diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index 9add0f4..a445894 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -24,7 +24,7 @@ jobs: - name: Get dependencies uses: awalsh128/cache-apt-pkgs-action@latest with: - packages: acl git gcc pkg-config libwayland-dev wayland-protocols/bookworm-backports libxcb1-dev libacl1-dev + packages: acl git gcc pkg-config libwayland-client0 libwayland-dev wayland-protocols/bookworm-backports libxcb1-dev libacl1-dev version: 1.0 #execute_install_scripts: true if: ${{ runner.os == 'Linux' }} diff --git a/acl/c.go b/acl/c.go index 4bbc549..7609e14 100644 --- a/acl/c.go +++ b/acl/c.go @@ -9,7 +9,7 @@ import ( ) /* -#cgo linux pkg-config: libacl +#cgo linux pkg-config: --static libacl #include #include diff --git a/dist/release.sh b/dist/release.sh index 9d2ca3f..ae83d5a 100755 --- a/dist/release.sh +++ b/dist/release.sh @@ -8,7 +8,7 @@ mkdir -p "${out}" cp -v "README.md" "dist/fsurc.default" "dist/install.sh" "${out}" cp -rv "comp" "${out}" -go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w +go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -extldflags '-static' -X git.gensokyo.uk/security/fortify/internal.Version=${VERSION} -X git.gensokyo.uk/security/fortify/internal.Fortify=/usr/bin/fortify -X git.gensokyo.uk/security/fortify/internal.Fsu=/usr/bin/fsu diff --git a/flake.nix b/flake.nix index 7e156a3..cce6eb1 100644 --- a/flake.nix +++ b/flake.nix @@ -113,16 +113,31 @@ pname = "fortify-fhs"; inherit (self.packages.${system}.fortify) version; targetPkgs = - pkgs: with pkgs; [ + pkgs: + with pkgs; + [ go gcc pkg-config - acl - wayland wayland-scanner - wayland-protocols - xorg.libxcb - ]; + ] + ++ ( + with pkgs.pkgsStatic; + [ + musl + libffi + acl + wayland + wayland-protocols + ] + ++ (with xorg; [ + libxcb + libXau + libXdmcp + + xorgproto + ]) + ); extraOutputsToInstall = [ "dev" ]; profile = '' export PKG_CONFIG_PATH="/usr/share/pkgconfig:$PKG_CONFIG_PATH" diff --git a/package.nix b/package.nix index 51e29c6..23fee20 100644 --- a/package.nix +++ b/package.nix @@ -1,15 +1,12 @@ { lib, buildGoModule, - makeBinaryWrapper, xdg-dbus-proxy, bubblewrap, + musl, + pkgsStatic, pkg-config, - acl, - wayland, wayland-scanner, - wayland-protocols, - xorg, }: buildGoModule rec { @@ -27,19 +24,13 @@ buildGoModule rec { lib.attrsets.foldlAttrs ( ldflags: name: value: - ldflags - ++ [ - "-X" - "git.gensokyo.uk/security/fortify/internal.${name}=${value}" - ] + ldflags ++ [ "-X git.gensokyo.uk/security/fortify/internal.${name}=${value}" ] ) [ - "-s" - "-w" - "-X" - "main.Fmain=${placeholder "out"}/libexec/fortify" - "-X" - "main.Fshim=${placeholder "out"}/libexec/fshim" + "-s -w" + "-extldflags '-static'" + "-X main.Fmain=${placeholder "out"}/libexec/fortify" + "-X main.Fshim=${placeholder "out"}/libexec/fshim" ] { Version = "v${version}"; @@ -51,17 +42,26 @@ buildGoModule rec { # nix build environment does not allow acls GO_TEST_SKIP_ACL = 1; - buildInputs = [ - acl - wayland - wayland-protocols - xorg.libxcb - ]; + buildInputs = + # cannot find a cleaner way to do this + with pkgsStatic; + [ + musl + libffi + acl + wayland + wayland-protocols + ] + ++ (with xorg; [ + libxcb + libXau + libXdmcp + ]); nativeBuildInputs = [ pkg-config wayland-scanner - makeBinaryWrapper + pkgsStatic.makeBinaryWrapper ]; preConfigure = '' diff --git a/wl/c.go b/wl/c.go index 97c641b..b571e06 100644 --- a/wl/c.go +++ b/wl/c.go @@ -4,12 +4,13 @@ package wl //go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c" /* -#cgo linux pkg-config: wayland-client +#cgo linux pkg-config: --static wayland-client #cgo freebsd openbsd LDFLAGS: -lwayland-client #include #include #include +#include #include #include diff --git a/xcb/c.go b/xcb/c.go index 3138c1d..f2703f9 100644 --- a/xcb/c.go +++ b/xcb/c.go @@ -6,7 +6,7 @@ import ( ) /* -#cgo linux pkg-config: xcb +#cgo linux pkg-config: --static xcb #include #include