[Nix-dev] Using nix to produce distributable binaries?

Rob Vermaas rob.vermaas at gmail.com
Thu Aug 20 17:57:48 CEST 2015 

Distributable binaries have many issues, but it is possible. E.g. here
is a piece of code I once wrote:

  unnixify = input: pkgs.runCommand "${input.name}-unnixified"
    {
      dontPatchELF = true;
      dontPatchShebangs = true;
    }
    ''

    mkdir $out $out/.libs
    cp -R ${input}/* $out

    function copylibs()
    {
      for l in $(ldd $1 2> /dev/null | grep '=>' | cut -d' ' -f3); do
        if [[ $l =~ glibc ]]; then continue; fi
        cp -f $l $out/.libs
      done
    }

    count=0
    while true; do
      echo Number of libraries until now: $count
      for f in $(find $out -executable); do
        copylibs $f
      done
      newcount=$(ls $out/.libs | wc -l)
      if [ $newcount -eq $count ]; then
        break
      else
        count=$newcount
      fi
    done

    chmod u+w -R $out
    find $out \( \
         \( -type f -a -name "*.so*" \) -o \
         \( -type f -a -perm +0100 \) \
         \) | while read f; do
      echo Patching $f
      echo $f | sed "s|$out/||"
      rel=$(dirname $(echo $f | sed "s|$out/||"))
      rel=$(echo $rel | sed "s|[a-zA-Z0-9\._-]*|..|")
      ${pkgs.patchelf}/bin/patchelf --set-rpath "\$ORIGIN/$rel/.libs" $f || true
      ${pkgs.patchelf}/bin/patchelf --set-interpreter
"/lib64/ld-linux-x86-64.so.2" $f || true
    done
  '';

This copies every library the input depends on into the result, except
for glibc, and sets the interpreter of binaries to
/lib64/ld-linux-x86-64.so.2.

Cheers,
Rob

On Thu, Aug 20, 2015 at 2:44 PM, Vladimír Čunát <vcunat at gmail.com> wrote:
> Hello.
>
> On 08/20/2015 04:18 PM, Tom Ridge wrote:
>> What is the recommended best practice for releasing binaries using nix?
>> How can I remove the dependencies on the nix store?
>
> I'd patch the shebangs just by a sed command or something similar.
> Binaries can be handled by patchelf.
>
> Anyway, for start I'd try to set dontPatchELF = true; and
> dontPatchShebangs = true; in the nix expression. That might kill both
> cases by itself.
>
>
> Vladimir
>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>



-- 
Rob Vermaas

[email] rob.vermaas at gmail.com

More information about the nix-dev mailing list