internal/rosa/mesa: libdrm artifact

Required by mesa.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/mbf/main.go

@@ -14,6 +14,7 @@ package main
 
 import (
 	"context"
+	"crypto/sha512"
 	"errors"
 	"fmt"
 	"io"
@@ -126,6 +127,19 @@ func main() {
 			"abstract UNIX sockets",
 	)
 
+	c.NewCommand(
+		"checksum", "Compute checksum of data read from standard input",
+		func([]string) error {
+			go func() { <-ctx.Done(); os.Exit(1) }()
+			h := sha512.New384()
+			if _, err := io.Copy(h, os.Stdin); err != nil {
+				return err
+			}
+			log.Println(pkg.Encode(pkg.Checksum(h.Sum(nil))))
+			return nil
+		},
+	)
+
 	{
 		var flagShifts int
 		c.NewCommand(

internal/rosa/all.go

@@ -64,6 +64,7 @@ const (
 	GenInitCPIO
 	Gettext
 	Git
+	Glslang
 	GnuTLS
 	Go
 	Gperf
@@ -76,10 +77,13 @@ const (
 	LibXau
 	Libbsd
 	Libcap
+	Libclc
+	Libdrm
 	Libev
 	Libexpat
 	Libffi
 	Libgd
+	Libglvnd
 	Libiconv
 	Libmd
 	Libmnl
@@ -125,9 +129,12 @@ const (
 	Procps
 	Python
 	PythonIniConfig
+	PythonMako
+	PythonMarkupSafe
 	PythonPackaging
 	PythonPluggy
 	PythonPyTest
+	PythonPyYAML
 	PythonPygments
 	QEMU
 	Rdfind
@@ -135,6 +142,8 @@ const (
 	Rsync
 	Sed
 	Setuptools
+	SPIRVHeaders
+	SPIRVTools
 	SquashfsTools
 	Strace
 	TamaGo
@@ -148,8 +157,9 @@ const (
 	WaylandProtocols
 	XCB
 	XCBProto
-	Xproto
+	XDGDBusProxy
 	XZ
+	Xproto
 	Zlib
 	Zstd
 

internal/rosa/dbus.go

@@ -44,3 +44,39 @@ func init() {
 		ID: 5356,
 	}
 }
+
+func (t Toolchain) newXDGDBusProxy() (pkg.Artifact, string) {
+	const (
+		version  = "0.1.7"
+		checksum = "UW5Pe-TP-XAaN-kTbxrkOQ7eYdmlAQlr2pdreLtPT0uwdAz-7rzDP8V_8PWuZBup"
+	)
+	return t.NewPackage("xdg-dbus-proxy", version, pkg.NewHTTPGetTar(
+		nil, "https://github.com/flatpak/xdg-dbus-proxy/archive/"+
+			"refs/tags/"+version+".tar.gz",
+		mustDecode(checksum),
+		pkg.TarGzip,
+	), nil, &MesonHelper{
+		Setup: []KV{
+			{"Dman", "disabled"},
+		},
+	},
+		DBus,
+
+		GLib,
+	), version
+}
+func init() {
+	artifactsM[XDGDBusProxy] = Metadata{
+		f: Toolchain.newXDGDBusProxy,
+
+		Name:        "xdg-dbus-proxy",
+		Description: "a filtering proxy for D-Bus connections",
+		Website:     "https://github.com/flatpak/xdg-dbus-proxy",
+
+		Dependencies: P{
+			GLib,
+		},
+
+		ID: 58434,
+	}
+}

