci.yml | 12 +++ bin/complement | 2 +- bin/nix-build-and-cache | 11 ++- flake.nix | 58 ++++++++++--- nix/pkgs/complement/default.nix | 13 ++- nix/pkgs/main/cross-compilation-env.nix | 21 +++-- nix/pkgs/main/default.nix | 27 ++++-- nix/pkgs/oci-image/default.nix | 2 +- 11 files changed, 219 insertions(+), 51 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e024c48..911737aa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,6 @@ on: - 'docker/**' branches: - main - - change-ci-cache tags: - '*' # Allows you to run this workflow manually from the Actions tab @@ -24,7 +23,7 @@ on: concurrency: group: ${{ github.head_ref || github.ref_name }} - cancel-in-progress: true + cancel-in-progress: false env: # sccache only on main repo @@ -51,8 +50,11 @@ env: # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps NIX_CONFIG: | show-trace = true - extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org + extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true # complement uses libolm NIXPKGS_ALLOW_INSECURE: 1 @@ -64,12 +66,23 @@ jobs: tests: name: Test runs-on: ubuntu-latest - env: - CARGO_PROFILE: "test" steps: - name: Free Disk Space (Ubuntu) uses: jlumbroso/free-disk-space@main + - name: Free up more runner space + run: | + set +o pipefail + # large docker images + sudo docker image prune --all --force || true + # large packages + sudo apt-get purge -y '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true + sudo apt-get autoremove -y + sudo apt-get clean + # large folders + sudo rm -rf /var/lib/apt/lists/* /usr/local/games /usr/local/sqlpackage /usr/local/.ghcup /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/local/share/vcpkg /usr/local/lib/python* /usr/local/lib/node_modules /usr/local/julia* /opt/mssql-tools /etc/skel /usr/share/vim /usr/share/postgresql /usr/share/man /usr/share/apache-maven-* /usr/share/R /usr/share/alsa /usr/share/miniconda /usr/share/grub /usr/share/gradle-* /usr/share/locale /usr/share/texinfo /usr/share/kotlinc /usr/share/swift /usr/share/doc /usr/share/az_9.3.0 /usr/share/sbt /usr/share/ri /usr/share/icons /usr/share/java /usr/share/fonts /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/R /usr/lib/postgresql /usr/lib/heroku /usr/lib/gcc + set -o pipefail + - name: Sync repository uses: actions/checkout@v4 @@ -85,7 +98,7 @@ jobs: exit 1 fi - - uses: nixbuild/nix-quick-install-action@v28 + - uses: nixbuild/nix-quick-install-action@master - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 @@ -117,8 +130,11 @@ jobs: - name: Apply Nix binary cache configuration run: | sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null < "$HOME/.direnvrc" - nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv + nix profile install --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv direnv allow - nix develop .#all-features --command true --impure + nix develop .#all-features --command true - name: Cache CI dependencies run: | @@ -151,10 +167,14 @@ jobs: cache-all-crates: "true" - name: Run CI tests + env: + CARGO_PROFILE: "test" run: | direnv exec . engage > >(tee -a test_output.log) - name: Run Complement tests + env: + CARGO_PROFILE: "test" run: | # the nix devshell sets $COMPLEMENT_SRC, so "/dev/null" is no-op direnv exec . bin/complement "/dev/null" complement_test_logs.jsonl complement_test_results.jsonl > >(tee -a test_output.log) @@ -202,7 +222,7 @@ jobs: echo '```' >> $GITHUB_STEP_SUMMARY fi - - name: Run cargo clean test artifacts + - name: Run cargo clean test artifacts to free up space run: | cargo clean --profile test @@ -254,8 +274,11 @@ jobs: - name: Apply Nix binary cache configuration run: | sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <> $GITHUB_STEP_SUMMARY + exit 1 + fi + # use sccache for Rust + - name: Run sccache-cache + if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') + uses: mozilla-actions/sccache-action@main + # use rust-cache + - uses: Swatinem/rust-cache@v2 + with: + cache-all-crates: "true" + # Nix can't do portable macOS builds yet + - name: Build macOS x86_64 binary + if: ${{ matrix.os == 'macos-13' }} + run: | + CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short HEAD)" cargo build --release + cp -v -f target/release/conduit conduwuit-macos-x86_64 + otool -L conduwuit-macos-x86_64 + # quick smoke test of the x86_64 macOS binary + - name: Run x86_64 macOS release binary + if: ${{ matrix.os == 'macos-13' }} + run: | + ./conduwuit-macos-x86_64 --version + - name: Build macOS arm64 binary + if: ${{ matrix.os == 'macos-latest' }} + run: | + CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short HEAD)" cargo build --release + cp -v -f target/release/conduit conduwuit-macos-arm64 + otool -L conduwuit-macos-arm64 + # quick smoke test of the arm64 macOS binary + - name: Run arm64 macOS release binary + if: ${{ matrix.os == 'macos-latest' }} + run: | + ./conduwuit-macos-arm64 --version + - name: Upload macOS x86_64 binary + if: ${{ matrix.os == 'macos-13' }} + uses: actions/upload-artifact@v4 + with: + name: conduwuit-macos-x86_64 + path: conduwuit-macos-x86_64 + if-no-files-found: error + - name: Upload macOS arm64 binary + if: ${{ matrix.os == 'macos-latest' }} + uses: actions/upload-artifact@v4 + with: + name: conduwuit-macos-arm64 + path: conduwuit-macos-arm64 + if-no-files-found: error + docker: name: Docker publish runs-on: ubuntu-latest diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index ccd144d2..45e52b22 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -24,8 +24,11 @@ env: # Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps NIX_CONFIG: | show-trace = true - extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems https://conduwuit.cachix.org + extra-substituters = extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. @@ -89,8 +92,11 @@ jobs: - name: Apply Nix binary cache configuration run: | sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null < /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi + - if command -v nix > /dev/null; then echo "extra-experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi + # Accept flake config from "untrusted" users + - if command -v nix > /dev/null; then echo "accept-flake-config = true" >> /etc/nix/nix.conf; fi # Add conduwuit binary cache - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduwuit" >> /etc/nix/nix.conf; fi @@ -47,6 +57,8 @@ before_script: - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi + - if command -v nix > /dev/null; then echo "extra-substituters = https://aseipp-nix-cache.freetls.fastly.net" >> /etc/nix/nix.conf; fi + # Install direnv and nix-direnv - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi diff --git a/bin/complement b/bin/complement index a715b14b..094cf248 100755 --- a/bin/complement +++ b/bin/complement @@ -15,7 +15,7 @@ LOG_FILE="$2" # A `.jsonl` file to write test results to RESULTS_FILE="$3" -OCI_IMAGE="complement-conduit:main" +OCI_IMAGE="complement-conduwuit:main" # Complement tests that are skipped due to flakiness/reliability issues SKIPPED_COMPLEMENT_TESTS='-skip=TestClientSpacesSummary.*|TestJoinFederatedRoomFromApplicationServiceBridgeUser.*|TestJumpToDateEndpoint.*' diff --git a/bin/nix-build-and-cache b/bin/nix-build-and-cache index f6b471a6..ac64ff23 100755 --- a/bin/nix-build-and-cache +++ b/bin/nix-build-and-cache @@ -26,7 +26,12 @@ just() { "$ATTIC_TOKEN" # Find all output paths of the installables and their build dependencies - readarray -t derivations < <(nix path-info --derivation "$@") + #readarray -t derivations < <(nix path-info --derivation "$@") + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$@") + cache=() for derivation in "${derivations[@]}"; do cache+=( @@ -77,8 +82,8 @@ ci() { --inputs-from "$toplevel" # Keep sorted - "$toplevel#devShells.x86_64-linux.default" - "$toplevel#devShells.x86_64-linux.all-features" + #"$toplevel#devShells.x86_64-linux.default" + #"$toplevel#devShells.x86_64-linux.all-features" attic#default cachix#default nixpkgs#direnv diff --git a/flake.nix b/flake.nix index 7c870cce..85b7baa0 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,14 @@ inherit inputs; main = self.callPackage ./nix/pkgs/main {}; oci-image = self.callPackage ./nix/pkgs/oci-image {}; + tini = pkgs.tini.overrideAttrs { + # newer clang/gcc is unhappy with tini-static: + patches = [ (pkgs.fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch"; + hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k="; + }) + ]; + }; liburing = pkgs.liburing.overrideAttrs { # Tests weren't building outputs = [ "out" "dev" "man" ]; @@ -88,6 +96,16 @@ scopeHost = mkScope pkgsHost; scopeHostStatic = mkScope pkgsHostStatic; + scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic; + mkCrossScope = crossSystem: + let pkgsCrossStatic = (import inputs.nixpkgs { + inherit system; + crossSystem = { + config = crossSystem; + }; + }).pkgsStatic; + in + mkScope pkgsCrossStatic; mkDevShell = scope: scope.pkgs.mkShell { env = scope.main.env // { @@ -118,7 +136,6 @@ ++ (with pkgsHost.pkgs; [ engage cargo-audit - liburing # Required by hardened-malloc.rs dep binutils @@ -149,12 +166,21 @@ # needed so we can get rid of gcc and other unused deps that bloat OCI images removeReferencesTo - ]) + ] + # liburing is Linux-exclusive + ++ lib.optional stdenv.hostPlatform.isLinux liburing + # needed to build Rust applications on macOS + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + # https://github.com/NixOS/nixpkgs/issues/206242 + # ld: library not found for -liconv + libiconv + # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell + # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612 + pkgsBuildHost.darwin.apple_sdk.frameworks.Security + ]) ++ scope.main.buildInputs ++ scope.main.propagatedBuildInputs ++ scope.main.nativeBuildInputs; - - meta.broken = scope.main.meta.broken; }; in { @@ -228,6 +254,8 @@ complement = scopeHost.complement; static-complement = scopeHostStatic.complement; + # macOS containers don't exist, so the complement images must be forced to linux + linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement; } // builtins.listToAttrs @@ -236,14 +264,7 @@ (crossSystem: let binaryName = "static-${crossSystem}"; - pkgsCrossStatic = - (import inputs.nixpkgs { - inherit system; - crossSystem = { - config = crossSystem; - }; - }).pkgsStatic; - scopeCrossStatic = mkScope pkgsCrossStatic; + scopeCrossStatic = mkCrossScope crossSystem; in [ # An output for a statically-linked binary @@ -373,11 +394,20 @@ }; }; } + + # An output for a complement OCI image for the specified platform + { + name = "complement-${crossSystem}"; + value = scopeCrossStatic.complement; + } ] ) [ - "x86_64-unknown-linux-musl" - "aarch64-unknown-linux-musl" + #"x86_64-apple-darwin" + #"aarch64-apple-darwin" + "x86_64-linux-gnu" + "x86_64-linux-musl" + "aarch64-linux-musl" ] ) ); diff --git a/nix/pkgs/complement/default.nix b/nix/pkgs/complement/default.nix index 5ebe9eb3..80e9ce27 100644 --- a/nix/pkgs/complement/default.nix +++ b/nix/pkgs/complement/default.nix @@ -18,6 +18,15 @@ let all_features = true; disable_release_max_log_level = true; disable_features = [ + # no reason to use jemalloc for complement, just has compatibility/build issues + "jemalloc" + # console/CLI stuff isn't used or relevant for complement + "console" + "tokio_console" + # sentry telemetry isn't useful for complement, disabled by default anyways + "sentry_telemetry" + # the containers don't use or need systemd signal support + "systemd" # this is non-functional on nix for some reason "hardened_malloc" # dont include experimental features @@ -57,7 +66,7 @@ let in dockerTools.buildImage { - name = "complement-${main.pname}"; + name = "complement-conduwuit"; tag = "main"; copyToRoot = buildEnv { @@ -78,7 +87,7 @@ dockerTools.buildImage { "${lib.getExe start}" ]; - Entrypoint = if !stdenv.isDarwin + Entrypoint = if !stdenv.hostPlatform.isDarwin # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) # are handled as expected then [ "${lib.getExe' tini "tini"}" "--" ] diff --git a/nix/pkgs/main/cross-compilation-env.nix b/nix/pkgs/main/cross-compilation-env.nix index 83fe6ed6..c189d57c 100644 --- a/nix/pkgs/main/cross-compilation-env.nix +++ b/nix/pkgs/main/cross-compilation-env.nix @@ -1,5 +1,6 @@ { lib , pkgsBuildHost +, pkgsBuildTarget , rust , stdenv }: @@ -35,7 +36,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic { # including it here. Linkers are weird. (stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isx86_64) && stdenv.hostPlatform.isStatic - && !stdenv.isDarwin + && !stdenv.hostPlatform.isDarwin && !stdenv.cc.bintools.isLLVM ) [ @@ -52,11 +53,12 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic { # even covers the case of build scripts that need native code compiled and # run on the build platform (I think). # -# [0]: https://github.com/NixOS/nixpkgs/blob/5cdb38bb16c6d0a38779db14fcc766bc1b2394d6/pkgs/build-support/rust/lib/default.nix#L57-L80 +# [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68 // ( let inherit (rust.lib) envVars; + shouldUseLLD = platform: platform.isAarch64 && platform.isStatic && !stdenv.hostPlatform.isDarwin; in lib.optionalAttrs (stdenv.targetPlatform.rust.rustcTarget @@ -64,23 +66,30 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic { ( let inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget; + linkerForTarget = if shouldUseLLD stdenv.targetPlatform + && !stdenv.cc.bintools.isLLVM # whether stdenv's linker is lld already + then "${pkgsBuildTarget.llvmPackages.