Nix/packaging#2416
Merged
0pcom merged 6 commits intoskycoin:developfrom May 2, 2026
Merged
Conversation
Drops three files under nix/ packaging skywire for Nix in the same
two flavors the AUR does:
nix/skywire.nix — pkgsStatic.buildGoModule, mirrors the
upstream `make build-static` recipe:
CC=musl-gcc, -linkmode external
-extldflags "-static" -buildid=. Fully
static binary, identical in shape to the
release tarballs.
nix/skywire-bin.nix — fetchurl the upstream release tarball for
the host arch (amd64/arm64/386/armhf/arm/
riscv64) and install. No autoPatchelf —
upstream releases are already static-musl,
so they run on any glibc/musl host.
nix/flake.nix — exposes packages.{skywire,skywire-bin,default},
apps.{skywire,skywire-cli,skywire-visor,
skywire-bin}, and a devShells.default with
go + musl + make for iterating on the
build itself.
Both packages produce the same on-disk layout the AUR does:
$out/bin/skywire — merged binary (cmd/skywire)
$out/bin/skywire-cli — shim → skywire cli
$out/bin/skywire-visor — shim → skywire visor
$out/share/skywire/apps/ — shims for skychat, skysocks,
vpn-server, vpn-client, skynet-srv,
skynet-client, skysocks-client. Point
the visor at this dir via
--apps-dir / launcher.bin_path.
skywire.nix's source defaults to ../. (build the local working
tree, the common "iterating on a branch" case); flake-input or
override gets a tagged release.
skywire-bin.nix takes a `hashes` attrset (one sha256 per arch)
that's left as lib.fakeHash placeholders by default — first build
will fail with the expected hash for the host arch and you fill
it in.
A NixOS module (services.skywire.{enable,services.tpd,…} mirroring
the AUR systemd units + skywire-autoconfig.service) is the natural
follow-up; this drop is the package-only path so `nix build` and
`nix run github:0pcom/skywire` work today.
Includes nix/README.md with usage notes (build paths, hash-fill
flow, --apps-dir, the static-binary sanity check).
The merged-binary entrypoint is ./skywire.go at the repo root — package main with both skywire and skycoin command trees attached. The upstream Makefile's build-static recipe uses `go build .` from the root, and the released tarballs come from there. cmd/skywire/skywire.go is a leaner skywire-only main; unused for the release flow. Switch subPackages from "cmd/skywire" to "." so the Nix build produces the same merged binary the release ships.
The nix/ packaging only had its own README — top-level README didn't
advertise it, so a casual visitor wouldn't know it exists. Add a
short subsection ("NixOS / Nix flake") right after the Arch Linux
AUR section, with the build/run commands and a flake-input snippet.
TOC entry too.
GitHub Actions workflow that runs on PRs touching nix/, Go source,
or vendored deps:
- cachix/install-nix-action installs Nix on ubuntu-latest with
flakes enabled.
- DeterminateSystems/magic-nix-cache-action populates /nix/store
from previous runs (free shared cache).
- `nix build .#skywire` exercises the pkgsStatic.buildGoModule
recipe end-to-end.
- smoke-test runs --bv on the produced binary and --help on the
CLI/visor shims.
skywire-bin is intentionally skipped: its derivation needs per-arch
sha256 values for upstream release tarballs, which won't be filled
until a real release runs through this branch. A follow-up
workflow gated on release-tag pushes can validate it then.
The repo has no LICENSE file (the AUR PKGBUILD tags it
"license-free", meaning "no license declared"), so the meta in both
derivations is `licenses.unfree`. Stock nixpkgs refuses to evaluate
unfree packages by default — the CI run failed at eval with
error: Refusing to evaluate package 'skywire-1.3.50' … because
it has an unfree license
Set `config.allowUnfreePredicate` on the flake's nixpkgs import to
allow exactly skywire + skywire-bin (nothing else from nixpkgs gets
the bypass). `nix build` and `nix run` now work on a stock install
without `NIXPKGS_ALLOW_UNFREE=1` / `--impure` exports.
The "Git tree is dirty" warning the CI also printed is unrelated
and harmless — it's flake.lock being generated on first invocation;
build continues past it.
Eval fails on current nixpkgs (post-2025-11) with
error: The "src" package has been renamed to "simple-revision-control".
callPackage auto-binds function args to attrs in pkgs; an `src`
parameter hits the alias-throw before our `? null` default
applies. Renamed to `srcOverride` (intent stays clear; no other
callers in tree).
Also dropped `-buildid=` from ldflags — buildGoModule sets it
already and warns if redundantly passed:
trace: evaluation warning: `-buildid=` is set by default as
ldflag by buildGoModule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.