Skip to content

Building images with nix

Jump to bottom
Jörg Thalheim edited this page Jan 30, 2019 · 8 revisions

This article describes how to build applications with the nix package manager At the moment only dynamically linked application against musl are supported. Luckily musl support is quiet good, many packages can be pulled from the pkgsMusl namespace.

You can save the following snippet and save it as default.nix to build an image with iperf included.

with import <nixpkgs> {};
let
  buildImage = pkg: stdenv.mkDerivation {
    name = "image";
    buildInputs = [ e2fsprogs lkl ];
    unpackPhase = ":";

    installPhase = ''
      truncate -s 10M $out

      mkfs.ext4 $out
      mkdir -p root/{nix/store,/tmp}
      cptofs -t ext4 -i $out root/* /
      cptofs -t ext4 -i $out $(cat ${closureInfo { rootPaths = [pkg]; }}/store-paths) /nix/store
    '';
  };
  runImage = image: executable: pkgs.writeScript "run-lkl" ''
    #!${runtimeShell}
    set -eu -o pipefail
    tmppath=$(mktemp -d)
    cleanup() { rm -rf "$tmppath"; }
    trap cleanup EXIT SIGINT SIGQUIT ERR

    install -m660 ${image} "$tmppath/fs.img"
    TMPDIR=/tmp sgx-lkl-run "$tmppath/fs.img" ${executable}/bin/iperf "$@"
  '';
in
  runImage (buildImage pkgsMusl.iperf) pkgsMusl.iperf

To use it run:

$ nix-build

This will result in a shell script that can executed directly.

./result

or just use to build and execute in one step.

$(nix-build)

Note that this assumes that you have sgx-lkl-run in your PATH, which can be done like this:

$ export PATH=$(realpath build):$PATH
Clone this wiki locally