internal/rosa/glslang.go

@@ -0,0 +1,133 @@
+package rosa
+
+import (
+	"slices"
+	"strings"
+
+	"hakurei.app/internal/pkg"
+)
+
+func (t Toolchain) newSPIRVHeaders() (pkg.Artifact, string) {
+	const (
+		version  = "1.4.341.0"
+		checksum = "0PL43-19Iaw4k7_D8J8BvoJ-iLgCVSYZ2ThgDPGfAJwIJFtre7l0cnQtLjcY-JvD"
+	)
+	return t.NewPackage("spirv-headers", version, pkg.NewHTTPGetTar(
+		nil, "https://github.com/KhronosGroup/SPIRV-Headers/archive/"+
+			"refs/tags/vulkan-sdk-"+version+".tar.gz",
+		mustDecode(checksum),
+		pkg.TarGzip,
+	), nil, &CMakeHelper{
+		Cache: []KV{
+			{"CMAKE_BUILD_TYPE", "Release"},
+		},
+	}), version
+}
+func init() {
+	artifactsM[SPIRVHeaders] = Metadata{
+		f: Toolchain.newSPIRVHeaders,
+
+		Name:        "spirv-headers",
+		Description: "machine-readable files for the SPIR-V Registry",
+		Website:     "https://github.com/KhronosGroup/SPIRV-Headers",
+
+		ID: 230542,
+
+		// upstream changed version scheme, anitya incapable of filtering them
+		latest: func(v *Versions) string {
+			for _, s := range v.Stable {
+				fields := strings.SplitN(s, ".", 4)
+				if len(fields) != 4 {
+					continue
+				}
+				if slices.ContainsFunc(fields, func(f string) bool {
+					return slices.ContainsFunc([]byte(f), func(d byte) bool {
+						return d < '0' || d > '9'
+					})
+				}) {
+					continue
+				}
+				return s
+			}
+			return v.Latest
+		},
+	}
+}
+
+func (t Toolchain) newSPIRVTools() (pkg.Artifact, string) {
+	const (
+		version  = "2026.1"
+		checksum = "ZSQPQx8NltCDzQLk4qlaVxyWRWeI_JtsjEpeFt3kezTanl9DTHfLixSUCezMFBjv"
+	)
+	return t.NewPackage("spirv-tools", version, pkg.NewHTTPGetTar(
+		nil, "https://github.com/KhronosGroup/SPIRV-Tools/archive/"+
+			"refs/tags/v"+version+".tar.gz",
+		mustDecode(checksum),
+		pkg.TarGzip,
+	), nil, &CMakeHelper{
+		Cache: []KV{
+			{"CMAKE_BUILD_TYPE", "Release"},
+			{"SPIRV-Headers_SOURCE_DIR", "/system"},
+		},
+	},
+		Python,
+
+		SPIRVHeaders,
+	), version
+}
+func init() {
+	artifactsM[SPIRVTools] = Metadata{
+		f: Toolchain.newSPIRVTools,
+
+		Name:        "spirv-tools",
+		Description: "an API and commands for processing SPIR-V modules",
+		Website:     "https://github.com/KhronosGroup/SPIRV-Tools",
+
+		Dependencies: P{
+			SPIRVHeaders,
+		},
+
+		ID: 14894,
+	}
+}
+
+func (t Toolchain) newGlslang() (pkg.Artifact, string) {
+	const (
+		version  = "16.2.0"
+		checksum = "6_UuF9reLRDaVkgO-9IfB3kMwme3lQZM8LL8YsJwPdUFkrjzxJtf2A9X3w9nFxj2"
+	)
+	return t.NewPackage("glslang", version, pkg.NewHTTPGetTar(
+		nil, "https://github.com/KhronosGroup/glslang/archive/"+
+			"refs/tags/"+version+".tar.gz",
+		mustDecode(checksum),
+		pkg.TarGzip,
+	), &PackageAttr{
+		// test suite writes to source
+		Writable: true,
+		Chmod:    true,
+	}, &CMakeHelper{
+		Cache: []KV{
+			{"CMAKE_BUILD_TYPE", "Release"},
+			{"BUILD_SHARED_LIBS", "ON"},
+			{"ALLOW_EXTERNAL_SPIRV_TOOLS", "ON"},
+		},
+		Script: "ctest",
+	},
+		Python,
+		Bash,
+		Diffutils,
+
+		SPIRVTools,
+	), version
+}
+func init() {
+	artifactsM[Glslang] = Metadata{
+		f: Toolchain.newGlslang,
+
+		Name:        "glslang",
+		Description: "reference front end for GLSL/ESSL",
+		Website:     "https://github.com/KhronosGroup/glslang",
+
+		ID: 205796,
+	}
+}

