tribes/guix-tribes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split generic Mix deps fetching from Tribes prep

Browse Source
This commit is contained in:
Steffen
2026-03-31 19:09:46 +02:00
parent 408e1737dc
commit d40464063f
2 changed files with 184 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
tribes/packages/mix.scm Normal file
View File

@@ -0,0 +1,105 @@
(define-module (tribes packages mix)
#:use-module (guix base32)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (gnu packages admin)
#:use-module (gnu packages bash)
#:use-module (gnu packages base)
#:use-module (gnu packages erlang)
#:use-module (gnu packages nss)
#:use-module (gnu packages version-control)
#:use-module (tribes packages otp)
#:export (fetch-mix-deps))
(define* (fetch-mix-deps source
#:key
(name "mix-deps")
version
sha256
(mix-env "prod")
(mix-target "host"))
"Return a fixed-output store item that vendors the Mix dependency tree for
SOURCE according to mix.lock."
(computed-file
(string-append name "-" version)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(define out #$output)
(define work (string-append (getcwd) "/build"))
(define app-dir (string-append work "/app"))
(define deps-dir (string-append work "/deps"))
(define certs-dir
#$(file-append nss-certs "/etc/ssl/certs"))
(define cert-file
(string-append work "/ca-certificates.crt"))
(define path
(string-join
(list #$(file-append elixir-otp28 "/bin")
#$(file-append elixir-hex-otp28 "/bin")
#$(file-append rebar3 "/bin")
#$(file-append bash-minimal "/bin")
#$(file-append coreutils "/bin")
#$(file-append findutils "/bin")
#$(file-append git-minimal "/bin")
(or (getenv "PATH") ""))
":"))
(mkdir-p work)
(copy-recursively #+source app-dir #:follow-symlinks? #t)
(invoke #$(file-append coreutils "/bin/chmod") "-R" "u+w" app-dir)
(invoke #$(file-append bash-minimal "/bin/sh")
"-c"
(string-append
#$(file-append coreutils "/bin/cat")
" "
certs-dir
"/*.pem > "
cert-file))
(setenv "PATH" path)
(setenv "HOME" (string-append work "/home"))
(setenv "MIX_HOME" (string-append work "/mix"))
(setenv "HEX_HOME" (string-append work "/hex"))
(setenv "MIX_DEPS_PATH" deps-dir)
(setenv "MIX_ENV" #$mix-env)
(setenv "MIX_TARGET" #$mix-target)
(setenv "MIX_OS_CONCURRENCY_LOCK" "0")
(setenv "MIX_REBAR3" #$(file-append rebar3 "/bin/rebar3"))
(setenv "REBAR_GLOBAL_CONFIG_DIR" (string-append work "/rebar3"))
(setenv "REBAR_CACHE_DIR" (string-append work "/rebar3.cache"))
(setenv "LANG" "C.UTF-8")
(setenv "LC_CTYPE" "C.UTF-8")
(setenv "ELIXIR_ERL_OPTIONS" "+fnu")
(setenv "SSL_CERT_DIR" certs-dir)
(setenv "SSL_CERT_FILE" cert-file)
(setenv "HEX_CACERTS_PATH" cert-file)
(setenv "HEX_HTTP_CONCURRENCY" "1")
(setenv "HEX_HTTP_TIMEOUT" "120")
(mkdir-p (getenv "HOME"))
(mkdir-p (getenv "MIX_HOME"))
(mkdir-p (getenv "HEX_HOME"))
(with-directory-excursion app-dir
(invoke "mix" "deps.get" "--only" #$mix-env))
(mkdir-p out)
(copy-recursively deps-dir out #:follow-symlinks? #t)
;; Match nixpkgs fetchMixDeps behavior for SCM deps: keep .git/HEAD so
;; Mix still considers the checkout available, but discard the rest of
;; the repository metadata from the fixed-output tree.
