Retropex/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rke2: use finalAttrs to avoid let and rec bindings (#393720)

Browse Source
This commit is contained in:
Wolfgang Walther 2025-04-07 06:42:03 +00:00 committed by GitHub
commit f5ac72aa2a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 118 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

239
pkgs/applications/networking/cluster/rke2/builder.nix
View File

@ -44,126 +44,123 @@ lib:
nixosTests,
testers,
}:
let
rke2 = buildGoModule rec {
pname = "rke2";
version = rke2Version;
buildGoModule (finalAttrs: {
pname = "rke2";
version = rke2Version;
src = fetchzip {
url = "https://github.com/rancher/rke2/archive/refs/tags/v${rke2Version}.tar.gz";
hash = "${rke2TarballHash}";
};
vendorHash = rke2VendorHash;
nativeBuildInputs = [ makeWrapper ];
# Important utilities used by the kubelet.
# See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
# Notice the list in that issue is stale, but as a redundancy reservation.
buildInputs = [
procps # pidof pkill
coreutils # uname touch env nice du
util-linux # lsblk fsck mkfs nsenter mount umount
ethtool # ethtool
socat # socat
iptables # iptables iptables-restore iptables-save
bridge-utils # brctl
iproute2 # ip tc
kmod # modprobe
lvm2 # dmsetup
];
# Passing boringcrypto to GOEXPERIMENT variable to build with goboring library
GOEXPERIMENT = "boringcrypto";
# See: https://github.com/rancher/rke2/blob/e7f87c6dd56fdd76a7dab58900aeea8946b2c008/scripts/build-binary#L27-L38
ldflags = [
"-w"
"-X github.com/k3s-io/k3s/pkg/version.GitCommit=${lib.substring 0 6 rke2Commit}"
"-X github.com/k3s-io/k3s/pkg/version.Program=${pname}"
"-X github.com/k3s-io/k3s/pkg/version.Version=v${version}"
"-X github.com/k3s-io/k3s/pkg/version.UpstreamGolang=go${go.version}"
"-X github.com/rancher/rke2/pkg/images.DefaultRegistry=docker.io"
"-X github.com/rancher/rke2/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${etcdVersion}"
"-X github.com/rancher/rke2/pkg/images.DefaultKubernetesImage=rancher/hardened-kubernetes:${k8sImageTag}"
"-X github.com/rancher/rke2/pkg/images.DefaultPauseImage=rancher/mirrored-pause:${pauseVersion}"
"-X github.com/rancher/rke2/pkg/images.DefaultRuntimeImage=rancher/rke2-runtime:${dockerizedVersion}"
"-X github.com/rancher/rke2/pkg/images.DefaultCloudControllerManagerImage=rancher/rke2-cloud-provider:${ccmVersion}"
];
tags = [
"no_cri_dockerd"
"no_embedded_executor"
"no_stage"
"sqlite_omit_load_extension"
"selinux"
"netgo"
"osusergo"
];
subPackages = [ "." ];
installPhase = ''
install -D $GOPATH/bin/rke2 $out/bin/rke2
wrapProgram $out/bin/rke2 \
--prefix PATH : ${lib.makeBinPath buildInputs}
install -D ./bundle/bin/rke2-killall.sh $out/bin/rke2-killall.sh
wrapProgram $out/bin/rke2-killall.sh \
--prefix PATH : ${
lib.makeBinPath [
systemd
gnugrep
gnused
]
} \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
doCheck = false;
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
# Verify that the binary uses BoringCrypto
go tool nm $out/bin/.rke2-wrapped | grep '_Cfunc__goboringcrypto_' > /dev/null
runHook postInstallCheck
'';
passthru = {
inherit updateScript;
tests =
let
moduleTests =
let
package_version =
"rke2_" + lib.replaceStrings [ "." ] [ "_" ] (lib.versions.majorMinor rke2Version);
in
lib.mapAttrs (name: value: nixosTests.rke2.${name}.${package_version}) nixosTests.rke2;
in
{
version = testers.testVersion {
package = rke2;
version = "v${version}";
};
}
// moduleTests;
} // (lib.mapAttrs (_: value: fetchurl value) imagesVersions);
meta = with lib; {
homepage = "https://github.com/rancher/rke2";
