From 2d0e31b3584b3d1d272c8d765a152a1659dffa95 Mon Sep 17 00:00:00 2001 From: Slendi Date: Tue, 16 Sep 2025 14:16:02 +0300 Subject: [PATCH] sdf Signed-off-by: Slendi --- flake.nix | 91 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 50 insertions(+), 41 deletions(-) diff --git a/flake.nix b/flake.nix index 4bbed3a..7bc5079 100644 --- a/flake.nix +++ b/flake.nix @@ -57,55 +57,64 @@ pkgs.gzip ]; buildCommand = '' - set -euo pipefail - PAY="$PWD/payload" - mkdir -p "$PAY/nix/store" + set -euo pipefail - # copy closure paths from closureInfo (no nix calls here) - while IFS= read -r p; do - cp -a --no-preserve=ownership "$p" "$PAY/nix/store/" - done < ${ci}/store-paths + PAY="$PWD/payload" + mkdir -p "$PAY/nix/store" - # pick an app binary - APP_BIN=$(find ${appBinGuess} -maxdepth 1 -type f -perm -111 | head -n1) - if [ -z "''${APP_BIN:-}" ]; then - echo "no executable found in ${appBinGuess}" >&2 - exit 1 - fi - APP_REL="/nix/store/$(basename "$(dirname "$APP_BIN")")/$(basename "$APP_BIN")" + # 1) copy closure (no nix calls; uses closureInfo) + while IFS= read -r p; do + cp -a --no-preserve=ownership "$p" "$PAY/nix/store/" + done < ${ci}/store-paths - ( cd "$PAY" && tar -czf "$PWD/payload.tar.gz" . ) + # 2) pick app binary and make relative path used by the runner + APP_BIN=$(find ${appBinGuess} -maxdepth 1 -type f -perm -111 | head -n1) + if [ -z "''${APP_BIN:-}" ]; then + echo "no executable found in ${appBinGuess}" >&2 + exit 1 + fi + APP_REL="/nix/store/$(basename "$(dirname "$APP_BIN")")/$(basename "$APP_BIN")" - cat > $out <<'SH' - #!/bin/sh - set -euf - : "''${TMPDIR:=/tmp}" - EXTRACT_DIR="$(mktemp -d "''${TMPDIR%/}/nxbdl.XXXXXX")" - cleanup() { [ -n "''${KEEP_BUNDLE:-}" ] || rm -rf "$EXTRACT_DIR"; } - trap cleanup EXIT INT TERM + # 3) tar the payload OUTSIDE $PAY to avoid self-inclusion + _TMP="$(mktemp -d)" + ( cd "$PAY" && tar \ + --sort=name \ + --owner=0 --group=0 --numeric-owner \ + -czf "$_TMP/payload.tar.gz" . ) - ARCHIVE_LINE=$(awk '/^__ARCHIVE_BELOW__/ {print NR+1; exit 0}' "$0") - tail -n +"$ARCHIVE_LINE" "$0" | tar -xzf - -C "$EXTRACT_DIR" + # 4) write the self-extracting stub + cat > "$out" <<'SH' + #!/bin/sh + set -euf + : "''${TMPDIR:=/tmp}" + EXTRACT_DIR="$(mktemp -d "''${TMPDIR%/}/nxbdl.XXXXXX")" + cleanup() { [ -n "''${KEEP_BUNDLE:-}" ] || rm -rf "$EXTRACT_DIR"; } + trap cleanup EXIT INT TERM - cd "$EXTRACT_DIR" - APP_REL='__APP_REL__' - PROOT_REL='__PROOT_REL__' + ARCHIVE_LINE=$(awk '/^__ARCHIVE_BELOW__/ {print NR+1; exit 0}' "$0") + tail -n +"$ARCHIVE_LINE" "$0" | tar -xzf - -C "$EXTRACT_DIR" - BUNDLE_PWD="''${BUNDLE_PWD:-$PWD}" - exec ".${PROOT_REL}" \ - -b ./nix:nix \ - -R / \ - -w "$BUNDLE_PWD" \ - ".$APP_REL" "$@" + cd "$EXTRACT_DIR" + APP_REL='__APP_REL__' + PROOT_REL='__PROOT_REL__' - __ARCHIVE_BELOW__ - SH - sed -i \ - -e "s|__APP_REL__|$APP_REL|g" \ - -e "s|__PROOT_REL__|${PROOT_REL}|g" \ - $out - chmod +x $out - cat payload.tar.gz >> $out + BUNDLE_PWD="''${BUNDLE_PWD:-$PWD}" + exec ".${PROOT_REL}" \ + -b ./nix:nix \ + -R / \ + -w "$BUNDLE_PWD" \ + ".$APP_REL" "$@" + + __ARCHIVE_BELOW__ + SH + + # 5) inject paths, chmod, and append payload + sed -i \ + -e "s|__APP_REL__|$APP_REL|g" \ + -e "s|__PROOT_REL__|${PROOT_REL}|g" \ + "$out" + chmod +x "$out" + cat "$_TMP/payload.tar.gz" >> "$out" ''; };