testing/nix: new aport

https://nixos.org/nix/
The purely functional package manager

6 files changed, 219 insertions, 0 deletions

diff --git a/testing/nix/APKBUILD b/testing/nix/APKBUILD
new file mode 100644
index 0000000000..b39667e676
--- /dev/null
+++ b/testing/nix/APKBUILD
@@ -0,0 +1,101 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+pkgname=nix
+pkgver=2.1.3
+pkgrel=0
+pkgdesc="The purely functional package manager"
+url="https://nixos.org/nix/"
+arch="x86 x86_64 aarch64"  # supported platforms
+license="LGPL-2.1-or-later"
+depends="ca-certificates"
+depends_dev="boost-dev"
+makedepends="
+	$depends_dev
+	bash
+	brotli-dev
+	bzip2-dev
+	curl-dev
+	gc-dev
+	libressl-dev
+	libseccomp-dev
+	libsodium-dev
+	sqlite-dev
+	xz
+	xz-dev
+	"
+pkggroups="nix nixbld"
+install="$pkgname.pre-install"
+subpackages="$pkgname-dev $pkgname-openrc $pkgname-doc"
+source="https://nixos.org/releases/nix/$pkgname-$pkgver/$pkgname-$pkgver.tar.xz
+	libboost_context-mt.patch
+	nix-daemon.initd
+	nix-profile.sh
+	"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+	cd "$builddir"
+
+	# NOTE: /nix/var is recommended by upstream and we need /nix anyway.
+	bash ./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/nix/var \
+		--enable-gc
+	make
+}
+
+package() {
+	cd "$builddir"
+
+	make DESTDIR="$pkgdir" install
+
+	cd "$pkgdir"
+
+	# Remove trash.
+	rm -R etc/init
+	rm -R usr/lib/systemd
+	rm etc/profile.d/*
+
+	mkdir -p usr/sbin
+	mv usr/bin/nix-daemon usr/sbin/
+
+	install -m 755 -D "$srcdir"/nix-profile.sh etc/profile.d/nix.sh
+	install -m 755 -D "$srcdir"/nix-daemon.initd etc/init.d/nix-daemon
+
+	# Setup build users.
+	# Note: max-jobs should equal number of created nixbld<n> users.
+	install -d -m 0555 etc/nix
+	cat > etc/nix/nix.conf <<-EOF
+		build-users-group = nixbld
+		max-jobs = 4
+	EOF
+
+	# This is based on https://github.com/NixOS/nix/blob/9617a04/scripts/install-multi-user.sh#L525
+	# NOTE: store dir must be /nix/store, otherwise pre-built binaries from
+	#   the standard Nixpkgs channels would not work.
+	install -d -m 1775 -g nixbld \
+		nix/store
+	install -d -m 0755 \
+		nix/var/log/nix/drvs \
+		nix/var/nix/db \
+		nix/var/nix/gcroots \
+		nix/var/nix/manifests \
+		nix/var/nix/profiles/default \
+		nix/var/nix/temproots \
+		nix/var/nix/userpool
+	install -d -m 1777 \
+		nix/var/nix/profiles/per-user \
+		nix/var/nix/gcroots/per-user
+	# Allow only users in the nix group to perform Nix operations.
+	install -d -m 0770 -g nix \
+		nix/var/nix/daemon-socket
+}
+
+sha512sums="d22718d23d8960dac7d07739835caa8183f573b303d77613e77314d873c1fe6da1cb0ed78337fe3219a94675307b23132a62ae7d9aa5354707e58400f403524b  nix-2.1.3.tar.xz
+2d6d8441861abca66b28083c356618e2dc60acb9a5be675f32be90204743e780f60427b8375aa5ba234f6f604f6b2569922cb400a1a989a37d950580d2151a6f  libboost_context-mt.patch
+9e4568db987fbae5097f7bb086e8ad51742c2d229703104fb7e6f240ffb0ca72e57dc305fb238bcee4ec8002d780007af60f241b1f32b6aa413dd579d9c59e75  nix-daemon.initd
+0fb5b9ff2f593dca22251b342494ea0b61380d8f905d85855282d259c112aa2a918d9785aa08f847c693a939ebae9fbefcd4e417ad93283a142e066105cc87b5  nix-profile.sh"
diff --git a/testing/nix/README.alpine b/testing/nix/README.alpine
new file mode 100644
index 0000000000..b2fbc0bebe
--- /dev/null
+++ b/testing/nix/README.alpine
@@ -0,0 +1,3 @@
+# Nix
+
+NOTE: Only members of unix group "nix" are allowed to install Nix packages.
diff --git a/testing/nix/libboost_context-mt.patch b/testing/nix/libboost_context-mt.patch
new file mode 100644
index 0000000000..02326b2e1e
--- /dev/null
+++ b/testing/nix/libboost_context-mt.patch
@@ -0,0 +1,14 @@
+We don't have libboost_context.so, just libboost_context-mt.so (-mt stands
+for multithreading).
+
+--- a/src/libutil/local.mk
++++ b/src/libutil/local.mk
+@@ -6,7 +6,7 @@
+ 
+ libutil_SOURCES := $(wildcard $(d)/*.cc)
+ 
+-libutil_LDFLAGS = $(LIBLZMA_LIBS) -lbz2 -pthread $(OPENSSL_LIBS) $(LIBBROTLI_LIBS) -lboost_context