internal/rosa/gnu.go

@@ -1092,7 +1092,11 @@ func (t Toolchain) newGMP() (pkg.Artifact, string) {
 			"gmp-"+version+".tar.bz2",
 		mustDecode(checksum),
 		pkg.TarBzip2,
-	), nil, (*MakeHelper)(nil),
+	), &PackageAttr{
+		Env: []string{
+			"CC=cc",
+		},
+	}, (*MakeHelper)(nil),
 		M4,
 	), version
 }
@@ -1182,6 +1186,13 @@ func (t Toolchain) newGCC() (pkg.Artifact, string) {
 		version  = "15.2.0"
 		checksum = "TXJ5WrbXlGLzy1swghQTr4qxgDCyIZFgJry51XEPTBZ8QYbVmFeB4lZbSMtPJ-a1"
 	)
+
+	var configureExtra []KV
+	switch runtime.GOARCH {
+	case "amd64", "arm64":
+		configureExtra = append(configureExtra, KV{"with-multilib-list", "''"})
+	}
+
 	return t.NewPackage("gcc", version, pkg.NewHTTPGetTar(
 		nil, "https://ftp.tsukuba.wide.ad.jp/software/gcc/releases/"+
 			"gcc-"+version+"/gcc-"+version+".tar.gz",
@@ -1347,9 +1358,8 @@ ln -s system/lib /work/
 		// it also saturates the CPU for a consequential amount of time.
 		Flag: TExclusive,
 	}, &MakeHelper{
-		Configure: []KV{
+		Configure: append([]KV{
 			{"disable-multilib"},
-			{"with-multilib-list", `""`},
 			{"enable-default-pie"},
 			{"disable-nls"},
 			{"with-gnu-as"},
@@ -1357,7 +1367,7 @@ ln -s system/lib /work/
 			{"with-system-zlib"},
 			{"enable-languages", "c,c++,go"},
 			{"with-native-system-header-dir", "/system/include"},
-		},
+		}, configureExtra...),
 		Make: []string{
 			"BOOT_CFLAGS='-O2 -g'",
 			"bootstrap",

internal/rosa/hakurei.go

@@ -99,7 +99,7 @@ mkdir -p /work/system/bin/
 		f: func(t Toolchain) (pkg.Artifact, string) {
 			return t.newHakurei("-dist", `
 export HAKUREI_VERSION
-DESTDIR=/work /usr/src/hakurei/dist/release.sh
+DESTDIR=/work /usr/src/hakurei/all.sh
 `, true), hakureiVersion
 		},
 

internal/rosa/hakurei_release.go

@@ -4,13 +4,13 @@ package rosa
 
 import "hakurei.app/internal/pkg"
 
-const hakureiVersion = "0.3.7"
+const hakureiVersion = "0.4.0"
 
 // hakureiSource is the source code of a hakurei release.
 var hakureiSource = pkg.NewHTTPGetTar(
 	nil, "https://git.gensokyo.uk/rosa/hakurei/archive/"+
 		"v"+hakureiVersion+".tar.gz",
-	mustDecode("Xh_sdITOATEAQN5_UuaOyrWsgboxorqRO9bml3dGm8GAxF8NFpB7MqhSZgjJxAl2"),
+	mustDecode("wfQ9DqCW0Fw9o91wj-I55waoqzB-UqzzuC0_2h-P-1M78SgZ1WHSPCDJMth6EyC2"),
 	pkg.TarGzip,
 )
 

