Help creating a makefile derivation for kryptco/kr 2FA with go modules

As kryptco’s kr doesn’t currently have a derivation in nix afaik, I thought I’d try and make one. Turns out, I need help :grinning:.

Attempt

Here’s my first attempt:

{ stdenv, fetchFromGitHub, go }:

stdenv.mkDerivation rec {
  name = "kr-${version}";
  version = "2.4.15";

  src = fetchFromGitHub {
    owner = "kryptco";
    repo = "kr";
    rev = "1937e31606e4dc0f7263133334d429f956502276";
    sha256 = "13ch85f1y4j2n4dbc6alsxbxfd6xnidwi2clibssk5srkz3mx794";
  };

  buildInputs = [ go ];

  makeFlags = [ "PREFIX=$(out)" ];

  meta = with stdenv.lib; {
    description = "A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.";
    homepage = "https://krypt.co";
    license = licenses.unfreeRedistributable;
    platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
  };
}

And the failed output from running nix-build -E 'with import <nixpkgs> { }; callPackage ./default.nix { }’

these derivations will be built:
  /nix/store/i53sfwwjsbpyqj1brs9djmclgf9743jv-kr-2.4.15.drv
building '/nix/store/i53sfwwjsbpyqj1brs9djmclgf9743jv-kr-2.4.15.drv'...
unpacking sources
unpacking source archive /nix/store/cqjnksc5ywdhdv2yri0q68aib5irm2vx-source
source root is source
patching sources
configuring
no configure script, doing nothing
building
build flags: SHELL=/nix/store/hyp78grs3a2w5rh9njfz0f0hzkrgjzki-bash-4.4-p23/bin/bash PREFIX=\$\(out\)
rm -rf bin
mkdir -p bin
go clean -cache || true
warning: GOPATH set to GOROOT (/nix/store/fws3qldkjn3mc183sa7ny1pk469z9w9a-go-1.13.7/share/go) has no effect
cd src; go build -ldflags="-s -w" -o ../bin/kr ./kr
warning: GOPATH set to GOROOT (/nix/store/fws3qldkjn3mc183sa7ny1pk469z9w9a-go-1.13.7/share/go) has no effect
failed to initialize build cache at /homeless-shelter/Library/Caches/go-build: mkdir /homeless-shelter: read-only file system
make: *** [Makefile:23: all] Error 1
builder for '/nix/store/i53sfwwjsbpyqj1brs9djmclgf9743jv-kr-2.4.15.drv' failed with exit code 2
error: build of '/nix/store/i53sfwwjsbpyqj1brs9djmclgf9743jv-kr-2.4.15.drv' failed

Questions

  1. What should I set the GOPATH to?
  2. Are there any other Makefile options I should set?
  3. Were this to be contributed (once fixed), is the license correct?

Thanks!

Next attempt is setting makeFlags as follows:

makeFlags = [
    "PREFIX=${placeholder "out"}"
    "GOPATH=${placeholder "out"}/share/go"
    "GOCACHE=${placeholder "TMPDIR"}/go-cache"
  ];

This appears to get me further, but how do I ensure the directories are created?

these derivations will be built:
  /nix/store/jb72lj10y0d2xrpv51zfhy0j847n3djv-kr-2.4.15.drv
building '/nix/store/jb72lj10y0d2xrpv51zfhy0j847n3djv-kr-2.4.15.drv'...
unpacking sources
unpacking source archive /nix/store/cqjnksc5ywdhdv2yri0q68aib5irm2vx-source
source root is source
patching sources
configuring
no configure script, doing nothing
building
build flags: SHELL=/nix/store/hyp78grs3a2w5rh9njfz0f0hzkrgjzki-bash-4.4-p23/bin/bash PREFIX=/nix/store/4lrdr6hiw80wachzypi4ini95mikfaal-kr-2.4.15 GOPATH=/nix/store/4lrdr6hiw80wachzypi4ini95mikfaal-kr-2.4.15/share/go GOCACHE=/1rgha92i72grqijpxd402xxllwrfkbr74dyn01mayz73cjm2glmf/go-cache
rm -rf bin
mkdir -p bin
go clean -cache || true
cd src; go build -ldflags="-s -w" -o ../bin/kr ./kr
failed to initialize build cache at /1rgha92i72grqijpxd402xxllwrfkbr74dyn01mayz73cjm2glmf/go-cache: mkdir /1rgha92i72grqijpxd402xxllwrfkbr74dyn01mayz73cjm2glmf: read-only file system
make: *** [Makefile:23: all] Error 1
builder for '/nix/store/jb72lj10y0d2xrpv51zfhy0j847n3djv-kr-2.4.15.drv' failed with exit code 2
error: build of '/nix/store/jb72lj10y0d2xrpv51zfhy0j847n3djv-kr-2.4.15.drv' failed

Any ideas @danbst @jonringer @benley? I hope you don’t mind me asking directly.

Essentially how do I make sure the makefile runs as expected under nix?

I see this is go package with go mod. You’d better try buildGoModule, see an example in https://github.com/NixOS/nixpkgs/blob/6e0494a1dc9e3a91465b3b592ec8873f56fc51c7/pkgs/servers/sql/dolt/default.nix

placeholder is a very specialized tool. I don’t quite understand when it is best to be used.

Yeah I’d thought about that, but they’ve only just switched to go modules and have a makefile with all the build logic which I didn’t want to have to keep track of.

Any ideas on how to make the makefile build work?

It’s not much of logic…

It’s basically calling go build with 5 or 6 different targets.

Before that only build cache is cleared, which you actually don’t need to on nix, as it’s already empty when building the derivation.

The install target of the makefile just copies binaries around, from the build output to an install location.

1 Like

probably something to the effect of:

  preInstall = ''
    mkdir -p $out/share/go
  '';
1 Like

Okay, these were good to know. Thanks @danbst and @NobbZ!

So I found go2nix which led me to vgo2nix to produce the necessary deps.nix file.

Having that and following the example from @danbst and others, the following seems to also work:

Using lib.fakeSha256 (or stdenv.lib.fakeSha256 ) temporarily was helpful for discovering the actual modSha256.

{ buildGoModule, fetchFromGitHub, lib }:

buildGoModule rec {
  name = "kr-${version}";
  version = "2.4.15";

  src = fetchFromGitHub {
      owner = "kryptco";
      repo = "kr";
      rev = "1937e31606e4dc0f7263133334d429f956502276";
      sha256 = "13ch85f1y4j2n4dbc6alsxbxfd6xnidwi2clibssk5srkz3mx794";
  };

  modRoot = "./src";
  goDeps = ./deps.nix;
  modSha256 = "1q6vhdwz26qkpzmsnk6d9j6hjgliwkgma50mq7w2rl6rkwashvay";

  meta = with lib; {
    description = "A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.";
    homepage = "https://krypt.co";
    license = licenses.unfreeRedistributable;
    platforms = platforms.linux ++ platforms.darwin;
  };
}
1 Like