From d11a24c720b2ca811a40c6196932fa22b13e9545 Mon Sep 17 00:00:00 2001 From: Hadi Chokr Date: Tue, 31 Mar 2026 18:39:23 +0200 Subject: [PATCH 1/2] Refactor subprojects in nix flake to be attributes. Also wrote and by wrote I mean stole from other projects helper functions for bypassing the nodownload restriction of the nix sandbox. This uses the wrap files in the repo ecxept for the download part which has to be an input for reproducibility sake. The Nix Code is ugly and I am gonna vomit. --- flake.nix | 83 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 30 deletions(-) diff --git a/flake.nix b/flake.nix index 05ceb4fef..80e07de1d 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ flake = false; }; + # patches only get applied if they follow -patch naming miniaudio-patch = { url = "https://wrapdb.mesonbuild.com/v2/miniaudio_0.11.22-2/get_patch"; flake = false; @@ -37,16 +38,51 @@ }; outputs = - { - self, - nixpkgs, - flake-utils, - ... - }@inputs: + { self, nixpkgs, flake-utils, ... }@inputs: flake-utils.lib.eachDefaultSystem ( system: let pkgs = import nixpkgs { inherit system; }; + lib = pkgs.lib; + + subprojectNames = [ + "shiggy" + "4jlibs" + "stb" + "simdutf" + "miniaudio" + ]; + + # helper: copy all subproject sources + copySubprojects = '' + mkdir -p $sourceRoot/subprojects + ${lib.concatMapStringsSep "\n" (name: "cp -r ${inputs.${name}} $sourceRoot/subprojects/${name}") subprojectNames} + chmod -R u+w $sourceRoot/subprojects + ''; + + # helper: copy packagefiles + copyPackagefiles = '' + for proj in ${builtins.toString subprojectNames}; do + if [ -d "subprojects/packagefiles/$proj" ]; then + cp -r subprojects/packagefiles/$proj/* subprojects/$proj/ + fi + done + ''; + + # helper: apply patches from '-patch' inputs + applyPatches = lib.concatMapStringsSep "\n" (name: '' + patch_input="${inputs.${name + "-patch"} or ""}" + if [ -n "$patch_input" ]; then + unzip "$patch_input" -d ${name}-patch-tmp + if [ $(ls -1 ${name}-patch-tmp | wc -l) -eq 1 ] && [ -d ${name}-patch-tmp/* ]; then + cp -r ${name}-patch-tmp/*/* subprojects/${name}/ + else + cp -r ${name}-patch-tmp/* subprojects/${name}/ + fi + rm -rf ${name}-patch-tmp + fi + '') subprojectNames; + in { packages.default = pkgs.clangStdenv.mkDerivation { @@ -57,34 +93,21 @@ dontFixup = true; dontUseCmakeConfigure = true; - # 4jcraft - Meson expects this subprojects structure + # Disable fortify to prevent buffer overflow detection + hardeningDisable = [ "fortify3" "fortify" ]; + postUnpack = '' - mkdir -p $sourceRoot/subprojects - - cp -r ${inputs.shiggy} $sourceRoot/subprojects/shiggy - cp -r ${inputs."4jlibs"} $sourceRoot/subprojects/4jlibs - cp -r ${inputs.stb} $sourceRoot/subprojects/stb - cp -r ${inputs.simdutf} $sourceRoot/subprojects/simdutf - cp -r ${inputs.miniaudio} $sourceRoot/subprojects/miniaudio - - chmod -R u+w $sourceRoot/subprojects + ${copySubprojects} ''; - # 4jcraft - `stb` and `simdutf` patches postPatch = '' - cp subprojects/packagefiles/stb/meson.build subprojects/stb/meson.build - cp subprojects/packagefiles/simdutf/meson.build subprojects/simdutf/meson.build - cp subprojects/packagefiles/simdutf/meson.options subprojects/simdutf/meson.options + # Remove wrap files so Meson doesn't try to download them + for proj in ${builtins.toString subprojectNames}; do + rm -f subprojects/$proj.wrap + done - unzip ${inputs.miniaudio-patch} -d miniaudio-patch-tmp - cp -r miniaudio-patch-tmp/*/. subprojects/miniaudio/ - - cat > subprojects/miniaudio.wrap < Date: Tue, 31 Mar 2026 21:01:20 +0200 Subject: [PATCH 2/2] Made a PR for the overflow fix, reenable hardening. --- flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/flake.nix b/flake.nix index 80e07de1d..699f7a74c 100644 --- a/flake.nix +++ b/flake.nix @@ -93,9 +93,6 @@ dontFixup = true; dontUseCmakeConfigure = true; - # Disable fortify to prevent buffer overflow detection - hardeningDisable = [ "fortify3" "fortify" ]; - postUnpack = '' ${copySubprojects} '';