internal/rosa/llvm.go

@@ -42,6 +42,7 @@ const (
 	llvmRuntimeLibc
 	llvmRuntimeLibcxx
 	llvmRuntimeLibcxxABI
+	llvmRuntimeLibclc
 
 	llvmAll        = 1<<iota - 1
 	llvmRuntimeAll = llvmAll - (2 * llvmProjectAll) - 1
@@ -65,6 +66,8 @@ func llvmFlagName(flag int) string {
 		return "libcxx"
 	case llvmRuntimeLibcxxABI:
 		return "libcxxabi"
+	case llvmRuntimeLibclc:
+		return "libclc"
 
 	default:
 		panic("invalid flag " + strconv.Itoa(flag))
@@ -541,6 +544,22 @@ func init() {
 
 		ID: 1830,
 	}
+
+	artifactsM[Libclc] = Metadata{
+		f: func(t Toolchain) (pkg.Artifact, string) {
+			return t.newLLVMVariant("libclc", &llvmAttr{
+				cmake: []KV{
+					{"LIBCLC_TARGETS_TO_BUILD", "all"},
+				},
+				append: []string{"libclc"},
+				script: "ninja test",
+			}), llvmVersion
+		},
+
+		Name:        "libclc",
+		Description: "an open source, BSD/MIT dual licensed implementation of the library requirements of the OpenCL C programming language",
+		Website:     "https://libclc.llvm.org/",
+	}
 }
 
 var (

internal/rosa/mesa.go

@@ -0,0 +1,57 @@
+package rosa
+
+import "hakurei.app/internal/pkg"
+
+func (t Toolchain) newLibglvnd() (pkg.Artifact, string) {
+	const (
+		version  = "1.7.0"
+		checksum = "eIQJK2sgFQDHdeFkQO87TrSUaZRFG4y2DrwA8Ut-sGboI59uw1OOiIVqq2AIwnGY"
+	)
+	return t.NewPackage("libglvnd", version, pkg.NewHTTPGetTar(
+		nil, "https://gitlab.freedesktop.org/glvnd/libglvnd/-/archive/"+
+			"v"+version+"/libglvnd-v"+version+".tar.bz2",
+		mustDecode(checksum),
+		pkg.TarBzip2,
+	), nil, (*MesonHelper)(nil),
+		Binutils, // symbols check fail with llvm nm
+	), version
+}
+func init() {
+	artifactsM[Libglvnd] = Metadata{
+		f: Toolchain.newLibglvnd,
+
+		Name:        "libglvnd",
+		Description: "The GL Vendor-Neutral Dispatch library",
+		Website:     "https://gitlab.freedesktop.org/glvnd/libglvnd",
+
+		ID: 12098,
+	}
+}
+
+func (t Toolchain) newLibdrm() (pkg.Artifact, string) {
+	const (
+		version  = "2.4.131"
+		checksum = "riHPSpvTnvCPbR-iT4jt7_X-z4rpwm6oNh9ZN2zP6RBFkFVxBRKmedG4eEXSADIh"
+	)
+	return t.NewPackage("libdrm", version, pkg.NewHTTPGetTar(
+		nil, "https://gitlab.freedesktop.org/mesa/libdrm/-/archive/"+
+			"libdrm-"+version+"/libdrm-libdrm-"+version+".tar.bz2",
+		mustDecode(checksum),
+		pkg.TarBzip2,
+	), nil, (*MesonHelper)(nil),
+		Binutils, // symbols check fail with llvm nm
+
+		KernelHeaders,
+	), version
+}
+func init() {
+	artifactsM[Libdrm] = Metadata{
+		f: Toolchain.newLibdrm,
+
+		Name:        "libdrm",
+		Description: "a userspace library for accessing the DRM",
+		Website:     "https://dri.freedesktop.org/",
+
+		ID: 1596,
+	}
+}

