sys-apps/lix: add initial 2.91.1

The ebuild is based on sys-apps/nix.

Issue: #52

sys-apps/lix/Manifest

@@ -0,0 +1 @@
+DIST lix-2.91.1.tar.gz 1475161 BLAKE2B ee6dc67c319208d7fa86c7a5d16d64bcbabc48c3d1f5c71aecb9459f2ac88a1f0452475a07b34c74b59f7a1c0354ae29fde1a4aaecae0d7fb82e4d30d3874729 SHA512 2929ca7fc6611fd1953b4201ceff57ea08fb12d6bb2a169622803967c60d10dbb293f60e44983b6796a5905fee9a3f98a49e47217f30fe0fa6764a58d8c4c826

sys-apps/lix/files/lix-2.91.1-no-coreutils.patch

@@ -0,0 +1,74 @@
+https://git.lix.systems/lix-project/lix/commit/fb1b21103733a2800aede0ffead2f0e91573c0c8.patch
+
+From fb1b21103733a2800aede0ffead2f0e91573c0c8 Mon Sep 17 00:00:00 2001
+From: vigress8 <[email protected]>
+Date: Fri, 25 Oct 2024 15:19:52 +0400
+Subject: [PATCH] chore: remove monolithic `coreutils` requirement
+
+It's only used in a couple of tests, and only in such a way that
+replacing it with a random command suffices.
+I also removed a few pointless uses of the variable.
+
+Fixes: https://git.lix.systems/lix-project/lix/issues/376
+Change-Id: I90aedb61d64b02f7c9b007e72f9d614cc1b37a2e
+--- a/meson.build
++++ b/meson.build
+@@ -358,7 +358,6 @@ endif
+ #
+ # Build-time tools
+ #
+-coreutils = find_program('coreutils', native : true)
+ dot = find_program('dot', required : false, native : true)
+ pymod = import('python')
+ python = pymod.find_installation('python3')
+diff --git a/tests/functional/bash-profile.sh b/tests/functional/bash-profile.sh
+index 01e869202..98010eb1b 100644
+--- a/tests/functional/bash-profile.sh
++++ b/tests/functional/bash-profile.sh
+@@ -1,6 +1,6 @@
+ source common.sh
+
+-sed -e "s|@localstatedir@|$TEST_ROOT/profile-var|g" -e "s|@coreutils@|$coreutils|g" < ../../scripts/nix-profile.sh.in > $TEST_ROOT/nix-profile.sh
++sed -e "s|@localstatedir@|$TEST_ROOT/profile-var|g" < ../../scripts/nix-profile.sh.in > $TEST_ROOT/nix-profile.sh
+
+ user=$(whoami || echo -n nixbld)
+ rm -rf $TEST_HOME $TEST_ROOT/profile-var
+diff --git a/tests/functional/common/vars-and-functions.sh.in b/tests/functional/common/vars-and-functions.sh.in
+index 98892f660..99a859f49 100644
+--- a/tests/functional/common/vars-and-functions.sh.in
++++ b/tests/functional/common/vars-and-functions.sh.in
+@@ -44,7 +44,6 @@ DAEMON_PATH="$PATH"
+ if [[ -n "${NIX_DAEMON_PACKAGE:-}" ]]; then
+   DAEMON_PATH="${NIX_DAEMON_PACKAGE}/bin:$DAEMON_PATH"
+ fi
+-coreutils=@coreutils@
+ lsof=@lsof@
+
+ export dot=@dot@
+diff --git a/tests/functional/config.nix.in b/tests/functional/config.nix.in
+index 00dc007e1..fcba3c603 100644
+--- a/tests/functional/config.nix.in
++++ b/tests/functional/config.nix.in
+@@ -10,7 +10,7 @@ in
+ rec {
+   shell = "@bash@";
+
+-  path = "@coreutils@";
++  path = "@ls@";
+
+   system = "@system@";
+
+diff --git a/tests/functional/meson.build b/tests/functional/meson.build
+index f56ced48d..7143e3df1 100644
+--- a/tests/functional/meson.build
++++ b/tests/functional/meson.build
+@@ -1,6 +1,8 @@
++ls = find_program('ls', native : true)
++
+ test_confdata = {
+   'bindir': bindir,
+-  'coreutils': fs.parent(coreutils.full_path()),
++  'ls': fs.parent(ls.full_path()),
+   'lsof': lsof.full_path(),
+   'dot': dot.found() ? dot.full_path() : '',
+   'bash': bash.full_path(),

sys-apps/lix/files/lix-2.91.1-no-sandbox-fallback-README.patch

@@ -0,0 +1,16 @@
+From 75e19af67b7b11eb2c7cfcba54ace16d85eccdf1 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <[email protected]>
+Date: Mon, 10 Jul 2023 09:22:35 +0100
+Subject: [PATCH] local-derivation-goal.cc: refer to the README.md on how to
+ get it back
+
+--- a/src/libstore/build/local-derivation-goal.cc
++++ b/src/libstore/build/local-derivation-goal.cc
+@@ -212,6 +212,6 @@ void LocalDerivationGoal::tryLocalBuild()
+         if (!mountAndPidNamespacesSupported()) {
+             if (!settings.sandboxFallback)
+-                throw Error("this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing. Pass --debug for diagnostics on what is broken.");
++                throw Error("failed to enable PID and USER namespace: see https://github.com/trofi/nix-guix-gentoo#missing-sandbox-support for ways to fix and workaround it.");
+             debug("auto-disabling sandboxing because the prerequisite namespaces are not available");
+             useChroot = false;
+         }