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld" + else envVars.ccForTarget; in { "CC_${cargoEnvVarTarget}" = envVars.ccForTarget; "CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget; - "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = - envVars.linkerForTarget; + "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = linkerForTarget; } ) // ( let inherit (stdenv.hostPlatform.rust) cargoEnvVarTarget rustcTarget; + linkerForHost = if shouldUseLLD stdenv.targetPlatform + && !stdenv.cc.bintools.isLLVM + then "${pkgsBuildHost.llvmPackages.bintools}/bin/${stdenv.cc.targetPrefix}ld.lld" + else envVars.ccForHost; in { "CC_${cargoEnvVarTarget}" = envVars.ccForHost; "CXX_${cargoEnvVarTarget}" = envVars.cxxForHost; - "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.linkerForHost; + "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = linkerForHost; CARGO_BUILD_TARGET = rustcTarget; } ) @@ -92,7 +101,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic { { "CC_${cargoEnvVarTarget}" = envVars.ccForBuild; "CXX_${cargoEnvVarTarget}" = envVars.cxxForBuild; - "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.linkerForBuild; + "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForBuild; HOST_CC = "${pkgsBuildHost.stdenv.cc}/bin/cc"; HOST_CXX = "${pkgsBuildHost.stdenv.cc}/bin/c++"; } diff --git a/nix/pkgs/main/default.nix b/nix/pkgs/main/default.nix index 8559e878..1088b03c 100644 --- a/nix/pkgs/main/default.nix +++ b/nix/pkgs/main/default.nix @@ -6,6 +6,7 @@ , libiconv , liburing , pkgsBuildHost +, pkgsBuildTarget , rocksdb , removeReferencesTo , rust @@ -40,7 +41,7 @@ features'' = lib.subtractLists disable_features' features'; featureEnabled = feature : builtins.elem feature features''; -enableLiburing = featureEnabled "io_uring" && !stdenv.isDarwin; +enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin; # This derivation will set the JEMALLOC_OVERRIDE variable, causing the # tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's @@ -72,16 +73,12 @@ buildDepsOnlyEnv = # jemalloc symbols are prefixed. # # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17 - enableJemalloc = featureEnabled "jemalloc" && !stdenv.isDarwin; + enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin; # for some reason enableLiburing in nixpkgs rocksdb is default true # which breaks Darwin entirely enableLiburing = enableLiburing; }).overrideAttrs (old: { - # TODO: static rocksdb fails to build on darwin, also see - # build log at - meta.broken = stdenv.hostPlatform.isStatic && stdenv.isDarwin; - enableLiburing = enableLiburing; }); in @@ -99,6 +96,7 @@ buildDepsOnlyEnv = inherit lib pkgsBuildHost + pkgsBuildTarget rust stdenv; }); @@ -137,7 +135,16 @@ commonAttrs = { dontStrip = profile == "dev" || profile == "test"; dontPatchELF = profile == "dev" || profile == "test"; - buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'; + buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys' + # needed to build Rust applications on macOS + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + # https://github.com/NixOS/nixpkgs/issues/206242 + # ld: library not found for -liconv + libiconv + # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell + # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612 + pkgsBuildHost.darwin.apple_sdk.frameworks.Security + ]; nativeBuildInputs = [ # bindgen needs the build platform's libclang. Apparently due to "splicing @@ -154,8 +161,10 @@ commonAttrs = { # needed so we can get rid of gcc and other unused deps that bloat OCI images removeReferencesTo ] - ++ lib.optionals stdenv.isDarwin [ + # needed to build Rust applications on macOS + ++ lib.optionals stdenv.hostPlatform.isDarwin [ # https://github.com/NixOS/nixpkgs/issues/206242 + # ld: library not found for -liconv libiconv # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell @@ -167,7 +176,7 @@ commonAttrs = { # # postInstall = with pkgsBuildHost; '' - find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${libgcc} -t ${linuxHeaders} -t ${libidn2} -t ${libunistring} '{}' + + find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${rustc.unwrapped} -t ${rustc} -t ${libidn2} -t ${libunistring} '{}' + ''; }; in diff --git a/nix/pkgs/oci-image/default.nix b/nix/pkgs/oci-image/default.nix index ed2ec19a..5078523b 100644 --- a/nix/pkgs/oci-image/default.nix +++ b/nix/pkgs/oci-image/default.nix @@ -16,7 +16,7 @@ dockerTools.buildLayeredImage { dockerTools.caCertificates ]; config = { - Entrypoint = if !stdenv.isDarwin + Entrypoint = if !stdenv.hostPlatform.isDarwin # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) # are handled as expected then [ "${lib.getExe' tini "tini"}" "--" ]