internal/rosa/nss.go

@@ -83,16 +83,30 @@ func init() {
 	}
 }
 
-func init() {
-	const version = "0.4.0"
-	artifactsM[buildcatrust] = newViaPip(
-		"buildcatrust",
-		"transform certificate stores between formats",
-		version, "py3", "none", "any",
-		"k_FGzkRCLjbTWBkuBLzQJ1S8FPAz19neJZlMHm0t10F2Y0hElmvVwdSBRc03Rjo1",
-		"https://github.com/nix-community/buildcatrust/"+
-			"releases/download/v"+version+"/",
+func (t Toolchain) newBuildCATrust() (pkg.Artifact, string) {
+	const (
+		version  = "0.5.1"
+		checksum = "g9AqIksz-hvCUceSR7ZKwfqf8Y_UsJU_3_zLUIdc4IkxFVkgdv9kKVvhFjE4s1-7"
 	)
+	return t.newViaPip("buildcatrust", version,
+		"https://github.com/nix-community/buildcatrust/releases/"+
+			"download/v"+version+"/buildcatrust-"+version+"-py3-none-any.whl",
+		checksum), version
+}
+func init() {
+	artifactsM[buildcatrust] = Metadata{
+		f: Toolchain.newBuildCATrust,
+
+		Name:        "buildcatrust",
+		Description: "transform certificate stores between formats",
+		Website:     "https://github.com/nix-community/buildcatrust",
+
+		Dependencies: P{
+			Python,
+		},
+
+		ID: 233988,
+	}
 }
 
 func (t Toolchain) newNSSCACert() (pkg.Artifact, string) {

internal/rosa/python.go

@@ -1,6 +1,7 @@
 package rosa
 
 import (
+	"path"
 	"slices"
 	"strings"
 
@@ -80,26 +81,42 @@ func init() {
 	}
 }
 
-// newViaPip is a helper for installing python dependencies via pip.
-func newViaPip(
-	name, description, version, interpreter, abi, platform, checksum, prefix string,
+// newViaPip installs a pip wheel from a url.
+func (t Toolchain) newViaPip(
+	name, version, url, checksum string,
 	extra ...PArtifact,
-) Metadata {
-	wname := name + "-" + version + "-" + interpreter + "-" + abi + "-" + platform + ".whl"
-	return Metadata{
-		f: func(t Toolchain) (pkg.Artifact, string) {
-			return t.New(name+"-"+version, 0, t.AppendPresets(nil,
-				slices.Concat(P{Python}, extra)...,
-			), nil, nil, `
+) pkg.Artifact {
+	return t.New(name+"-"+version, 0, t.AppendPresets(nil,
+		slices.Concat(P{Python}, extra)...,
+	), nil, nil, `
 pip3 install \
 	--no-index \
 	--prefix=/system \
 	--root=/work \
-	/usr/src/`+wname+`
-`, pkg.Path(AbsUsrSrc.Append(wname), false, pkg.NewHTTPGet(
-				nil, prefix+wname,
-				mustDecode(checksum),
-			))), version
+	'/usr/src/`+path.Base(url)+`'
+`, pkg.Path(AbsUsrSrc.Append(path.Base(url)), false, pkg.NewHTTPGet(
+		nil, url,
+		mustDecode(checksum),
+	)))
+}
+
+// newPypi creates [Metadata] for a [pypi] package.
+//
+// [pypi]: https://pypi.org/
+func newPypi(
+	name string, id int,
+	description, version, interpreter, abi, platform, checksum string,
+	extra ...PArtifact,
+) Metadata {
+	return Metadata{
+		f: func(t Toolchain) (pkg.Artifact, string) {
+			return t.newViaPip(name, version, "https://files.pythonhosted.org/"+path.Join(
+				"packages",
+				interpreter,
+				string(name[0]),
+				name,
+				name+"-"+version+"-"+interpreter+"-"+abi+"-"+platform+".whl",
+			), checksum, extra...), version
 		},
 
