Skip to content

Building images with nix

Jörg Thalheim edited this page Jan 30, 2019 · 8 revisions

This article describes how to build applications with the nix package manager. At the moment only dynamically linked application against musl are supported. Luckily musl support is quiet good, many packages can be pulled from the pkgsMusl namespace.

You can save the following snippet and save it as default.nix to build an image with iperf included.

with import <nixpkgs> {};
let
  buildImage = pkg: stdenv.mkDerivation {
    name = "image";
    buildInputs = [ e2fsprogs lkl ];
    unpackPhase = ":";

    installPhase = ''
      truncate -s 10M $out

      mkfs.ext4 $out
      mkdir -p root/{nix/store,/tmp}
      cptofs -t ext4 -i $out root/* /
      cptofs -t ext4 -i $out $(cat ${closureInfo { rootPaths = [pkg]; }}/store-paths) /nix/store
    '';
  };
  runImage = image: executable: pkgs.writeScript "run-lkl" ''
    #!${runtimeShell}
    set -eu -o pipefail
    tmppath=$(mktemp -d)
    cleanup() { rm -rf "$tmppath"; }
    trap cleanup EXIT SIGINT SIGQUIT ERR

    install -m660 ${image} "$tmppath/fs.img"
    exe=$1
    shift
    TMPDIR=/tmp sgx-lkl-run "$tmppath/fs.img" ${executable}/$exe "$@"
  '';
in
  runImage (buildImage pkgsMusl.iperf) pkgsMusl.iperf

To use it run:

$ nix-build

This will result in a shell script that can executed directly.

./result /bin/iperf

or just use to build and execute in one step.

$(nix-build) /bin/iperf

Note that this assumes that you have sgx-lkl-run in your PATH, which can be done like this:

$ export PATH=$(realpath build):$PATH
Clone this wiki locally