++libutil_LDFLAGS = $(LIBLZMA_LIBS) -lbz2 -pthread $(OPENSSL_LIBS) $(LIBBROTLI_LIBS) -lboost_context-mt
+ 
+ libutil_LIBS = libformat
+ 
diff --git a/testing/nix/nix-daemon.initd b/testing/nix/nix-daemon.initd
new file mode 100644
index 0000000000..fe81aa8e2b
--- /dev/null
+++ b/testing/nix/nix-daemon.initd
@@ -0,0 +1,7 @@
+#!/sbin/openrc-run
+
+description="Nix multi-user support daemon"
+
+command="/usr/sbin/nix-daemon"
+command_background="yes"
+pidfile="/run/$RC_SVCNAME.pid"
diff --git a/testing/nix/nix-profile.sh b/testing/nix/nix-profile.sh
new file mode 100644
index 0000000000..527122d322
--- /dev/null
+++ b/testing/nix/nix-profile.sh
@@ -0,0 +1,84 @@
+# Profile for Nix package manager
+# This script is based on https://github.com/NixOS/nix/blob/master/scripts/nix-profile.sh.in.
+
+# Sanity check
+[ "$HOME" ] && [ "$USER" ] || return 0
+
+_nix_setup_user() {
+	local nix_profile="$HOME/.nix-profile"
+	local nix_defexpr="$HOME/.nix-defexpr"
+	local profiles_dir="/nix/var/nix/profiles"
+	local user_profile_dir="$profiles_dir/per-user/$USER"
+	local user_gcroots_dir="/nix/var/nix/gcroots/per-user/$USER"
+
+	mkdir -m 0755 -p "$user_profile_dir"
+	[ -O "$user_profile_dir" ] \
+		|| echo "Nix: WARNING: bad ownership on $user_profile_dir, should be $(id -u)" >&2
+
+	[ -w "$HOME" ] || return 0
+
+	# Create ~/.nix-profile if needed.
+	if ! [ -L "$nix_profile" ]; then
+		echo "Nix: creating $nix_profile" >&2
+
+		if [ "$USER" = root ]; then
+			# Root installs in the system-wide profile by default.
+			ln -s "$profiles_dir/default" "$nix_profile" \
+				|| echo "Nix: WARNING: could not create $nix_profile -> $profiles_dir/default" >&2
+		else
+			ln -s "$user_profile_dir/profile" "$nix_profile" \
+				|| echo "Nix: WARNING: could not create $nix_profile -> $user_profile_dir/profile" >&2
+		fi
+	fi
+
+	# Subscribe the user to the unstable Nixpkgs channel by default.
+	if ! [ -e "$HOME/.nix-channels" ]; then
+		echo 'https://nixos.org/channels/nixpkgs-unstable nixpkgs' > "$HOME/.nix-channels"
+	fi
+
+	# Create the per-user garbage collector roots directory.
+	mkdir -m 0755 -p "$user_gcroots_dir"
+	[ -O "$user_gcroots_dir" ] \
+		|| echo "Nix: WARNING: bad ownership on $user_gcroots_dir, should be $(id -u)" >&2
+
+	# Set up a default Nix expression from which to install stuff.
+	if [ ! -e "$nix_defexpr" -o -L "$nix_defexpr" ]; then
+		rm -f "$nix_defexpr"
+		mkdir -p "$nix_defexpr"
+
+		if [ "$USER" != root ]; then
+			ln -s "$profiles_dir"/per-user/root/channels "$nix_defexpr"/channels_root
+		fi
+	fi
+
+	export NIX_PROFILES="$NIX_PROFILES $nix_profile"
+
+	# Append ~/.nix-defexpr/channels/nixpkgs to $NIX_PATH so that <nixpkgs>
+	# paths work when the user has fetched the Nixpkgs channel.
+	export NIX_PATH="${NIX_PATH:+$NIX_PATH:}nixpkgs=$nix_defexpr/channels/nixpkgs"
+
+	# Set up secure multi-user builds; non-root users build through the Nix daemon.
+	[ "$USER" = root ] || export NIX_REMOTE='daemon'
+}
+
+
+# Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work.
+export NIX_SSL_CERT_FILE='/etc/ssl/certs/ca-certificates.crt'
+
+# The default profile for all users.
+export NIX_PROFILES='/nix/var/nix/profiles/default'
+
+# Set up environment for users that are allowed to build and install Nix
+# packages: root and members of nix or wheel group.
+if [ "$USER" = root ] || id -nG | grep -Eq '\b(nix|wheel)\b'; then
+	_nix_setup_user
+fi
+
+# Set up PATH and MANPATH.
+for _i in $NIX_PROFILES; do
+	export PATH="$_i/bin:$PATH"
+	[ "$MANPATH" ] && export MANPATH="$_i/share/man:$MANPATH"
+done
+
+unset _i
+unset -f _nix_setup_user
diff --git a/testing/nix/nix.pre-install b/testing/nix/nix.pre-install
new file mode 100644
index 0000000000..04bca10095
--- /dev/null
+++ b/testing/nix/nix.pre-install
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+addgroup -S nix 2>/dev/null
+addgroup -S nixbld 2>/dev/null
+for n in $(seq 0 3); do
+	adduser -S -D -H -h /var/empty -s /sbin/nologin -G nixbld \
+		-g "Nix build user $n" nixbld$n 2>/dev/null
+done
+
+exit 0