 		Name:        "python-" + name,
@@ -107,6 +124,8 @@ pip3 install \
 		Website:     "https://pypi.org/project/" + name + "/",
 
 		Dependencies: slices.Concat(P{Python}, extra),
+
+		ID: id,
 	}
 }
 
@@ -147,52 +166,71 @@ func init() {
 }
 
 func init() {
-	artifactsM[PythonPygments] = newViaPip(
-		"pygments",
+	artifactsM[PythonPygments] = newPypi(
+		"pygments", 3986,
 		" a syntax highlighting package written in Python",
-		"2.19.2", "py3", "none", "any",
-		"ak_lwTalmSr7W4Mjy2XBZPG9I6a0gwSy2pS87N8x4QEuZYif0ie9z0OcfRfi9msd",
-		"https://files.pythonhosted.org/packages/"+
-			"c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/",
+		"2.20.0", "py3", "none", "any",
+		"qlyqX2YSXcV0Z8XgGaPttc_gkq-xsu_nYs6NFOcYnk-CX7qmcj45gG-h6DpwPIcO",
 	)
 
-	artifactsM[PythonPluggy] = newViaPip(
-		"pluggy",
+	artifactsM[PythonPluggy] = newPypi(
+		"pluggy", 7500,
 		"the core framework used by the pytest, tox, and devpi projects",
 		"1.6.0", "py3", "none", "any",
 		"2HWYBaEwM66-y1hSUcWI1MyE7dVVuNNRW24XD6iJBey4YaUdAK8WeXdtFMQGC-4J",
-		"https://files.pythonhosted.org/packages/"+
-			"54/20/4d324d65cc6d9205fabedc306948156824eb9f0ee1633355a8f7ec5c66bf/",
 	)
 
-	artifactsM[PythonPackaging] = newViaPip(
-		"packaging",
+	artifactsM[PythonPackaging] = newPypi(
+		"packaging", 60461,
 		"reusable core utilities for various Python Packaging interoperability specifications",
 		"26.0", "py3", "none", "any",
 		"iVVXcqdwHDskPKoCFUlh2x8J0Gyq-bhO4ns9DvUJ7oJjeOegRYtSIvLV33Bki-pP",
-		"https://files.pythonhosted.org/packages/"+
-			"b7/b9/c538f279a4e237a006a2c98387d081e9eb060d203d8ed34467cc0f0b9b53/",
 	)
 
-	artifactsM[PythonIniConfig] = newViaPip(
-		"iniconfig",
+	artifactsM[PythonIniConfig] = newPypi(
+		"iniconfig", 114778,
 		"a small and simple INI-file parser module",
 		"2.3.0", "py3", "none", "any",
 		"SDgs4S5bXi77aVOeKTPv2TUrS3M9rduiK4DpU0hCmDsSBWqnZcWInq9lsx6INxut",
-		"https://files.pythonhosted.org/packages/"+
-			"cb/b1/3846dd7f199d53cb17f49cba7e651e9ce294d8497c8c150530ed11865bb8/",
 	)
 