(invoke #$(file-append findutils "/bin/find")
out
"-path" "*/.git/*"
"-a" "!" "-name" "HEAD"
"-exec"
#$(file-append coreutils "/bin/rm") "-rf"
"{}"
"+")))
#:options
`(#:hash ,(base32 sha256)
#:hash-algo sha256
#:recursive? #t
#:leaked-env-vars ("http_proxy" "https_proxy"
"LC_ALL" "LC_MESSAGES" "LANG" "COLUMNS"))))

133
tribes/packages/source.scm
View File

@@ -19,6 +19,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages version-control)
#:use-module ((tribes packages mix) #:prefix mix:)
#:use-module (tribes packages otp)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-13)
@@ -26,9 +27,15 @@
tribes-source-package
tribes-source-directory->local-file))
;; Recursive sha256 of the deps tree produced by `mix deps.get --only prod`
;; Recursive sha256 of the raw deps tree produced by `mix deps.get --only prod`
;; from the current Tribes mix.lock, with git metadata stripped except for
;; .git/HEAD in SCM dependencies.
(define %tribes-raw-mix-deps-sha256
"0mv4jva8zkx8cq1b84hn65bl913nnhkvf25g6fi93z3jm35jy0pc")
;; Recursive sha256 of the Tribes-specific prepared deps tree, after injecting
;; the upstream secp256k1 source into the Hex package and patching its build
;; recipe to avoid build-time network access.
(define %tribes-mix-deps-sha256
"0ksjnc9gnjijp1nbz3jlvl9kz8w7hx1a0ssms1dvd15rr25gn0d4")
@@ -97,20 +104,25 @@ checkout."
(lambda (file stat)
(tribes-source-select? directory file stat))))))
(define* (fetch-mix-deps source
(define fetch-mix-deps mix:fetch-mix-deps)
(define* (tribes-mix-deps source
#:key
(name "tribes-mix-deps")
(version "0.2.0")
(sha256 %tribes-mix-deps-sha256)
(raw-sha256 %tribes-raw-mix-deps-sha256)
(mix-env "prod")
(mix-target "host")
(home-page "https://git.teralink.net/tribes/tribes.git")
(synopsis "Vendored Mix dependency tree")
(description
"Mix dependency tree fetched from the Tribes source
using the committed mix.lock."))
"Return a fixed-output store item that vendors the Mix dependency tree for
SOURCE according to mix.lock."
(mix-target "host"))
"Return the Tribes Mix dependency tree, prepared from the raw lockfile
resolution by injecting extra pre-fetched sources needed for offline builds."
(let ((raw-mix-deps
(fetch-mix-deps source
#:name (string-append name "-raw")
#:version version
#:sha256 raw-sha256
#:mix-env mix-env
#:mix-target mix-target)))
(computed-file
(string-append name "-" version)
(with-imported-modules '((guix build utils))
@@ -118,62 +130,10 @@ SOURCE according to mix.lock."
(use-modules (guix build utils))
(define out #$output)
(define work (string-append (getcwd) "/build"))
(define app-dir (string-append work "/tribes"))
(define deps-dir (string-append app-dir "/deps"))
(define certs-dir
#$(file-append nss-certs "/etc/ssl/certs"))
(define cert-file
(string-append work "/ca-certificates.crt"))
(define path
(string-join
(list #$(file-append elixir-otp28 "/bin")
#$(file-append elixir-hex-otp28 "/bin")
#$(file-append rebar3 "/bin")
#$(file-append bash-minimal "/bin")
#$(file-append coreutils "/bin")
#$(file-append findutils "/bin")
#$(file-append git-minimal "/bin")
(or (getenv "PATH") ""))
":"))
(define deps-dir (string-append (getcwd) "/deps"))
(mkdir-p work)
(copy-recursively #+source app-dir #:follow-symlinks? #t)
(invoke #$(file-append coreutils "/bin/chmod") "-R" "u+w" app-dir)
(call-with-output-file cert-file
(lambda (port)
(for-each
(lambda (pem)
(call-with-input-file pem
(lambda (input)
(dump-port input port))))
(sort (find-files certs-dir "\\.pem$") string<?))))
