usr: cli: add nix-docker-isa (currently only add riscv64 for experime…

…nts)
xieby1 · May 29, 2024 · dc32341 · dc32341
1 parent faef8c9
commit dc32341
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 0 deletions.
diff --git a/usr/cli.nix b/usr/cli.nix
@@ -385,6 +385,7 @@ in
     nurl
     # runXonY
     qemu
+    (import ./cli/nix-docker-isa)
   ] ++ lib.optional (builtins.currentSystem == "x86_64-linux") pkgsu.quickemu;
 
   programs.eza.enable = true;

diff --git a/usr/cli/nix-docker-isa/default.nix b/usr/cli/nix-docker-isa/default.nix
@@ -0,0 +1,72 @@
+#MC # Nix Docker for Multiple ISAs
+# TODO: support multiple ISAs (currently only riscv64)
+# currently: this riscv64 nix docker can `nix-env -iA nixpkgs.hello`,
+# which is completely built from source including toolchains (stdenv) in riscv64.
+let
+  pkgs = import <nixpkgs> {};
+  # pkgsCross = import <nixpkgs> {};
+  pkgsCross = pkgs.pkgsCross.riscv64;
+  docker-nixpkgs-src = pkgs.fetchFromGitHub {
+    owner = "nix-community";
+    repo = "docker-nixpkgs";
+    rev = "bfac57f18680c9b2927b9c85a17e5b4cd89c27f2";
+    hash = "sha256-fn9wmhwIFCuTziPZZ0HlJxqNEnOyjdaiHGrvD2niXOU=";
+  };
+  docker-image = import "${docker-nixpkgs-src}/images/nix" {
+    inherit (pkgs) dockerTools cacert;
+    inherit (pkgsCross)
+      bashInteractive
+      coreutils
+      curl
+      gnutar
+      gzip
+      iana-etc
+      nix
+      openssh
+      xz
+    ;
+    gitReallyMinimal = pkgsCross.gitMinimal;
+    extraContents = [
+      # (pkgs.writeTextFile {
+      #   name = "nix.conf";
+      #   text = ''
+      #     filter-syscalls = false
+      #   '';
+      #   destination = "/etc/nix/nix.conf";
+      # })
+      ./imageFiles
+    ];
+  };
+in pkgs.writeShellScriptBin "nix-docker-riscv64" ''
+  command -v podman &> /dev/null || echo "podman not found TODO: install" || exit 1
+
+  # TODO: add tag support to docker-nixpkgs
+  outName="$(basename ${docker-image})"
+  outHash=$(echo "$outName" | cut -d - -f 1)
+  nixName=${pkgsCross.nix.name}
+  imageName=localhost/$nixName:$outHash
+
+  # check whether image has been loaded
+  podman images $imageName | grep $nixName | grep $outHash &> /dev/null
+  # image has not been loaded, then load it
+  if [[ $? != 0 ]]; then
+    podman load -i ${docker-image}
+  fi
+
+
+  # TODO
+  BINFMTS=""
+  for binfmt in /run/binfmt/*; do
+      BINFMTS+=" -v $(realpath $binfmt):$binfmt"
+  done
+
+  containerName=$nixName-$outHash
+  # run container
+  podman run -it \
+    --name=$containerName \
+    -v $(realpath /run/binfmt/riscv64-linux):/run/binfmt/riscv64-linux \
+    --network=host \
+    $imageName
+  podman commit $containerName $imageName
+  podman rm $containerName
+''
diff --git a/usr/cli/nix-docker-isa/imageFiles/etc/nix/nix.conf b/usr/cli/nix-docker-isa/imageFiles/etc/nix/nix.conf
@@ -0,0 +1,3 @@
+# To bypass the problem of "unable to load seccomp BPF program: Invalid argument"
+# See: https://github.com/NixOS/nix/issues/5258
+filter-syscalls = false
diff --git a/usr/cli/nix-docker-isa/imageFiles/root/.config/nixpkgs/overlays.nix b/usr/cli/nix-docker-isa/imageFiles/root/.config/nixpkgs/overlays.nix
@@ -0,0 +1,21 @@
+[(self: super:
+{
+  bison = super.bison.overrideAttrs (old: {
+    doInstallCheck = false;
+  });
+  coreutils = super.coreutils.overrideAttrs (old: {
+    doCheck = false;
+  });
+  diffutils = super.diffutils.overrideAttrs (old: {
+    doCheck = false;
+  });
+  findutils = super.findutils.overrideAttrs (old: {
+    doCheck = false;
+  });
+  gnugrep = super.gnugrep.overrideAttrs (old: {
+    doCheck = false;
+  });
+  hello = super.hello.overrideAttrs (old: {
+    doCheck = false;
+  });
+})]