macOS nix-static builder overhaul

builder/nixie/output/nix-wrapped.sh.in

@@ -271,6 +271,7 @@ _try_build_nix() {
   _avail flex
   _avail bison
   _avail perl
+  _avail python3
   _avail_end || return 1;
 
   _find_or_build_openssl
@@ -303,15 +304,22 @@ _try_build_nix() {
     export OPENSSL_CFLAGS=$macos_sdk/usr/include
   fi
 
-  ./configure --disable-seccomp-sandboxing \
-              --disable-s3 \
-              --disable-doc-gen \
-              --disable-embedded-sandbox-shell \
-              --disable-gc \
-              --disable-cpuid \
-  && make
+  python3 -m venv --system-site-packages "${sources_root}/nix/venv"
+  py3="${source_root}/nix/venv/bin/python3"
+  $py3 -m pip install meson ninja
+
+  meson="${source_root}/nix/venv/bin/meson"
+
+  mkdir build && cd build \
+    && $meson setup -Dlibstore:seccomp-sandboxing=disabled \
+                    -Dlibcmd:readline-flavor=editline \
+                    -Dlibexpr:gc=disabled \
+                    -Dlibutil:cpuid=disabled \
+                    -Ddoc-gen=false \
+                    -Dunit-tests=false \
+                    -Dbindings=false \
+    && $py3 -m ninja
 
-  #TODO: determine binary output path and copy to nix-static
   mv src/nix/nix "$USER_CACHE/nix-static"
 }
 

flake.nix

@@ -1,7 +1,7 @@
 { description = "Put Nix in everything!";
 
   inputs.nixpkgs.url = github:nixos/nixpkgs;
-  inputs.nix.url = github:nixos/nix/2.17.1;
+  inputs.nix.url = github:nixos/nix/2.26.2;
   inputs.fakedir =
     { url = github:nixie-dev/fakedir;
       inputs.nixpkgs.follows = "nixpkgs";
@@ -22,8 +22,8 @@
         sources = pkgs.callPackage ./sources {};
         static-bins = import ./static-bins
           { inherit nixpkgs fakedir pkgs;
+            nix-source = nix;
             libfakedir = fakedir.packages.aarch64-darwin.fakedir-universal;
-            nixStatics.aarch64-linux = nix.packages.aarch64-linux.nix-static;
           };
 
       } // (if system == "x86_64-darwin" || system == "aarch64-darwin"
@@ -35,7 +35,7 @@
         default = pkgs.mkShell {
           # These dependencies aren't involved in the build process, but are
           # nice-to-haves in the dev environment
-          packages = with pkgs; [ bumpver ];
+          packages = with pkgs; [ bumpver libllvm ];
 
           inputsFrom = [ self.packages."${system}".nixie ];
         };

sources/default.nix

@@ -1,6 +1,6 @@
 { stdenv, boost, openssl, lowdown, nlohmann_json, brotli, libsodium, editline
 , gnutar, coreutils, findutils, python3, nix
-, automake, autoconf-archive, autoconf, m4, bc, libtool, pkg-config, ... }:
+, meson, automake, autoconf-archive, autoconf, m4, bc, libtool, pkg-config, ... }:
 
 let
   mkConfiguredSrc = { pkg, confScript, patches ? [], dest?pkg.pname }:
@@ -19,6 +19,7 @@ let
         bc
         libtool
         pkg-config
+        meson
       ];
 
       dontBuild = true;
@@ -32,12 +33,7 @@ let
 
   nix_configured_src = mkConfiguredSrc
     { pkg = nix;
-      confScript = ''
-        sed -i configure.ac -e "s/.*gtest.*//g"
-        sed -i configure.ac -e "s/.*jq.*//g"
-        rm -f src/libutil/tests/*.cc
-        ./bootstrap.sh
-      '';
+      confScript = "true";
     };
   editline_configured_src = mkConfiguredSrc
     { pkg = editline;
@@ -90,4 +86,8 @@ in stdenv.mkDerivation {
   + builtins.foldl'
       (l: r: l + "\ncp -r ${r}/${r.dest} work && chmod -R u+w work/${r.dest} && tar -C work -czf $out/${r.dest}.tar.gz ${r.dest}") "" srcs_configured
   + "\nls $out > $out/filelist";
+
+  passthru = builtins.foldl'
+              (l: r: l // { "${r.pname}" = r; })
+              {} srcs_configured;
 }