(setenv "PATH" path)
(setenv "HOME" (string-append work "/home"))
(setenv "MIX_HOME" (string-append work "/mix"))
(setenv "HEX_HOME" (string-append work "/hex"))
(setenv "MIX_DEPS_PATH" deps-dir)
(setenv "MIX_ENV" #$mix-env)
(setenv "MIX_TARGET" #$mix-target)
(setenv "MIX_OS_CONCURRENCY_LOCK" "0")
(setenv "MIX_REBAR3" #$(file-append rebar3 "/bin/rebar3"))
(setenv "REBAR_GLOBAL_CONFIG_DIR" (string-append work "/rebar3"))
(setenv "REBAR_CACHE_DIR" (string-append work "/rebar3.cache"))
(setenv "LANG" "C.UTF-8")
(setenv "LC_CTYPE" "C.UTF-8")
(setenv "ELIXIR_ERL_OPTIONS" "+fnu")
(setenv "SSL_CERT_DIR" certs-dir)
(setenv "SSL_CERT_FILE" cert-file)
(setenv "HEX_CACERTS_PATH" cert-file)
(setenv "HEX_HTTP_CONCURRENCY" "1")
(setenv "HEX_HTTP_TIMEOUT" "120")
(mkdir-p (getenv "HOME"))
(mkdir-p (getenv "MIX_HOME"))
(mkdir-p (getenv "HEX_HOME"))
(with-directory-excursion app-dir
(invoke "mix" "deps.get" "--only" #$mix-env))
(copy-recursively #+raw-mix-deps deps-dir #:follow-symlinks? #t)
(invoke #$(file-append coreutils "/bin/chmod") "-R" "u+w" deps-dir)
(let* ((libsecp-dir (string-append deps-dir "/lib_secp256k1"))
(libsecp-src-dir (string-append libsecp-dir "/c_src/secp256k1"))
@@ -199,24 +159,13 @@ SOURCE according to mix.lock."
(lambda (_port) #t))))
(mkdir-p out)
(copy-recursively deps-dir out #:follow-symlinks? #t)
;; Match nixpkgs fetchMixDeps behavior for git deps: keep .git/HEAD so
;; Mix still considers the checkout available, but discard the rest of
;; the repository metadata from the fixed-output tree.
(invoke #$(file-append findutils "/bin/find")
out
"-path" "*/.git/*"
"-a" "!" "-name" "HEAD"
"-exec"
#$(file-append coreutils "/bin/rm") "-rf"
"{}"
"+")))
(copy-recursively deps-dir out #:follow-symlinks? #t)))
#:options
`(#:hash ,(base32 sha256)
#:hash-algo sha256
#:recursive? #t
#:leaked-env-vars ("http_proxy" "https_proxy"
"LC_ALL" "LC_MESSAGES" "LANG" "COLUMNS"))))
"LC_ALL" "LC_MESSAGES" "LANG" "COLUMNS")))))
(define* (tribes-source-package source
#:key
@@ -233,7 +182,7 @@ production Elixir release using a vendored Mix dependency tree."))
using MIX-DEPS as the pre-fetched Mix dependency tree resolved from mix.lock."
(let ((mix-deps-source
(or mix-deps
(fetch-mix-deps source
(tribes-mix-deps source
#:name (string-append name "-mix-deps")
#:version version
#:sha256 mix-deps-sha256))))
@@ -266,16 +215,10 @@ using MIX-DEPS as the pre-fetched Mix dependency tree resolved from mix.lock."
rebar3))
(arguments
(list
#:modules '((guix build utils)
(ice-9 ftw)
(ice-9 textual-ports)
(srfi srfi-1))
#:modules '((guix build utils))
#:builder
#~(begin
(use-modules (guix build utils)
(ice-9 ftw)
(ice-9 textual-ports)
(srfi srfi-1))
(use-modules (guix build utils))
(define out #$output)
(define work (string-append (getcwd) "/build"))
@@ -324,14 +267,14 @@ using MIX-DEPS as the pre-fetched Mix dependency tree resolved from mix.lock."
(mkdir-p work)
(copy-recursively #+source app-dir #:follow-symlinks? #t)
(copy-recursively #+mix-deps-source deps-dir #:follow-symlinks? #t)
(call-with-output-file cert-file
(lambda (port)
(for-each
(lambda (pem)
(call-with-input-file pem
(lambda (input)
(dump-port input port))))
(sort (find-files certs-dir "\\.pem$") string<?))))
(invoke #$(file-append bash-minimal "/bin/sh")
"-c"
(string-append
#$(file-append coreutils "/bin/cat")
" "
certs-dir
"/*.pem > "
cert-file))
(invoke #$(file-append coreutils "/bin/chmod")
"-R" "u+w"
app-dir