lorri: init at version unstable-2019-10-30

Includes user service (nixos/modules/services/development/lorri) that
starts on demand.

3 files changed, 126 insertions, 0 deletions

diff --git a/pkgs/tools/misc/lorri/default.nix b/pkgs/tools/misc/lorri/default.nix
new file mode 100644
index 00000000000..914578c47ec
--- /dev/null
+++ b/pkgs/tools/misc/lorri/default.nix
@@ -0,0 +1,56 @@
+{ stdenv
+, pkgs
+, fetchFromGitHub
+, rustPlatform
+  # Updater script
+, runtimeShell
+, writeScript
+  # Tests
+, nixosTests
+  # Apple dependencies
+, CoreServices
+, Security
+, cf-private
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "lorri";
+  version = "unstable-2019-10-30";
+
+  meta = with stdenv.lib; {
+    description = "Your project's nix-env";
+    homepage = "https://github.com/target/lorri";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ grahamc Profpatsch ];
+  };
+
+  src = fetchFromGitHub {
+    owner = "target";
+    repo = pname;
+    # Run `eval $(nix-build -A lorri.updater)` after updating the revision!
+    rev = "03f10395943449b1fc5026d3386ab8c94c520ee3";
+    sha256 = "0fcl79ndaziwd8d74mk1lsijz34p2inn64b4b4am3wsyk184brzq";
+  };
+
+  cargoSha256 = "1daff4plh7hwclfp21hkx4fiflh9r80y2c7k2sd3zm4lmpy0jpfz";
+  doCheck = false;
+
+  BUILD_REV_COUNT = src.revCount or 1;
+  RUN_TIME_CLOSURE = pkgs.callPackage ./runtime.nix {};
+
+  nativeBuildInputs = with pkgs; [ nix direnv which ];
+  buildInputs =
+    stdenv.lib.optionals stdenv.isDarwin [ CoreServices Security cf-private ];
+
+  passthru = {
+    updater = with builtins; writeScript "copy-runtime-nix.sh" ''
+      #!${runtimeShell}
+      set -euo pipefail
+      cp ${src}/nix/runtime.nix ${toString ./runtime.nix}
+      cp ${src}/nix/runtime-closure.nix.template ${toString ./runtime-closure.nix.template}
+    '';
+    tests = {
+      nixos = nixosTests.lorri;
+    };
+  };
+}
diff --git a/pkgs/tools/misc/lorri/runtime-closure.nix.template b/pkgs/tools/misc/lorri/runtime-closure.nix.template
new file mode 100644
index 00000000000..2cb2ec4bbb9
--- /dev/null
+++ b/pkgs/tools/misc/lorri/runtime-closure.nix.template
@@ -0,0 +1,37 @@
+# Nix with sandboxing requires every path used at build time be
+# explicitly declared. If we simply passed in the paths, they
+# would be copied in as sources. Using builtins.storePath we're
+# able to tell Nix that, no, in fact, treat these not as sources
+# to copy, but instead of a regular store path.
+#
+# Include the explicit closure, too, otherwise we'll get mysterious
+# "file not found" errors due to the glibc interpreter being
+# missing.
+let
+  # Magic inspired by Nix's config.nix:
+  # https://github.com/NixOS/nix/blob/f9a2ea44867cd1dbb408bca4df0ced806137b7f7/corepkgs/config.nix.in#L23
+  #
+  # If the dependency is in the Nix store we're using, refer to
+  # it as a literal store path. If it isn't, refer to it "normally".
+  #
+  # This makes sandboxing happy when in a nix-build, and the
+  # evaluation happy when in a «cargo build».
+  tools_build_host = @tools_build_host@;
+
+  # Compare the stringified version of the tools_build_host Nix store
+  # path to the evaluator's stringified Nix store path. Otherwise,
+  # Nix will read the sources in to the /nix/store, and, well,
+  # you can only copy the /nix/store in to the /nix/store so many
+  # times before you run out of disk space.
+  dep = if ("${toString (dirOf tools_build_host)}" == "${toString builtins.storeDir}")
+    then (builtins.trace "using storePath"  builtins.storePath)
+    else (builtins.trace "using toString" toString) # assume we have no sandboxing
+    ;
+
+  tools = dep tools_build_host;
+
+in {
+  path = "${tools}/bin";
+  builder = "${tools}/bin/bash";
+  closure = import @runtime_closure_list@ { inherit dep; };
+}
diff --git a/pkgs/tools/misc/lorri/runtime.nix b/pkgs/tools/misc/lorri/runtime.nix
new file mode 100644
index 00000000000..71bc89b5af3
--- /dev/null
+++ b/pkgs/tools/misc/lorri/runtime.nix
@@ -0,0 +1,33 @@
+{
+  # Plumbing tools:
+  closureInfo, runCommand, writeText, buildEnv,
+
+  # Actual dependencies to propagate:
+  bash, coreutils }:
+let
+  tools = buildEnv {
+    name = "lorri-runtime-tools";
+    paths = [ coreutils bash ];
+  };
+
+  runtimeClosureInfo = closureInfo {
+    rootPaths = [ tools ];
+  };
+
+  closureToNix = runCommand "closure.nix" {}
+  ''
+    (
+      echo '{ dep, ... }: ['
+      sed -E 's/^(.*)$/    (dep \1)/' ${runtimeClosureInfo}/store-paths
+      echo ']'
+    ) > $out
+  '';
+
+  runtimeClosureInfoAsNix = runCommand "runtime-closure.nix" {
+    runtime_closure_list = closureToNix;
+    tools_build_host = tools;
+  }
+  ''
+    substituteAll ${./runtime-closure.nix.template} $out
+  '';
+in runtimeClosureInfoAsNix