-	artifactsM[PythonPyTest] = newViaPip(
-		"pytest",
+	artifactsM[PythonPyTest] = newPypi(
+		"pytest", 3765,
 		"the pytest framework",
-		"9.0.2", "py3", "none", "any",
-		"IM2wDbLke1EtZhF92zvAjUl_Hms1uKDtM7U8Dt4acOaChMnDg1pW7ib8U0wYGDLH",
-		"https://files.pythonhosted.org/packages/"+
-			"3b/ab/b3226f0bd7cdcf710fbede2b3548584366da3b19b5021e74f5bde2a8fa3f/",
+		"9.0.3", "py3", "none", "any",
+		"57WLrIVOfyoRDjt5qD6LGOaDcDCtzQnKDSTUb7GzHyJDtry_nGHHs4-0tW0tiIJr",
 		PythonIniConfig,
 		PythonPackaging,
 		PythonPluggy,
 		PythonPygments,
 	)
+
+	artifactsM[PythonMarkupSafe] = newPypi(
+		"markupsafe", 3918,
+		"implements a text object that escapes characters so it is safe to use in HTML and XML",
+		"3.0.3", "cp314", "cp314", "musllinux_1_2_"+linuxArch(),
+		perArch[string]{
+			"amd64":   "E2mo9ig_FKgTpGon_8qqviSEULwhnmxTIqd9vfyNxNpK4yofVYM7eLW_VE-LKbtO",
+			"arm64":   "iG_hqsncOs8fA7bCaAg0x9XenXWlo9sqblyPcSG7yA9sfGLvM9KZznCpwWfOCwFC",
+			"riscv64": "7DI7U0M3jvr7U4uZml25GLw3m3EvMubCtNukZmss1gkVJ_DVkhV5DgX3Wt_sztbv",
+		}.unwrap(),
+	)
+
+	artifactsM[PythonMako] = newPypi(
+		"mako", 3915,
+		"a template library written in Python",
+		"1.3.10", "py3", "none", "any",
+		"tQ1VGLIQOYm70HuuzsOPRbFWCWYvgckSjx2rKczXHRlMIBet28XGnnPh6i1GbFUu",
+		PythonMarkupSafe,
+	)
+
+	artifactsM[PythonPyYAML] = newPypi(
+		"pyyaml", 4123,
+		"a YAML parser and emitter for Python",
+		"6.0.3", "cp314", "cp314", "musllinux_1_2_"+linuxArch(),
+		perArch[string]{
+			"amd64": "4_jhCFpUNtyrFp2HOMqUisR005u90MHId53eS7rkUbcGXkoaJ7JRsY21dREHEfGN",
+			"arm64": "sQ818ZYSmC7Vj9prIPx3sEYqSDhZlWvLbgHV9w4GjxsfQ63ZSzappctKM7Lb0Whw",
+		}.unwrap(),
+	)
 }

internal/rosa/rosa.go

@@ -69,6 +69,18 @@ func triplet() string {
 	return linuxArch() + "-rosa-linux-musl"
 }
 
+// perArch is a value that differs per architecture.
+type perArch[T any] map[string]T
+
+// unwrap returns the value for the current architecture.
+func (p perArch[T]) unwrap() T {
+	v, ok := p[runtime.GOARCH]
+	if !ok {
+		panic("unsupported target " + runtime.GOARCH)
+	}
+	return v
+}
+
 const (
 	// EnvTriplet holds the return value of triplet.
 	EnvTriplet = "ROSA_TRIPLE"

internal/rosa/stage0.go

@@ -1,7 +1,6 @@
 package rosa
 
 import (
-	"runtime"
 	"sync"
 
 	"hakurei.app/internal/pkg"
@@ -61,23 +60,14 @@ var (
 // NewStage0 returns a stage0 distribution created from curing [Stage0].
 func NewStage0() pkg.Artifact {
 	stage0Once.Do(func() {
-		var seed string
-		switch runtime.GOARCH {
-		case "amd64":
-			seed = "tqM1Li15BJ-uFG8zU-XjgFxoN_kuzh1VxrSDVUVa0vGmo-NeWapSftH739sY8EAg"
-		case "arm64":
-			seed = "CJj3ZSnRyLmFHlWIQtTPQD9oikOZY4cD_mI3v_-LIYc2hhg-cq_CZFBLzQBAkFIn"
-		case "riscv64":
-			seed = "FcszJjcVWdKAnn-bt8qmUn5GUUTjv_xQjXOWkUpOplRkG3Ckob3StUoAi5KQ5-QF"
-
-		default:
-			panic("unsupported target " + runtime.GOARCH)
-		}
-
 		stage0 = pkg.NewHTTPGetTar(
 			nil, "https://hakurei.app/seed/20260210/"+
 				"stage0-"+triplet()+".tar.bz2",
-			mustDecode(seed),
+			mustDecode(perArch[string]{
+				"amd64":   "tqM1Li15BJ-uFG8zU-XjgFxoN_kuzh1VxrSDVUVa0vGmo-NeWapSftH739sY8EAg",
+				"arm64":   "CJj3ZSnRyLmFHlWIQtTPQD9oikOZY4cD_mI3v_-LIYc2hhg-cq_CZFBLzQBAkFIn",
+				"riscv64": "FcszJjcVWdKAnn-bt8qmUn5GUUTjv_xQjXOWkUpOplRkG3Ckob3StUoAi5KQ5-QF",
+			}.unwrap()),
 			pkg.TarBzip2,
 		)
 	})

