fortify: switch to static linking

Signed-off-by: Ophestra <cat@gensokyo.uk>

acl/c.go

@@ -9,7 +9,7 @@ import (
 )
 
 /*
-#cgo linux pkg-config: libacl
+#cgo linux pkg-config: --static libacl
 
 #include <stdlib.h>
 #include <sys/acl.h>

dist/release.sh

@@ -8,7 +8,7 @@ mkdir -p "${out}"
 cp -v "README.md" "dist/fsurc.default" "dist/install.sh" "${out}"
 cp -rv "comp" "${out}"
 
-go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w
+go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -extldflags '-static'
   -X git.gensokyo.uk/security/fortify/internal.Version=${VERSION}
   -X git.gensokyo.uk/security/fortify/internal.Fortify=/usr/bin/fortify
   -X git.gensokyo.uk/security/fortify/internal.Fsu=/usr/bin/fsu

flake.nix

@@ -113,16 +113,31 @@
           pname = "fortify-fhs";
           inherit (self.packages.${system}.fortify) version;
           targetPkgs =
-            pkgs: with pkgs; [
+            pkgs:
+            with pkgs;
+            [
               go
               gcc
               pkg-config
+              wayland-scanner
+            ]
+            ++ (
+              with pkgs.pkgsStatic;
+              [
+                musl
+                libffi
                 acl
                 wayland
-              wayland-scanner
                 wayland-protocols
-              xorg.libxcb
+              ]
-            ];
+              ++ (with xorg; [
+                libxcb
+                libXau
+                libXdmcp
+
+                xorgproto
+              ])
+            );
           extraOutputsToInstall = [ "dev" ];
           profile = ''
             export PKG_CONFIG_PATH="/usr/share/pkgconfig:$PKG_CONFIG_PATH"

package.nix

@@ -1,15 +1,12 @@
 {
   lib,
   buildGoModule,
-  makeBinaryWrapper,
   xdg-dbus-proxy,
   bubblewrap,
+  musl,
+  pkgsStatic,
   pkg-config,
-  acl,
-  wayland,
   wayland-scanner,
-  wayland-protocols,
-  xorg,
 }:
 
 buildGoModule rec {
@@ -27,19 +24,13 @@ buildGoModule rec {
     lib.attrsets.foldlAttrs
       (
         ldflags: name: value:
-        ldflags
+        ldflags ++ [ "-X git.gensokyo.uk/security/fortify/internal.${name}=${value}" ]
-        ++ [
-          "-X"
-          "git.gensokyo.uk/security/fortify/internal.${name}=${value}"
-        ]
       )
       [
-        "-s"
+        "-s -w"
-        "-w"
+        "-extldflags '-static'"
-        "-X"
+        "-X main.Fmain=${placeholder "out"}/libexec/fortify"
-        "main.Fmain=${placeholder "out"}/libexec/fortify"
+        "-X main.Fshim=${placeholder "out"}/libexec/fshim"
-        "-X"
-        "main.Fshim=${placeholder "out"}/libexec/fshim"
       ]
       {
         Version = "v${version}";
@@ -51,17 +42,26 @@ buildGoModule rec {
   # nix build environment does not allow acls
   GO_TEST_SKIP_ACL = 1;
 
-  buildInputs = [
+  buildInputs =
+    # cannot find a cleaner way to do this
+    with pkgsStatic;
+    [
+      musl
+      libffi
       acl
       wayland
       wayland-protocols
-    xorg.libxcb
+    ]
-  ];
+    ++ (with xorg; [
+      libxcb
+      libXau
+      libXdmcp
+    ]);
 
   nativeBuildInputs = [
     pkg-config
     wayland-scanner
-    makeBinaryWrapper
+    pkgsStatic.makeBinaryWrapper
   ];
 
   preConfigure = ''

wl/c.go

@@ -4,12 +4,13 @@ package wl
 //go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c"
 
 /*
-#cgo linux pkg-config: wayland-client
+#cgo linux pkg-config: --static wayland-client
 #cgo freebsd openbsd LDFLAGS: -lwayland-client
 
 #include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <string.h>
 
 #include <unistd.h>
 #include <sys/socket.h>

xcb/c.go

@@ -6,7 +6,7 @@ import (
 )
 
 /*
-#cgo linux pkg-config: xcb
+#cgo linux pkg-config: --static xcb
 
 #include <stdlib.h>
 #include <xcb/xcb.h>