sys-apps/lix/files/lix-2.91.1-no-sandbox-fallback.patch

@@ -0,0 +1,31 @@
+From 7f90eac69bdad6126530dbea314e4b9e974a5d91 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <[email protected]>
+Date: Mon, 10 Jul 2023 08:37:18 +0100
+Subject: [PATCH] src/libstore/globals.hh: disable sandbox fallback
+
+sandbox fallbacks is very dangerous as host's paths tend to leak into
+build sandbox all the time from default search paths like /usr/bin.
+
+On linux build sandbox should always be enabled. THere are various
+reasons why sandbox fails to be enabled:
+
+- missing 'mount' and 'pid' namespace support in the kernel
+- extra (usually read-only) /proc mounts on top of vanilla /proc
+
+Try to address these problems first before trying to disable the
+sandbox.
+---
+ src/libstore/globals.hh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/libstore/globals.hh
++++ b/src/libstore/globals.hh
+@@ -521,7 +521,7 @@ public:
+         )",
+         {"build-chroot-dirs", "build-sandbox-paths"}};
+
+-    Setting<bool> sandboxFallback{this, true, "sandbox-fallback",
++    Setting<bool> sandboxFallback{this, false, "sandbox-fallback",
+         "Whether to disable sandboxing when the kernel doesn't allow it."};
+
+ #if __linux__

sys-apps/lix/files/nix-daemon.initd

@@ -0,0 +1,15 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+start() {
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --quiet --background --exec /usr/bin/nix-daemon
+	eend ${?}
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --quiet --exec /usr/bin/nix-daemon
+	eend ${?}
+}

sys-apps/lix/files/sddm-nixbld.conf

@@ -0,0 +1,3 @@
+[Users]
+HideUsers=nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld30,nixbld31,nixbld32,nixbld33,nixbld34,nixbld35,nixbld36,nixbld37,nixbld38,nixbld39,nixbld40,nixbld41,nixbld42,nixbld43,nixbld44,nixbld45,nixbld46,nixbld47,nixbld48,nixbld49,nixbld50,nixbld51,nixbld52,nixbld53,nixbld54,nixbld55,nixbld56,nixbld57,nixbld58,nixbld59,nixbld60,nixbld61,nixbld62,nixbld63,nixbld64
+