nixos.nix

@@ -136,11 +136,12 @@ in
 
                   conf = {
                     inherit id;
-                    inherit (app) identity groups enablements;
+                    inherit (app) identity enablements;
                     inherit (dbusConfig) session_bus system_bus;
                     direct_wayland = app.insecureWayland;
                     sched_policy = app.schedPolicy;
                     sched_priority = app.schedPriority;
+                    groups = app.groups ++ optional (cfg.sharefs.source != null) cfg.sharefs.group;
 
                     container = {
                       inherit (app)
@@ -357,29 +358,30 @@ in
         users = mkMerge (
           foldlAttrs
             (
-              acc: _: fid:
+              acc: username: fid:
               acc
-              ++ foldlAttrs (
-                acc': _: app:
-                acc' ++ [ { ${getsubname fid app.identity} = getuser fid app.identity; } ]
-              ) [ { ${getsubname fid 0} = getuser fid 0; } ] cfg.apps
-            )
-            (
-              if (cfg.sharefs.source != null) then
-                [
-                  {
-                    ${cfg.sharefs.user} = {
-                      uid = lib.mkDefault 1023;
-                      inherit (cfg.sharefs) group;
-                      isSystemUser = true;
-                      home = cfg.sharefs.source;
-                    };
-
-                  }
-                ]
-              else
-                [ ]
+              ++
+                foldlAttrs
+                  (
+                    acc': _: app:
+                    acc' ++ [ { ${getsubname fid app.identity} = getuser fid app.identity; } ]
+                  )
+                  [
+                    {
+                      ${getsubname fid 0} = getuser fid 0;
+                      ${username}.extraGroups = [ cfg.sharefs.group ];
+                    }
+                  ]
+                  cfg.apps
             )
+            (optional (cfg.sharefs.source != null) {
+              ${cfg.sharefs.user} = {
+                uid = lib.mkDefault 1023;
+                inherit (cfg.sharefs) group;
+                isSystemUser = true;
+                home = cfg.sharefs.source;
+              };
+            })
             cfg.users
         );
 
@@ -393,18 +395,11 @@ in
                 acc' ++ [ { ${getsubname fid app.identity} = getgroup fid app.identity; } ]
               ) [ { ${getsubname fid 0} = getgroup fid 0; } ] cfg.apps
             )
-            (
-              if (cfg.sharefs.source != null) then
-                [
-                  {
-                    ${cfg.sharefs.group} = {
-                      gid = lib.mkDefault 1023;
-                    };
-                  }
-                ]
-              else
-                [ ]
-            )
+            (optional (cfg.sharefs.source != null) {
+              ${cfg.sharefs.group} = {
+                gid = lib.mkDefault 1023;
+              };
+            })
             cfg.users
         );
       };

test/interactive/configuration.nix

@@ -8,10 +8,7 @@
       description = "Alice Foobar";
       password = "foobar";
       uid = 1000;
-      extraGroups = [
-        "wheel"
-        "sharefs"
-      ];
+      extraGroups = [ "wheel" ];
     };
     untrusted = {
       isNormalUser = true;