description = "RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution";
changelog = "https://github.com/rancher/rke2/releases/tag/v${version}";
license = licenses.asl20;
maintainers = with maintainers; [
rorosen
zimbatm
zygot
];
mainProgram = "rke2";
platforms = platforms.linux;
};
src = fetchzip {
url = "https://github.com/rancher/rke2/archive/refs/tags/v${rke2Version}.tar.gz";
hash = "${rke2TarballHash}";
};
in
rke2
vendorHash = rke2VendorHash;
nativeBuildInputs = [ makeWrapper ];
# Important utilities used by the kubelet.
# See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
# Notice the list in that issue is stale, but as a redundancy reservation.
buildInputs = [
procps # pidof pkill
coreutils # uname touch env nice du
util-linux # lsblk fsck mkfs nsenter mount umount
ethtool # ethtool
socat # socat
iptables # iptables iptables-restore iptables-save
bridge-utils # brctl
iproute2 # ip tc
kmod # modprobe
lvm2 # dmsetup
];
# Passing boringcrypto to GOEXPERIMENT variable to build with goboring library
GOEXPERIMENT = "boringcrypto";
# See: https://github.com/rancher/rke2/blob/e7f87c6dd56fdd76a7dab58900aeea8946b2c008/scripts/build-binary#L27-L38
ldflags = [
"-w"
"-X github.com/k3s-io/k3s/pkg/version.GitCommit=${lib.substring 0 6 rke2Commit}"
"-X github.com/k3s-io/k3s/pkg/version.Program=${finalAttrs.pname}"
"-X github.com/k3s-io/k3s/pkg/version.Version=v${finalAttrs.version}"
"-X github.com/k3s-io/k3s/pkg/version.UpstreamGolang=go${go.version}"
"-X github.com/rancher/rke2/pkg/images.DefaultRegistry=docker.io"
"-X github.com/rancher/rke2/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${etcdVersion}"
"-X github.com/rancher/rke2/pkg/images.DefaultKubernetesImage=rancher/hardened-kubernetes:${k8sImageTag}"
"-X github.com/rancher/rke2/pkg/images.DefaultPauseImage=rancher/mirrored-pause:${pauseVersion}"
"-X github.com/rancher/rke2/pkg/images.DefaultRuntimeImage=rancher/rke2-runtime:${dockerizedVersion}"
"-X github.com/rancher/rke2/pkg/images.DefaultCloudControllerManagerImage=rancher/rke2-cloud-provider:${ccmVersion}"
];
tags = [
"no_cri_dockerd"
"no_embedded_executor"
"no_stage"
"sqlite_omit_load_extension"
"selinux"
"netgo"
"osusergo"
];
subPackages = [ "." ];
installPhase = ''
install -D $GOPATH/bin/rke2 $out/bin/rke2
wrapProgram $out/bin/rke2 \
--prefix PATH : ${lib.makeBinPath finalAttrs.buildInputs}
install -D ./bundle/bin/rke2-killall.sh $out/bin/rke2-killall.sh
wrapProgram $out/bin/rke2-killall.sh \
--prefix PATH : ${
lib.makeBinPath [
systemd
gnugrep
gnused
]
} \
--prefix PATH : ${lib.makeBinPath finalAttrs.buildInputs}
'';
doCheck = false;
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
# Verify that the binary uses BoringCrypto
go tool nm $out/bin/.rke2-wrapped | grep '_Cfunc__goboringcrypto_' > /dev/null
runHook postInstallCheck
'';
passthru = {
inherit updateScript;
tests =
let
moduleTests =
let
package_version =
"rke2_" + lib.replaceStrings [ "." ] [ "_" ] (lib.versions.majorMinor rke2Version);
in
lib.mapAttrs (name: value: nixosTests.rke2.${name}.${package_version}) nixosTests.rke2;
in
{
version = testers.testVersion {
package = finalAttrs.finalPackage;
version = "v${finalAttrs.version}";
};
}
// moduleTests;
} // (lib.mapAttrs (_: value: fetchurl value) imagesVersions);
meta = with lib; {
homepage = "https://github.com/rancher/rke2";
description = "RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution";
changelog = "https://github.com/rancher/rke2/releases/tag/v${version}";
license = licenses.asl20;
maintainers = with maintainers; [
rorosen
zimbatm
zygot
];
mainProgram = "rke2";
platforms = platforms.linux;
};
})