Install netcat, ssh and git in nix-portable

These are needed by nix in order to properly download and build stuff. busybox's netcat does not work since it doesn't support -X. Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
2026-03-05 17:02:17 +01:00
parent e7b3f972b0
commit b96e3422b2
1 changed files with 24 additions and 30 deletions
--- a/pkgs/nix-portable/default.nix
+++ b/pkgs/nix-portable/default.nix
@@ -10,6 +10,12 @@ with builtins;
  buildPackages,
  upx,

+  bootstrapPrograms ? [
+    "gitMinimal"
+    "netcat-openbsd"
+    "openssh"
+  ],
+
  busybox,
  cacert ? pkgs.cacert,
  compression ? "zstd -19 -T0",
@@ -36,11 +42,6 @@ let

  nixpkgsSrc = pkgs.path;

-  # TODO: git could be more minimal via:
-  # perlSupport=false; guiSupport=false; nlsSupport=false;
-  gitAttribute = "gitMinimal";
-  git = pkgs."${gitAttribute}";
-
  maketar = targets:
    let
      closureInfo = buildPackages.closureInfo { rootPaths = targets; };
@@ -83,6 +84,21 @@ let
    chmod +wx \$dir/bin/${bin};
  '';

+  installDynamic = pkgname: let
+    out = pkgs.${pkgname}.out;
+  in ''
+    if [ ! -e \$store${lib.removePrefix "/nix/store" pkgs.${pkgname}.out} ] ; then
+      debug "Installing ${pkgname}"
+      \$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix build --impure --no-link --expr "
+        (import ${nixpkgsSrc} {}).${pkgname}.out
+      "
+    else
+      debug "${pkgname} already installed"
+    fi
+
+    export PATH="${out}/bin:\$PATH"
+  '';
+
  caBundleZstd = pkgs.runCommand "cacerts" {} "cat ${cacert}/etc/ssl/certs/ca-bundle.crt | ${inp.zstd}/bin/zstd -19 > $out";

  bwrap = packStaticBin "${inp.bwrap}/bin/bwrap";
@@ -271,17 +287,8 @@ let
      sslBind="/etc/ssl /etc/ssl"
    fi

-
-
-    ### detecting existing git installation
-    # we need to install git inside the wrapped environment
-    # unless custom git executable path is specified in NP_GIT,
-    # since the existing git might be incompatible to Nix (e.g. v1.x)
    if [ -n "\$NP_GIT" ]; then
-      doInstallGit=false
-      ln -s "\$NP_GIT" "\$dir/tmpbin/git"
-    else
-      doInstallGit=true
+      echo "WARN: NP_GIT is not supported, using nix version instead"
    fi


@@ -570,22 +577,9 @@ let



-    ### install git via nix, if git installation is not in /nix path
-    if \$doInstallGit && [ ! -e \$store${lib.removePrefix "/nix/store" git.out} ] ; then
-      echo "Installing git. Disable this by specifying the git executable path with 'NP_GIT'"
-      \$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix build --impure --no-link --expr "
-        (import ${nixpkgsSrc} {}).${gitAttribute}.out
-      "
-    else
-      debug "git already installed or manually specified"
-    fi
-
-    ### override the possibly existing git in the environment with the installed one
-    # excluding the case NP_GIT is set.
-    if \$doInstallGit; then
-      export PATH="${git.out}/bin:\$PATH"
-    fi

+    ### install programs via nix
+    ${concatMapStringsSep "\n" installDynamic bootstrapPrograms}

    ### print elapsed time
    end=\$(date +%s%N)  # end time in nanoseconds