sys-apps/lix/lix-2.91.1.ebuild

@@ -0,0 +1,191 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# NOTE: sys-apps/lix is heavily derived from sys-apps/nix. Chances are
+# that changes related to on-disk layout should be applied to both.
+
+EAPI=8
+
+inherit linux-info meson readme.gentoo-r1 tmpfiles
+
+DESCRIPTION="A purely functional package manager (nix fork)"
+HOMEPAGE="https://lix.systems/"
+
+SRC_URI="https://git.lix.systems/lix-project/lix/archive/${PV}.tar.gz -> ${P}.tar.gz"
+S=${WORKDIR}/lix
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="+allocate-build-users +etc-profile +gc doc"
+
+BDEPEND="
+	doc? ( app-text/mdbook
+		app-text/mdbook-linkcheck
+	)
+"
+# sys-apps/busybox-nix-sandbox-shell is needed for sandbox mount of /bin/sh
+RDEPEND="
+	app-arch/brotli
+	app-arch/bzip2
+	app-arch/xz-utils
+	app-misc/jq
+	app-text/lowdown-nix
+	dev-cpp/gtest
+	dev-db/sqlite
+	dev-libs/editline:0=
+	dev-libs/libgit2:0=
+	amd64? ( dev-libs/libcpuid:0= )
+	app-arch/libarchive:0=
+	dev-libs/openssl:0=
+	dev-libs/pegtl:0=
+	dev-libs/libsodium:0=
+	>=dev-libs/boost-1.66:0=[context]
+	net-misc/curl
+	sys-apps/busybox-nix-sandbox-shell
+	sys-libs/libseccomp
+	sys-libs/zlib
+	gc? ( >=dev-libs/boehm-gc-8.2.6[cxx] )
+	doc? ( dev-libs/libxml2
+		dev-libs/libxslt
+		app-text/docbook-xsl-stylesheets
+	)
+"
+# add users and groups
+RDEPEND+="
+	acct-group/nixbld
+	allocate-build-users? (
+"
+for i in {1..64}; do
+	RDEPEND+="
+		>=acct-user/nixbld${i}-1
+	"
+done
+RDEPEND+="
+	)
+"
+DEPEND="${RDEPEND}
+	app-text/lix-doc
+	dev-cpp/nlohmann_json
+	dev-cpp/toml11
+	>=dev-cpp/rapidcheck-0_pre20231214
+	>=sys-devel/bison-2.6
+	>=sys-devel/flex-2.5.35
+"
+
+# lix is a drop-in replacement of sys-apps/nix: it installs the same
+# binary file names.
+RDEPEND+="
+	!!sys-apps/nix
+"
+
+# Upstream does not bundle .m4 files, extract from upstreams:
+# dev-util/pkgconfig: m4/pkg.m4
+# dev-build/autoconf-archive: m4/ax_boost_base.m4, m4/ax_require_defined.m4
+DEPEND+="
+	dev-build/autoconf-archive
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	# local patch
+	"${FILESDIR}"/lix-2.91.1-no-sandbox-fallback.patch
+	"${FILESDIR}"/lix-2.91.1-no-sandbox-fallback-README.patch
+	# backports
+	"${FILESDIR}"/lix-2.91.1-no-coreutils.patch
+)
+
+DISABLE_AUTOFORMATTING=yes
+DOC_CONTENTS=" Quick start user guide on Gentoo:
+
+[as root] enable nix-daemon service:
+	[systemd] # systemctl enable nix-daemon && systemctl start nix-daemon
+	[openrc]  # rc-update add nix-daemon && /etc/init.d/nix-daemon start
+[as a user] relogin to get environment and profile update
+[as a user] fetch nixpkgs update:
+	\$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
+	\$ nix-channel --update
+[as a user] install nix packages:
+	\$ nix-env -i mc
+[as a user] configure environment:
+	Somewhere in .bash_profile you might want to set
+	LOCALE_ARCHIVE=\$HOME/.nix-profile/lib/locale/locale-archive
+	but please read https://github.com/NixOS/nixpkgs/issues/21820
+
+Next steps:
+	nix package manager user manual: http://nixos.org/nix/manual/
+"
+
+pkg_pretend() {
+	# USER_NS is used to run builders in a default setting in linux:
+	#     https://nixos.wiki/wiki/Nix#Sandboxing
+	local CONFIG_CHECK="~USER_NS"
+	check_extra_config
+}
+
+src_prepare() {
+	default
+
+	# inject our copy of lowdown-nix
+	export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}${PKG_CONFIG_PATH:+:}${EPREFIX}/usr/$(get_libdir)/lowdown-nix/lib/pkgconfig"
+	export PATH="$PATH:${EPREFIX}/usr/$(get_libdir)/lowdown-nix/bin"
+
+	# inject rapidcheck extra includes
+	export CXXFLAGS="${CXXFLAGS} -I${EPREFIX}/usr/include/rapidcheck/extras/gtest/include"
+}
+
+src_configure() {
+	local emesonargs=(
+		$(meson_feature gc)
+		$(meson_use doc enable-docs)
+		-Dprofile-dir="${EPREFIX}"/etc/profile.d
+		-Dstate-dir="${EPREFIX}"/nix/var
+		-Dsandbox-shell="${EPREFIX}"/usr/bin/busybox-nix-sandbox-shell
+	)
+	meson_src_configure
+}
+
+src_install() {
+	# TODO: emacs highlighter
+	meson_src_install
+
+	readme.gentoo_create_doc
+
+	# TODO: will need a tweak for prefix
+
+	# Follow the steps of 'scripts/install-multi-user.sh:create_directories()'
+	local dir dirs=(
+		/nix
+		/nix/var
+		/nix/var/log
+		/nix/var/log/nix
+		/nix/var/log/nix/drvs
+		/nix/var/nix{,/db,/gcroots,/profiles,/temproots,/userpool,/daemon-socket}
+		/nix/var/nix/{gcroots,profiles}/per-user
+	)
+	for dir in "${dirs[@]}"; do
+		keepdir "${dir}"
+		fperms 0755 "${dir}"
+	done
+
+	keepdir             /nix/store
+	fowners root:nixbld /nix/store
+	fperms 1775         /nix/store
+
+	newinitd "${FILESDIR}"/nix-daemon.initd nix-daemon
+
+	if ! use etc-profile; then
+		rm "${ED}"/etc/profile.d/nix.sh || die
+	fi
+	# nix-daemon.sh should not be used for users' profile.
+	# Only for daemon itself.
+	rm "${ED}"/etc/profile.d/nix-daemon.sh || die
+}
+
+pkg_postinst() {
+	if ! use etc-profile; then
+		ewarn "${EROOT}/etc/profile.d/nix.sh was removed (due to USE=-etc-profile)."
+	fi
+
+	readme.gentoo_print_elog
+	tmpfiles_process nix-daemon.conf
+}

sys-apps/lix/metadata.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>[email protected]</email>
+		<name>Sergei Trofimovich</name>
+	</maintainer>
+	<use>
+		<flag name="allocate-build-users">Populate 'nixbld' group with 'nixbld*' users. Useful to disable when UID auto-allocation experiment is used.</flag>
+		<flag name="etc-profile">Install /etc/profile.d/ entry to inject nix support for all users.</flag>
+		<flag name="gc">Enable garbage collection in the Nix expression evaluator (use <pkg>dev-libs/boehm-gc</pkg>).</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">NixOS/nix</remote-id>
+	</upstream>
+</pkgmetadata>