static-bins/0000-darwin-use-gcc.patch

@@ -0,0 +1,23 @@
+diff --git a/packaging/dependencies.nix b/packaging/dependencies.nix
+index afbc31fc6..fa8ae5b86 100644
+--- a/packaging/dependencies.nix
++++ b/packaging/dependencies.nix
+@@ -19,16 +19,9 @@ let
+
+   root = ../.;
+
+-  stdenv = if prevStdenv.isDarwin && prevStdenv.isx86_64 then darwinStdenv else prevStdenv;
++  stdenv = if prevStdenv.isDarwin then darwinStdenv else prevStdenv;
+
+-  # Fix the following error with the default x86_64-darwin SDK:
+-  #
+-  #     error: aligned allocation function of type 'void *(std::size_t, std::align_val_t)' is only available on macOS 10.13 or newer
+-  #
+-  # Despite the use of the 10.13 deployment target here, the aligned
+-  # allocation function Clang uses with this setting actually works
+-  # all the way back to 10.6.
+-  darwinStdenv = pkgs.overrideSDK prevStdenv { darwinMinVersion = "10.13"; };
++  darwinStdenv = pkgs.overrideCC prevStdenv pkgs.pkgsBuildBuild.gcc;
+
+   # Nixpkgs implements this by returning a subpath into the fetched Nix sources.
+   resolvePath = p: p;

static-bins/0001-darwin-add-cmake.patch

@@ -0,0 +1,12 @@
+diff --git a/packaging/dependencies.nix b/packaging/dependencies.nix
+index afbc31fc6..505486dd3 100644
+--- a/packaging/dependencies.nix
++++ b/packaging/dependencies.nix
+@@ -100,6 +100,7 @@ let
+     nativeBuildInputs = [
+       pkgs.buildPackages.meson
+       pkgs.buildPackages.ninja
++      pkgs.buildPackages.cmake
+     ] ++ prevAttrs.nativeBuildInputs or [ ];
+     mesonCheckFlags = prevAttrs.mesonCheckFlags or [ ] ++ [
+       "--print-errorlogs"

static-bins/0002-darwin-disable-embedded-shell.patch

@@ -0,0 +1,13 @@
+diff --git a/src/libstore/package.nix b/src/libstore/package.nix
+index c982b44f0..84106350c 100644
+--- a/src/libstore/package.nix
++++ b/src/libstore/package.nix
+@@ -20,7 +20,7 @@
+
+   version,
+
+-  embeddedSandboxShell ? stdenv.hostPlatform.isStatic,
++  embeddedSandboxShell ? stdenv.hostPlatform.isStatic && !stdenv.hostPlatform.isDarwin,
+ }:
+
+ let

static-bins/default.nix

@@ -1,6 +1,9 @@
 { nixpkgs     ? <nixpkgs>
   # Nixpkgs import (from flake)
 
+, nix-source   ? builtins.fetchGit "https://github.com/nixos/nix"
+  # Nix packages source
+
 , fakedir     ? builtins.fetchGit "https://github.com/thesola10/fakedir"
   # libfakedir import (from flake)
 
@@ -10,9 +13,6 @@
 , libfakedir  ? pkgs.callPackage fakedir
   # libfakedir evaluated package
 
-, nixStatics  ? {}
-  # Per-architecture set of static Nix binaries (non-exhaustive)
-
 , ... }:
 
 let
@@ -25,22 +25,38 @@ let
   ];
   systemsPkgs =
     map (s:
-      import nixpkgs ({ localSystem = s; }
-      // (if s == "x86_64-darwin"
-          then
-          { overlays =
-            [ (import ./nixpkgs-darwin-static.nix) ];
-            crossSystem = {
-              isStatic = true;
-              system = s;
-            };
-          }
-          else {}))
+      import nixpkgs { localSystem = s; }
     ) builtSystems;
 
-  nixPackage = r: if builtins.hasAttr "${r.system}" nixStatics
-                  then nixStatics."${r.system}"
-                  else r.nixStatic;
+  patchesForSystem = rec {
+    "x86_64-darwin"   = [
+      # clang does not support prelinking, which is needed for libproviders
+      ./0000-darwin-use-gcc.patch
+
+      # Darwin static builds introduce a CMake dependency
+      ./0001-darwin-add-cmake.patch
+
+      # Busybox does not exist, and the embedded shell is an optional feature
+      ./0002-darwin-disable-embedded-shell.patch
+    ];
+    "aarch64-darwin"  = x86_64-darwin;
+
+    "x86_64-linux"    = [];
+    "aarch64-linux"   = [];
+  };
+
+  # The reason we do this is two-fold: first, the Nix build system isn't
+  # a simple callPackage, so using the regular 'patches' attribute wouldn't
+  # propagate to dependent modules.
+  # Second, we also need to modify the Nix source due to the module system
+  # making overrides difficult.
+  nixPatched = s: pkgs.runCommand "nix-source-patched" {} ''
+    cp -r ${nix-source} $out
+    chmod +w -R $out
+    cat ${builtins.foldl' (l: r: "${l} ${r}") "" patchesForSystem.${s}} \
+      | ${pkgs.patch}/bin/patch -p1 -u -d $out
+  '';
+  nixPackage = r: (import (nixPatched r.system)).packages.${r.system}.nix-cli-static;
 in
 pkgs.stdenv.mkDerivation {
   name = "nix-static-binaries";